A branch office has a primary L3VPN MPLS connection back to the main office and an IPSEC VPN tunnel that serves as backup.
Which design ensures that data is sent over the backup connection only if the primary MPLS circuit is down?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer is C. Use static routes tied to an IP SLA to prefer the primary path while a floating static route points to the backup connection.
Explanation: In this scenario, we want to ensure that the backup IPSEC VPN tunnel is only used if the primary L3 VPN MPLS connection is down. To achieve this, we need to use a routing design that can dynamically detect the failure of the primary path and switch the traffic to the backup path. Here's how each option would work:
A. Use EIGRP to establish a neighbor relationship with the main office via L3 VPN MPLS and the IPSEC VPN tunnel: This option is not recommended since it would require running EIGRP over two different types of connections (MPLS and IPSEC VPN), which is not ideal. Additionally, EIGRP doesn't have a built-in mechanism to detect path failures and switch to a backup path.
B. Use BGP with the multipath feature enabled to force traffic via the primary path when available: This option could work, but it requires that both the MPLS and IPSEC VPN connections terminate on the same router, and that router would need to be configured with the multipath feature. Additionally, BGP may not be the best choice for small branch offices that only have a single ISP connection.
C. Use static routes tied to an IP SLA to prefer the primary path while a floating static route points to the backup connection: This option is the most reliable and scalable solution. It uses a static route with an IP SLA (Service Level Agreement) to prefer the primary L3 VPN MPLS connection. An IP SLA is a feature that allows a router to send test traffic across a specific path to check for connectivity. If the router detects that the primary path is down, it will switch the traffic to the backup IPSEC VPN tunnel, which is configured as a floating static route with a higher administrative distance.
D. Use OSPF with a passive-interface command on the backup connection: This option could work, but it requires that OSPF is used as the routing protocol on both the primary and backup connections. Additionally, it assumes that the backup connection is always available but unused, which may not be the case if there are issues with the connection or the OSPF configuration. Using a static route with an IP SLA is a more reliable and scalable solution.