Kaseya Community

MPLS Monitoring

  • We have a client who has a MPLS network between 4 sites with backup DSL Internet with VPNs.  We want to be able to monitor and be notified when the MPLS is down.  We have been using a "ping explicit route" feature on the SonicWALLs, but we need to find an alternative.  Does Kaseya have the ability to also "ping an explicit route"?  I need to be able to ping and at least establish the first hop.  (I.E. - ping 192.168.2.1 through 192.168.1.2 (Adtran for the MPLS at site 1).  I am not certain I painting a proper picture, so here is one.  Site 4 is very small and has no backup, if they go down they are down till the ISP fixes it.  We don't have access to the CPE (Client Premises Equipment) device as they are ISP equipment.  Thank you all for assistance in advance.

     re here.

  • Does the gateway as recorded by VSA change when the failover occurs?  If so, I believe there are procedures in Automation Exchange to alert on that

  • For a similar situation at one of our customers, I'll tell you what has worked for me in the past.

    I picked two machines at each site that are on all the time, but for which *hopefully* having limited connectivity between these specific machine would not have a high impact, for the sake of this explanation we'll name them as follows:

    Site1A, Site1B, Site2A Site2B, Site3a, Site3B.

    I then set up static persistent routes using the specific IP addresses of the machines as follows:

    Site1A to Site2A -> MPLS Router IP

    Site1A to Site3A -> MPLS Router IP

    Site2A to Site1A -> MPLS Router IP

    Site2A to Site3A -> MPLS Router IP

    Site3A to Site2A -> MPLS Router IP

    Site3A to Site1A -> MPLS Router IP

    Site1B to Site2B -> VPN router IP

    Site1B to Site3B -> VPN Router IP

    Site2B to Site1B -> VPN Router IP

    Site2B to Site3B -> VPN Router IP

    Site3B to Site1B -> VPN Router IP

    Site3B to Site2B -> VPN Router IP.

    You can then setup monitoring using those specific machines to each other and they will use the specified routes and be a valid test.  In order to limit impacts sometimes I've used pieces of networking equipment such as switches as the end point on one side, as that switches ability to connect to a machine across the WAN link wouldn't actually impact anything.

    Now having said all of that, In order to allow for better failover control I've actually redone all of this in the mean time.  What I do now is I use the Sonicwall's at our customer's sites to configure them to always use a VPN tunnel.  I setup the MPLS network with a separate private IP spacing that I'm using only for routing purposes.  I then set up the VPN configuration such that the MPLS route is the "Primary Gateway" of the VPN tunnel, with the DSL route being the Failover gateway.  

    When set up that way, the failover routing is more transparent and "just works", and I have all of the routing control that matters under my control rather than having to rely on the MPLS provider with their CPE equipment to handle the routing.