We use HA VPN (HSRP) for our IPSEC based business partners. It has worked well for years, but I’m only partly happy.
We have built our data centers to be as independent as possibly. Minimal OTV, routed mainframe, separate internal and external up space. However, with HA VPN, I have to have L2 stretch & advertise the specific/24 out if both DCs. The main benefit is our partners only setup one tunnel and neither side has to work about DR. Internally we use RRI into our IGP to steer traffic to the proper router. On Thu, Feb 8, 2018 at 5:34 PM harbor235 <[email protected]> wrote: > I am looking to implement a highly available IPSEC route based VPN. > Traditionally I would bring up multiple tunnels with multiple BGP peers in > a dual router setup. > > IPSEC HSRP design appears to be the flavor of the day, failover times > appear to be lengthy compared to failover times via BGP. IS anyone using > the HSRP HA setup? Are your experiences good or bad? Has the BGP route > based IPSEC VPN design fallen from grace? > > > Mike > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
