Hi.
Assisting a customer on SD-Branch.
2 x 90xx as VPNC. One VPNC (VPNC1) with main internet circuit and one VPNC (VPNC2) with backup ciruit.
Can we setup this to use main internet circuit on VPNC1 and only fail over to backup circuit on VPNC2 when main internet circuit goes down?
From SD-Branch documentation this is for me not clear, as in mention this only at the Branch side.
My proposed solution
VPNC1 with WAN main internet line.
VPNC2 with WAN backup internet line.
VRRP on LAN interface on VPNC1 and VPNC2, with VRRP IP as gateway ip from LAN. Then have VPNC1 as VRRP Master with tracking on WAN interface.
Then VPNC2 will one be used for out traffic when VPNC1 internet line is down.
Do we need VRRP also on WAN interfaces?
On the branch side, I think we can have SD WAN overlay to have DC preference to go to VPNC1 and secondary to VPNC2.
Or, two DC prefence groups, first with VPNC 1 only , and second with VPNC 2 only.
Any comments on this?
------------------------------
Ole Morten Kårbø
ACCA ACSA
Netnordic Norway
------------------------------