Redundant EIOP tunnel

kgoodyer · September 29, 2020, 2:54pm

Hi

My Central Office has two WAN connections with two different providers.
Each provider has its own IP address
I have the Central Office router set to failover from Carrier 1 to Carrier 2 in the event Carrier 1 fails.
I have a several remote offices each with a single internet connection, each with a EoIP tunnel pointed at the Carrier 1 at my central office.
I have the remote offices configured so that all internal traffic (10.1.0.0 /8 ) is sent over the EoIP Tunnel, whilst Internet traffic just uses the the WAN connection.

In the event that Carrier 1 fails at the Central Office, I want the EoIP tunnel at the remote office to automatically start targeting Carrier 2.

As tunnels need the address of each other and a tunnel ID, I am unsure how to approach this issue. Any thoughts on how to proceed gratefully received.

Thank you

Keith Goodyer

sindy · September 29, 2020, 3:03pm

http://forum.mikrotik.com/t/vpn-site-site-road-warrior/141418/1

vecernik87 · September 30, 2020, 3:02am

Yup, my setup as described in the link would work perfectly in this situation.

Run two EoIP per each branch
merge them using bridge or mesh (mesh will give you literary zero packet failover)
modify path costs in bridge-ports / mesh-ports to specify which tunnel has priority and which one is failover

If your branch computers actually need L2 connectivity to HQ computers (so you don’t want to use routing as in my example) you will obviously need to skip the routing part of my config and connect your VPN mesh/bridge to your LAN bridge.

If you decide to go with Mesh, please get familiar with it because it is quite proprietary to mikrotik. Also, please read FAQ: https://help.mikrotik.com/docs/pages/viewpage.action?pageId=8978441#heading-FAQ