I have a scenario where I'm creating a VPN tunnel between two PAs. The infrastructure between the two PA is MPLS, each PA has two BGP links (Primary 50Mbps) and (Secondary 10Mbps). I'm terminating the VPN on the loopback of the PAs, however, i noticed that the VPN tunnel is initiated from the primary link (50Mbps) of the first PA and entering the second PA through Secondary Link (10Mbps). Using the BGP Import I made the primary neighbor with local preference and weight 110 and the secondary neighbor with local preference and weight 90. I thought this will force the VPN tunnel to use the primary links from both sides but it seems not working.
Solved! Go to Solution.
With this config you are only controlling the outgoing interface of each PA. This will not affect the incoming interface on the other side (assuming both links connect to the same provider and MPLS cloud).
You will want to prepend your advertisements out the secondary links to make sure incoming traffic is not received on them.
In the past I have had sites with multiple lines. What I did was to use OSPF between the two VPN endpoints with static routes and policy based forwarding.
Let me know if you have furher questions.
The solution was to use the wight to force the outgoing traffic to use the primary link by giving higher weight to the primary and to use MED to force the incoming traffic to use the primary interface by giving it lower MED.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!