Tuesday, June 11, 2019

4 OSPF IPsec tunnels and asymmetric routes

We have two data center sites on opposite ends of the US. Our ops office is centrally located between the two. We recently just replaced our Cisco gear in the office with a Fortigate 201E and setup 4 IKEv2 IPsec tunnels. Up until yesterday it had been working fine for 145 days. We lost our backup ISP and then our primary ISP last night and things have been quirky since. This morning we had an asymmetric route where private datacenter traffic would go out tunnel 1 and come in on tunnel 4 and it would cause disconnection for user applications.

Here's how my tunnels are configured:

Tunnel1 - DC1 ovr ISP1

Tunnel2 - DC1 ovr ISP2

Tunnel3 - DC2 ovr ISP1

Tunnel4 - DC2 ovr ISP2

How does OSPF know which tunnel to use? I've know it takes in count latency, etc?

What would be some things to check to fix the issue? We have some static routes but those are separate from these tunnel subnets.



No comments:

Post a Comment