0

Firstly I need to apolgise - I am new so I am unable to post images and links :-(

I have a VPN to a peer with redundancy configured as per the VPN Advanced Configuration page.

The remote CIDR should be reachable via both peers, and I have configured my routes to have a priority of 1000 for the primary peer and 2000 for the secondary peer. However when the primary peer goes down the traffic does not move to the secondary peer, and if I setup priority as 1000 for both the traffic is not shared.

Any idea what I am doing wrong? I do have an additional tunnel to another peer with a completely different CIDR, could this be confusing the VPN/route?

VPN      PEER           CIDR 
MY IP    PEER a         10.55.6.0/24
         PEER b (pri)   10.160.120.0/24
         PEER b (sec)   10.160.120.0/24

ROUTE DEST       PRIORITY   HOP
10.55.6.0/24     1000       PEER a
10.160.120.0/24  1000       PEER b (pri)
10.160.120.0/24  2000       PEER b (sec)
Matt P
  • 11
  • 4
  • What do you mean by CIDR exactly? Please clarify your question with examples. – Tero Kilkanen Aug 04 '17 at 11:22
  • On the GCP side I only have one VPN. I have three tunnels. >VPN PEER CIDR >MY IP PEER a 10.55.6.0/24 > PEER b (pri) 10.160.120.0/24 > PEER b (sec) 10.160.120.0/24 The routes in place have PEER b (pri) as priority 1000, and PEER b (sec) as priority 2000. When PEER b (pri) fails I am expecting traffic to go over PEER b (sec) – Matt P Aug 04 '17 at 14:27
  • Hi Tero I have added the VPN config to my question as I couldn't format it in the comments. – Matt P Aug 04 '17 at 14:35
  • Please always add clarifications to the question itself, so they can be formatted better. – Tero Kilkanen Aug 04 '17 at 14:39
  • I had originally created a lovely post with all the information in it, but because I am new I couldn't add links/images – Matt P Aug 04 '17 at 14:42
  • So by CIDR you mean an IP subnetwork? CIDR = Classless Inter-Domain Routing, which is an abstract concept. – Tero Kilkanen Aug 04 '17 at 14:54
  • @MattP From what I understand, there is one Google VPN gateway and 3 remote peer gateway and 3 tunnels using the same Google gateway and mentioned networks added as Remote network IP range. You can follow the [documentation](https://cloud.google.com/compute/docs/vpn/advanced) and per documentation: "If the two tunnels do have matching CIDR blocks, then Cloud VPN uses ECMP to balance flows between the two tunnels." So, if tunnels are configured correctly, traffic is shared among two tunnels for the 10.160.120.0/24. Also, how you testing the failover? and add more information on your use case. – N Singh Aug 23 '17 at 16:42

0 Answers0