Tips and Tricks: (Part 1) Build Permanent Overlay Tunnels to 2 (or 3) Data Centers

 In a recent course when we spoke about Cloud-VPN and how to build permanent tunnels to a Data Center, students asked the very valid question:

"How can we build permanent tunnels if we have 2 Data Centers ?"

As normally only one DC will have permanent tunnels established

When defining 2 different Hubs only the preferred Hub (Order 1) will get a permanent Overlay tunnel established


But there is a second  possibility to select Hubs with a different order

When we choose Branch to Branch VPN via Hub and reverse the order of our 2 Hub locations

Now we have permanent tunnels to both DCs (DC1-Cluster and BR-3)


Alternative we can set Cloud-VPN up also in this way:

Again the branches will set up permant tunnel to both DCs (DC1-Cluster and BR-3)

The caveat here is, that we should have either cluster or high availaibilty chosen for the Hub selected aa Backhaul, as we do not have a second one for backup.

And by combining both setups we can even establish permanent tunnels to 3 DCs


 Now we have permanent tunnels to 3 DCs possible.

The only additional caveat is, that for the initial E2E traffic the 3rd DC will be used

In that way we achieve the goal of setting up permanent overlay tunnels to 2 or even 3 Data Centers

Comments

  1. Hi Alexander,

    sounds interesting. What I dont understand...why arent there paths build to both Hubs (or even more)? I checked in my lab and could see that static tunnels are build towards both hubs that are defined in my branch-profile. Is there maybe something missing?

    BR
    Stephan

    ReplyDelete
  2. Hi Stephan !
    I rechecked it in my lab and I do not know what I did differently last time, but you are right. All selected hubs gets permanent tunnel applied (at least in version 4.5). What is strange that the preference (order) does nowhere appear in the OFC table or visible in the route table dump, which means that it seems to be irrelevant. I will rewrite that blog with correct information within the next days. Thanks for informing. Best regards
    Alexander

    ReplyDelete

Post a Comment

Popular posts from this blog

Orchestrator Upgrade to Version 5.2

Deep Dive on DMPO and its Performance Features (available and missing) Part 1

Deep Dive on DMPO and its Performance Features (available and missing) Part 2