We currently have a network of Peplink balance routers connected to each others using speedfusion tunnels with 2 internet lines inside and beside that a third line connected to a private VPN (MPLS) but not taking part of the speedfusion tunnel.
What we have noticed is the issue to configure the health check of the MPLS link. Indeed, monitoring the local PE routers VIP is not a good option as if our remote Hub is not reachable anymore (routing issue or hardware failure) the local won’t notice and is not going to go down. The workaround we found so far is to monitor the remote PE’s IP addresses where our Hub is but this time, it is limited to thes addresses and if any other remote sites is going down, our router won’t notice it.
Therefore, what we have found is to include the MPLS link in the speedfusion and map the local MPLS IP address with the MPLS IP address of the remote peer. However, the MPLS interface still got the ‘health check’ configured as described earlier, So, it is back to square one …
Do you have any design solution that would be able to provide a durable fix to this issue ?
Anyway, do allow me to advise some “enhancements”:-
Point local PE routers VIP as health check target. I do agreed this is not a good option but we can leverage on SpeedFusion tunnel health check to compensate the limitation of WAN health check.
Configure connection mapping for MPLS in SpeedFusion tunnel. Please find here for better understanding.
Adjust WAN Connection Priority in SpeedFusion tunnel.
Make MPLS WAN as priority 1
Make others 2 WANs as priority 2
With the settings above, connection between 2 sites will using MPLS as primary and the rest of WAN link as secondary. Both Balance routers will having end to end health check within the tunnel. In the event local or remote having connectivity problem (e.g WAN health check failed or MPLS routing issue), the connection will failover from MPLS to other WAN links. Thus this will help to trigger failover without rely on physical WAN health check.
