Resiliency via MBG

[johnp]

I was wondering if anyone has setup a backup connection via internet to mbg for a down MPLS network. If so how is your's setup?

[ralph]

I believe we did it with clustering. 
For example we have an MBG in NY and another in NJ.   
These are clustered.
We point the phones to one or the other.    The phones actually connect to the systems based on their cluster weighting.

Ralph

[johnp]

Certainly it needs to be a cluster of MBG's, with the way the runtime resiliency values get populated. Boottime is easy enough to make happen via dhcp.

The current config I'm working on has a MiCollab in LAN zone with 2 MBG's one at the main site another at the fail over site in the default zone. The main has a vMCD and MXe(with PRI) while the fail over has a CX with second PRI.

My question is more on how best to set up the MBG cluster. I think that they may require a third that handles the initial connection in lan mode weighted the highest followed by the other 2 in either DMZ or server-gateway mode. My hope is to minimize any one way audio issues that may occur.

[dilkie]

The way I've seen it done was for a CPE router to route the MBG's public internet address over MPLS, if it's up, and route that same address via the internet, if MPLS is down. That way the same MBG is reachable on two routes. You can then cluster MBG's to provide resiliency for MBG's downtime (upgrades mostly).

[dilkie]

If you don't want to deploy CPE routers to do what I described above, there is a new feature in MBG. If you deploy a cluster of two MBGs, one accessable from mpls, but not the internet, and the other accessable from the internet (but not mpls), they are clustered on their datacenter lan side... There's a new feature in 9.0 (and available in 8.1 as an override) that's called "ping before redirect" that tells the MBG to ask the set to ping an address to see if it's reachable. You need this if the set can't reach it's mpls MBG, it fails over to the internet MBG, but the internet MBG is still connected, via the backend lan, to the mpls MBG and so will normally try to redirect the set back to the mpls MBG (where the set belongs).. This feature, when turned on, will keep the set hosted on the internet mbg util the set can successfully ping the mpls mbg. Only works for minet sets, not sip, but it works.

[johnp]

Dilkie, I assume in your second scenario you point the phone to the lan MBG for first choice. Do you think having 3, 1 lan only and 2 with internet access would work?

[dilkie]

sure, you can 4, 2 on the lan and 2 with internet if you want, you put them in different cluster zones and assign the sets to the lan zone.

[johnp]

Dilkie can you elaborate and what the "ping before redirect" does? I assume it stops the attempt to reconnect when in failover until it receives a ping response.

[johnp]

I guess if I read your post fully there would be no need for an elaboration :-)

[johnp]

Dilkie do you know haw to set the override? Tech support hasn't been much help and it behaves just as you describe.

[dilkie]

sure, the tug.ini setting will end up as

[ping_before_redirect]
enabled=1

so in the overrides panel that translates to:

section: ping_before_redirect
parameter: enabled
content: 1

if they are running older set loads they may also want to set

section: ping_before_redirect
parameter: reboot_stuck_set
content: 1

to get around a bug in the older set f/w loads. If a set gets into this mode it won't respond to the request to ping and has to be rebooted (automatically, via a s/w command to the set). If you are running MBG 9.0 or better, don't set this!

there's a few other settings to fine tune things, like "send X pings and consider Y responses to be okay to redirect" and the ability to set the ping timeout threshold, but those aren't generally needed, a single ping is sent and if there's a response within 800ms, we consider the other mbg reachable.

[johnp]

Looks like my remote 5340 get version 6.3.0.11 I think that is fairly current MBG 8.1.26

[dilkie]

you have the fix then, that was the f/w version it showed up in. so you just need the one override to turn it on... I recommend you test it out to make sure it's doing what you expect.

[johnp]

Dilkie,

Doing testing with a remote and it looks good no longer tries to connect to lan MBG every 30 seconds. I plan to do more tests onsite but it looks promising and thanks.

[dilkie]

you're welcome.