Comware

 View Only
last person joined: yesterday 

Back to discussions
Expand all | Collapse all

HP MSR900 WAN failover + VPN

This thread has been viewed 0 times

  • 1.  HP MSR900 WAN failover + VPN

    Posted Feb 08, 2013 01:57 AM

    Hi everybody!

    Tried to find info regarding the MSR900 failover design for 2 ISPs. The config guides depict only the scenario with 3G wan backup.

    Is it possible to use HP MSR900 with 2 ISPs on FE interfaces, is load-balancing across WAN interfaces possible or this is just an Active/Standby interface? Are there any experience here or solution guides?

    Also i was wondering if it is possible to use site-to-site VPN in such design.

    What steps are necessary to create such configuration, is it possible to create 2 VPN profiles for each WAN interface and use one as active, one as a backup?

    Are there a better solution and config principles for this design?

     

    Thanks in advance.


    #vpn
    #ISP
    #WAN
    #MSR
    #router


  • 2.  RE: HP MSR900 WAN failover + VPN

    Posted Aug 17, 2013 02:21 AM

    Hi Magnus.

     

    First of all, the MSR 900 has two modes of operating the WAN interfaces:

     - active-active

     - active-standby

     

    For active-standby you have to configure the second WAN interface, as in the configuration guide (it is similar to the 3G example), as a standby interface for the first one:

     

    <router> system-view

    [router] int eth 0/0

    [router-Ethernet0/0]standby int eth 0/1

     

    Then you have to configure the process of measuring the quality of the primary link (eth 0/0) and establish the parameters that trigger the passing to the second link (eth 0/1).

    The configuration guide has in-depth details of the configuration - study the examples and use the configuartion task-list.

     

    Please be aware that you need both interfaces configured for outside nat and two routes (one for each ISP):

     

    ip route-static 0.0.0.0 0.0.0.0 x.x.x.x preference 60 description Primary link (1st ISP)

    ip route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 120 description Backup link (2nd ISP)

     

    x.x.x.x and y.y.y.y are the gateways for the ISPs

     

    For active-active (load balancing), you have to have both interfaces connected at the same time (skip the standby part).

    The static routes should look like this:

    ip route-static 0.0.0.0 0.0.0.0 x.x.x.x preference 60 description (1st ISP)

    ip route-static 0.0.0.0 0.0.0.0 y.y.y.y preference 60 description (2nd ISP)

     

    Now for the VPN part.

    In order to greatly simplify your design, use HP DVPN technology (embedded in all MSR routers).

    Make the upgrade to the latest Comware OS and configure one router as DVPN Hub (VAM server + VAM client) and the other as DVPN Spoke (VAM Client).

    You can find all the details in the configuration guide.

    You can use OSPF to route traffic between the subnets of the internal LANs of your routers.

     

    For maximum redundancy, you can configure:

    - both routers with two active-active interfaces;

    - router 1: VAM Server on ISP1 and ISP 2 (two VAM instances)

    - router 2: VAM client on ISP 1 and VAM client on ISP 2

    - use OSPF to route traffic

    There is a very good example in the configuration guide (Layer 3 - IP Services -> DVPN Configuration)

     

    Regards,

    Alex

     



  • 3.  RE: HP MSR900 WAN failover + VPN

    Posted Mar 06, 2014 11:22 AM
    I am having issues doing active-active as well

    See my post
    http://h30499.www3.hp.com/t5/WAN-Routing/MSR931-WAN-load-balancing-LTE-failover-How-to/td-p/6402455

    I have set a preference for the 4 wans I have to be 60 (default) and the LTE to 120 and I lose access

    Any ideas?


  • 4.  RE: HP MSR900 WAN failover + VPN

    Posted Sep 01, 2017 02:01 AM
    Thanks for the information I was trying to do this over one router I purchased a second router and it works perfectly