Question

Engineering a Backup Solution?

Cisco, Backup, DSL, T1, VPN, Routers

*** Fairly long ***
I work for a hosting company and we set tunnels up for our clients. The client connects to us, and we host AD and Exchange for them, among other things.
I have one client that has about 5 locations. Four of the locations are on a metro ethernet connection to their corporate office. The corporate office has a tunnel to us. They want to have a backup internet line at each of their locations in case the fiber gets cut.
My first thought is that we get them an internet T1 line, and then we mirror their config in their router (Cisco 1800s), and just keep the backup router off until needed. They would have to intervene by switching the cable from the internal interface on the "down" router to the backup router when needed. They run EIGRP on their internal LAN, so the next thought was I'll use routing and metrics to provide a way for them to have a "poor man's failover."
My question is this:
Since their corporate network connects to us through VPN, my network knows how to get to these spoke networks through their corporate tunnel. If they do go down, and they have to use their backup router, when their tunnel comes up to my concentrator from their "down" site, is that going to cause a routing problem? My other thought was to set up a VPN profile in their corporate router for their branch sites, but I think this could cause a routing loop. Any ideas or suggestions will be GREATLY appreciated!!
I'm at a loss on what to do for this client.
Thanks so much!!
John

So your links are something like (sorry on my screen the ascii graph looks good but this seems to kinda squash it together):

HOSTING
| <- VPN tunnel
Company HQ
/ | \
/ | \
Site1 Site2 Site(x)

You are being requested to provide a redundant access solution to the downstream sites? Shouldn't WAN disaster recovery already be part of the customer's network design? Is this a service that your organization typically does for hosted AD or Exchange customers? You mention the sites use metro ethernet to get back to the HQ. So are the sites in a close geographic area? Maybe they could use microwave or some other wireless backup links between locations.

I don't want to make light of the needs of the customer and what you want to do for them. Your organization is in the business of hosting services and applications. It sounds like your company needs an arm that designs network access services or use a partner who specializes in network services (like a Virtela). This would enhance your organization's offerings and provide some level of comfort to your customers that they are getting a strong value-add to the services they get from your company.

Some questions to consider also:

1. What is the purpose of the downstream sites coming back to HQ for access to the hosted services? Does the HQ monitor this or is there some other security concern?

2. Would there be much incremental cost (both to you and the customer) to have a VPN tunnel to your hosting center? This would take out the reliance on the links to the HQ site. The issue with this would be though keeping up with the number of VPN links for this customer.

I hope this helps you through your thought process and gives you some ideas on how to proceed. Good luck.