Hi all,
We did a cenario of Site-to-site L2 VPN for a customer (they can't change this topology yet). So there are 20 braches (2 wan links each) and 1 HQ (2 wan links), so we configured 4 VPN each branch.
Something like this each one:
HQ and branches have SD-WAN for basic failover.
So the problem is, if one branch failover to wan2, ok, everything is fine, but when it returns to wan1 there is a loop (broadcast storm) until the VPN of wan2 goes down.
We decrease the keepalive time of VPN to:
set dpd-retrycount 1 set dpd-retryinterval 3
Is there any solution to VPN of wan2 goes down before VPN Wan1 goes up?
Or something to avoid broadcast storm inside software switch?
Thanks.
