SD-WAN

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

First observation, when I disconnect the LAN interface (OSPF routing) on the primary VPNC the secondary does not take over. I am waiting 5 minutes and still only timeouts.

Is there another thing I need to tweak? I do notice that my Microbranch AP actually does not do Overlay routing although the tunnels are up.

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

the main thing is that the tunnel should be be disconnected.

I think you should check the Tunnels from the AP's CLI ,  to see if they remain established.

First observation, when I disconnect the LAN interface (OSPF routing) on the primary VPNC the secondary does not take over. I am waiting 5 minutes and still only timeouts.

Is there another thing I need to tweak? I do notice that my Microbranch AP actually does not do Overlay routing although the tunnels are up.

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

Hi Ariyap

But if you have a LAN error on your primary VPNC you will not have your tunnel down. To me this is not really dynamic routing unless I am missing something. Do you know why I don't receive SD-WAN routes on a microbranch? I can't find the link but I can remember seeing a document that showed a microbranch that received routes.

the main thing is that the tunnel should be be disconnected.

I think you should check the Tunnels from the AP's CLI ,  to see if they remain established.

First observation, when I disconnect the LAN interface (OSPF routing) on the primary VPNC the secondary does not take over. I am waiting 5 minutes and still only timeouts.

Is there another thing I need to tweak? I do notice that my Microbranch AP actually does not do Overlay routing although the tunnels are up.

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

my earlier comment was in reference to nexthop list where the next hop is based on ipsec map tunnel though a particular uplink like i showed in the screenshot.

Otherwise for routes microbranch APs use Overlay Agent Protocol (OAP) to connect to Aruba Central Route/Tunnel orchestrator to get the all the information about routing and tunnels that needs to be established. 

Check this microbranch overview for more details.

Hi Ariyap

But if you have a LAN error on your primary VPNC you will not have your tunnel down. To me this is not really dynamic routing unless I am missing something. Do you know why I don't receive SD-WAN routes on a microbranch? I can't find the link but I can remember seeing a document that showed a microbranch that received routes.

the main thing is that the tunnel should be be disconnected.

I think you should check the Tunnels from the AP's CLI ,  to see if they remain established.

First observation, when I disconnect the LAN interface (OSPF routing) on the primary VPNC the secondary does not take over. I am waiting 5 minutes and still only timeouts.

Is there another thing I need to tweak? I do notice that my Microbranch AP actually does not do Overlay routing although the tunnels are up.

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

my earlier comment was in reference to nexthop list where the next hop is based on ipsec map tunnel though a particular uplink like i showed in the screenshot.

Otherwise for routes microbranch APs use Overlay Agent Protocol (OAP) to connect to Aruba Central Route/Tunnel orchestrator to get the all the information about routing and tunnels that needs to be established. 

Check this microbranch overview for more details.

Hi Ariyap

But if you have a LAN error on your primary VPNC you will not have your tunnel down. To me this is not really dynamic routing unless I am missing something. Do you know why I don't receive SD-WAN routes on a microbranch? I can't find the link but I can remember seeing a document that showed a microbranch that received routes.

the main thing is that the tunnel should be be disconnected.

I think you should check the Tunnels from the AP's CLI ,  to see if they remain established.

First observation, when I disconnect the LAN interface (OSPF routing) on the primary VPNC the secondary does not take over. I am waiting 5 minutes and still only timeouts.

Is there another thing I need to tweak? I do notice that my Microbranch AP actually does not do Overlay routing although the tunnels are up.

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

I think it would be best to contact Aruba TAC.

my earlier comment was in reference to nexthop list where the next hop is based on ipsec map tunnel though a particular uplink like i showed in the screenshot.

Otherwise for routes microbranch APs use Overlay Agent Protocol (OAP) to connect to Aruba Central Route/Tunnel orchestrator to get the all the information about routing and tunnels that needs to be established. 

Check this microbranch overview for more details.

Hi Ariyap

But if you have a LAN error on your primary VPNC you will not have your tunnel down. To me this is not really dynamic routing unless I am missing something. Do you know why I don't receive SD-WAN routes on a microbranch? I can't find the link but I can remember seeing a document that showed a microbranch that received routes.

the main thing is that the tunnel should be be disconnected.

I think you should check the Tunnels from the AP's CLI ,  to see if they remain established.

First observation, when I disconnect the LAN interface (OSPF routing) on the primary VPNC the secondary does not take over. I am waiting 5 minutes and still only timeouts.

Is there another thing I need to tweak? I do notice that my Microbranch AP actually does not do Overlay routing although the tunnels are up.

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?

Hi Ariya,

Two steps forward and one step back. I finally got the OAP routing to work but now for some reason I am unable to ping my servers from the microbranch. It turned out that I forgotten to redistribute OSPF into the overlay. One I made the update I now receive IP routes from the VPNCs. Unfortunately, the Microbranch SSID will not ping the servers. 

I an ping the servers however directly from the microbranch AP. 

Routing table Microbranch

Routing table firewall pointing to the correct gateway

Successful pings from the AP itself + routing table

I think it would be best to contact Aruba TAC.

my earlier comment was in reference to nexthop list where the next hop is based on ipsec map tunnel though a particular uplink like i showed in the screenshot.

Otherwise for routes microbranch APs use Overlay Agent Protocol (OAP) to connect to Aruba Central Route/Tunnel orchestrator to get the all the information about routing and tunnels that needs to be established. 

Check this microbranch overview for more details.

Hi Ariyap

But if you have a LAN error on your primary VPNC you will not have your tunnel down. To me this is not really dynamic routing unless I am missing something. Do you know why I don't receive SD-WAN routes on a microbranch? I can't find the link but I can remember seeing a document that showed a microbranch that received routes.

the main thing is that the tunnel should be be disconnected.

I think you should check the Tunnels from the AP's CLI ,  to see if they remain established.

First observation, when I disconnect the LAN interface (OSPF routing) on the primary VPNC the secondary does not take over. I am waiting 5 minutes and still only timeouts.

Is there another thing I need to tweak? I do notice that my Microbranch AP actually does not do Overlay routing although the tunnels are up.

Hi Ariya, 

Fantastic, I guess that was the missing piece, now I am going to test if this will work properly!

The one i tried was to create a NextHop List with different priorities 

Then reference that in PBR by using Action = Forward to Nexthop List

Hi Ariya,

I tried that but how does that work? My assumption was to add a prefix twice as depicted below. However, when I try to save the configuration, I receive an error message.  Can you explain where I might find this, I looked everywhere online but this seems to be a blindspot.

Here's what happens when I save it.

you can use NextHop list and then reference it in your PBR 

Hi Fabian,

Thanks for your response, I think this does not work for me. The first link implies you are having L2 adjacency or at least having two VPNCs in the same group. 
In my case there is no L2 adjacency and my VPNCs are in two groups. One of the VPNCs is a virtual appliance and from what I understood you have to have that in it's own group. I actually created a post about that on Airheads.

Also, that manual button is not in the current Aruba Central UI, has that moved? I cannot find it. Could it be that Aruba Central does not support L3 redundancy? The documentation is not clear about it.

See if this helps:

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_data_center_vpnc.htm 

https://www.arubanetworks.com/techdocs/central/2.5.6/content/aos10x/cfg/mb-deploy/mb_config_manual_dc_pref.htm 

I have a question about how to setup Redundancy in a Microbranch. Depicted below my setup, consisting of a Virtual Gateway and a 9004. My question is basically:

How do you setup dynamic failover from VPNC1 to VPNC2 on a microbranch? I was unable to find a clear manual that describes how to do this.

Post

 PBR is not dynamic routing so how does this microbranch failover actually work?

Snapshot of the Microbranch tunnels (when both are only)

The internal network is setup to prefer the 9004 (LAN port 192.168.7.2)

Can anyone provide me some suggestions on how to make microbranch failover NOT a manual effort?