Dual-DMVPN Design with Dual Hubs on a single router ??

Similar Messages

• Two subnets with different mask on a single router?

  router 1941
  Hello. I'm needing assistance with the setup of two subnets within a single router.
  Here's my information:
  Router has only two GigabitEthernet interfaces.
  GigabitEthernet0/0 has 172.20.0.1 ip and 255.255.252.0 mask.
  GigabitEthernet0/1 has 172.21.0.1 ip and 255.255.128.0 mask
  Now, on each side there is a Switch with two computers.
  I need to have 1 computer on each side on the same subnet, and the other one on a different subnet, meaning a pc on the same side cannot communicate with the other computer on its side, but can with another computer on the other side.
  I have no idea how to configure this on the router, can anyone please help me?
  Thanks in advance!

  >>> So you want PC1 and PC3 to be able to talk to each other but you don't want them to be able to >>>talk to PC2 and PC4 and vice versa.
  This is correct.
  >>>If so you don't need a router, you can just a switch (or switches)  and  use two vlans with no L3 >>>interfaces.
  Unfortunately they are not giving me the choice of making my own net design. I need to setup this with all the devices mentioned (1 router, 2 switches, 4 pcs).
  >>>If so you don't need a router, you can just a switch (or switches)  and  use two vlans with no L3 >>>interfaces.
  As long as they communicate with the appropiate PC, it doesnt matter if they communicate to other devices or not.
  Thanks again!

• DMVPN DUAL HUB SINGLE CLOUD CONFIGURATION EXAMPLE

  Hi,
  I am looking for a simple configuration for a dmvpn network running eigrp with two hubs on a single cloud.
  Do i just create two nhs entries, nhrp map entries, and two multicast entries on the spoke router tunnel interfaces?  And on the hub routers add a delay on the tunnel interfaces for the one i prefer to be the secondary?
  I am looking for confirmation and any other tweaks i need to make. i cant seem to find any examples.
  Thanks in advance!!

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• DMVPN dual hub - qos preclasify limitation

  Hi,
  Reading the DMVPN design guide I found: "qos pre-classify is not supported in an architecture that implements two different headends for mGRE tunnels and VPN tunnels."
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf
  Currently i am using a single headed DMVPN design with qos preclasify configured on the hub and voice works just perfect. My concern is with regards to implementing  a secondary hub for redundancy. How will the qos be handled if the qos preclasify is not supported?
  Thanks,

  I'm not aware of any limiation if you're using two separate tunnel interfaces (as opposed to two NHRP mappings on a single tunnel interface).
  Nor does:
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-per-tunnel-qos.html#GUID-182BD32F-56D4-479C-BFEF-B9738291E046
  mention any.
  If in doubt, please open a TAC case.

• Dual cloud dual hub single tier dmvpn with backup service provider

  Hi,
  I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
  The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
  Is there a guide for this case?
  What is the best practice in this case?
  Thanks in advance,
  Mladen

  Dynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
  My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
  I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
  I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface.

• Different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  please explain
  different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• Dual hub with one hub :-S

  Hi,i know the title is absurde .
  that is my topology :
  there are two links between router R1 (Hub) and router R4 (ISP) :
  The primary DMVPN cloud should be with the primary link (150.0.0.0/24)
  The secondary DMVPN cloud should be with the secondary link (150.0.1.0/24)
  the HUB must have one tunnel interfaces for each physical interface,so we need two tunnel interfaces .
  If i choose Dual  hub dual dmvpn cloud that mean that  i must have two tunnel interfaces for each spoke.
  If i choose Dual  hub single dmvpn cloud that mean that i must have just one tunnel interface for each spoke.
  the Hub must always use the primary link,to reach spokes1 (we are in the primary DMVPN cloud).
  but if the primary link goes down the second must be used by the hub and we move to the second DMVPN cloud .
  the ISP should use the secondary link only if the primary is down .
  a default route should be configured on the ISP to reach Internet.
  Is this possible (correct) ?,if yes :
  which model is the best : dual hub dual dmvpn cloud or dual hub single dmvpn cloud?
  how can i configure the ISP to use the secondary link only if the primary is down?
  if we have two hubs,how/why  the spokes prefer the primary hub?
  in this situation: how the spokes will prefer the primary DMVPN cloud (the primary Link)?

  You should. Both drives should show up if you press F12 at the ThinkPad POST screen (along with other attached bootable media).
  W520: i7-2720QM, Q2000M at 1080/688/1376, 21GB RAM, 500GB + 750GB HDD, FHD screen
  X61T: L7500, 3GB RAM, 500GB HDD, XGA screen, Ultrabase
  Y3P: 5Y70, 8GB RAM, 256GB SSD, QHD+ screen

• Configuration Dual HUB Dual Dmvpn

  Hi Dears
  i configurate simple  DMVPN on my network. Now i want to configurate Dual HUB Dual DMVPN.
  i can not find any good configuration documentation how config that.
  please provide me a link or any pdf fot configuration DUal HUB Dual Dmvpn .
  thanks.

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• DMVPN Dual Hub

  Hello
  I have one Hub Router 2901 with 2 Internet Provider whichare connected by 2 off. IP`s. If the primary connection goes down the router switch to the second connection on the wan interface. This works perfect.
  Now my problem.
  I have 4 Spoke-Router 881 3G wichshould be connected by DMVPN with the Hub. DMVPN works perfect on the primary connection. If the primary connection goes down and the second (backup) on. DMVPN is down. 
  is ist possible to connect the tunnel interface to 2 adresses? If i insert a 2nd ip nhrp map und ip nhrp multicast i cannnot send any data over the Tunnel.
  thanks for help !!!
  interface Tunnel1
  description DMVPN zu ASCOM-HUB1
  bandwidth 100000
  ip address 10.100.0.1 255.255.255.0
  no ip redirects
  no ip proxy-arp
  ip mtu 1400
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  ip nhrp authentication NhrP-K3y
  ip nhrp map multicast XXX.XXX.XXX.XXX
  ip nhrp map 10.100.0.250 XXX.XXX.XXX.XXX
  ip nhrp network-id 1
  ip nhrp nhs 10.100.0.250
  ip nhrp registration no-unique
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip verify unicast reverse-path
  ip tcp adjust-mss 1360
  keepalive 10 3
  tunnel source FastEthernet4
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

  Hello
  Thanks
  I have 2 differend ISP`s with differend Ip`s.
  So i insert a small photo how it looks like. The orange VPN`s work fine but if the Telekom crash and the hub switch to UPC the DMVPN is not working.
  Here is the config from the hub.
  So is it possible to insert more than one ip nhrp map address?
  Thanks
  interface Tunnel0
  description HUB1-DMVPN
  bandwidth 1000000
  bandwidth inherit
  ip address 10.100.0.250 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1400
  ip verify unicast reverse-path
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  no ip split-horizon eigrp 1
  ip nhrp authentication XXXXXX
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  ip nhrp holdtime 300
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip tcp adjust-mss 1360
  delay 10
  keepalive 10 3
  cdp enable
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

• DMPVN Dual Hub Configuration

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

• DMVPN phase 3 migration with Central hub

  I am looking at migrating my phase 2 DMVPN network to phase 3. The current network contains 3 regional hubs each serving approx 100 spokes. The end goal is to be able to build spoke to spoke tunnels between sites that are homed to hubs in different regions. I understand from reading the document "Migrating from Dynamic Multipoint VPN Phase 2 to Phase 3" that phase 3 regional hubs can be linked in a heirarchy via a cental hub but there is no detail in the doc and I have not been able to find a white paper that deals with this specifically. Does anyone have experience with this topology or have documention that deals with central hub configuration and deployment?
  Regards,
  Mike

  Mike,
  Might be a good idea to run this by your SE.
  In general phase 3 design with phase 3 images you need to remember you will follow routing for NHRP, i.e. if you summarize properly you will scale pretty decently (with or without regional hub).
  What are the benefits of phase 3 design comapred to phase 2 design that you're trying to achieve?
  Marcin.
  P.S. If we're talking about same migtation document
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/prod_white_paper0900aecd8055c34e_ps6658_Products_White_Paper.html
  it's an un-maintained marketing document, all our efforts to correct some of the problems there (ip ospf network point-to-multipoint for example) so far have not come to fruition.

• Performance Routing (PfR) with single router, dual ISP and load balancing

  It looks like PfR can do this but I have only found information about this feature which will start using ISP2 once ISP1 reaches 75% usage. But this is not load balancing.
  Can we accomplish load balancing utilizing a single router with dual ISPs using this PfR feature? 
  Or do we have to use another feature?
  thank you in advance

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  I'm rusty using OER/PfR, but I recall it could load balance two links on same router.  The issue, I also recall, if doing BGP, OER/PfR has to detect a load imbalance, and there's a certain difference allowance, and OER/PfR takes some time to decide, so depending on actual traffic, it might not be obvious it's working.  If doing BGP, there's a hidden command (which I don't recall is) that will load balance the two links on the same router; then you use OER/PfR to dynamically refine the balance load.

• DMVPN Design Question - EIGRP or OSPF

  Hi,
  We are in the process of designing a DMVPN network, which will be used as a backup (over the Internet) to our MPLS WAN Network. Currently we are using EIGRP at central and remote site.
  If I select EIGRP as also the routing protocol for the DMVPN, then EIGRP will consider the MPLS WAN Routes as External (Since they are being redistributed through BGP from MPLS Core into our internal Core) and then DMVPN Routes will be preferred over MPLS WAN Routes. Is this understanding correct ?
  How can i correct this problem ? Using the 'distance eigrp ...' command ?
  Is there any advantage using OSPF as the routing protocol in DMVPN ? This won't solve the above problem but are there any inherent advantages of OSPF over EIGRP in DMVPN Design ?
  We have around 18 Sites that will be connected with no Spoke-Spoke functionality required.
  Thanks,
  Naman

  You really cannot use EIGRP effectively over the WAN. I was managing a 500 node DMVPN with a a redundant 6509 core. The results were unbelievable. The 1811's hanging off of the cores through the DMVPN's were crazy. Every time a change occurred, if one router lost its VPN connection, the EIGRP protocol would broadcast the changes to all of the cloud, meaning to all 499 EIGRP participants would have to be notified of the change. This was HUGE. OSPF has better NBMBA environments that you would use. Personally, you wouldn't have a choice. Using EIGRP with DMVPN's that are over 50 nodes are practically impossible. I did work around the issue and stabilized the network but knowing what I know now, definately OSPF.

• DMVPN Spoke with 2 internet link

  Hi All,
  I am stuck in a situation where we have 2 hubs one in HQ and one in DR site. Both hubs are configured to have different dmvpn cloud. We have some branches with two internet links one adsl and another 3G.
  I want to setup dmvpn in such a way so that if adsl goes down then dmvpn tuneel should come up via 3G.
  What I know is i would require different tunnels on spoke for achieving this. Currently on each spoke I have two tunnels one terminates on HQ and another terminates on DR and both are live. I am managing routes via eigrp.
  My question is that do I need to create another dmvpn cloud for this to work as I can not use same subnet IP on new tunnels which will be having 3G as source ? or shall I create new subnet for tunnels which will work over 3G ??
  if i create new tunnel for 3G network then what will be the configuration on HQ & DR as we have only on internet link on DR & HO.
  can anybody help me on this ?
  just need idea how to achive it. my full dmvpn is working over internet no private mpls....

  Hi Jain,
  You can let HQ and DR in same DMVPN Cloud. In HQ, do Static NHRP MAP to DR and vise versa.
  Spoke routers, create two static NHRP Map and NHS.
  Tunnel0
  description Spoke
  ip nhrp map multicast HQ-WAN-IP
  ip nhrp map HQ-Tunnel-IP HQ-WAN-IP
  ip nhrp map multicast DR-WAN-IP
  ip nhrp map DR-Tunnel-IP DR-WAN-IP
  ip nhrp network-id 123
  ip nhrp holdtime 60
  ip nhrp nhs HQ-Tunnel-IP
  ip nhrp nhs DR-Tunnel-IP
  This will allow you use one DMVPN cloud for two Hub.
  Secondly, for spoke failover to 3G, you would need to create another DMVPN Tunnel at HUB and SPOKE router
  At HUB, use different Tunnel IP, but tunnel source will be same. In order this to work, i will suggest you to use DMVPN over IPSec. Use Diffrent tunnel key and ip nhrp network-id for both tunnel interface. Use "shared" command when apply ipsec policy in Tunnel interface.
  Sample config at Hub( I only show the difference in Tunnel config)
  tunne0
  description ***Primary Tunnel***
  ip address x.x.x.x
  ip nhrp network-id 1
  tunnel key 1
  tunnel protection ipsec profile TN-DMVPN shared
  tunne1
  description ***Primary Tunnel***
  ip address y.y.y.y
  ip nhrp network-id 2
  tunnel key 2
  tunnel protection ipsec profile TN-DMVPN shared
  At Spoke, you configure same as primary tunnel, but make sure to change network-id and tunnel key. Here, you may no need to use "shared" command when apply ipsec policy
  Hope this helps.
  Regards,
  Nagis

• Open Hub: How-to doc "How to Extract data with Open Hub to a Logical File"

  Hi all,
  We are using open hub to download transaction files from infocubes to application server, and would like to have filename which is dynamic based period and year, i.e. period and year of the transaction data to be downloaded. 
  I understand we could use logical file for this purpose.  However we are not sure how to have the period and year to be dynamically derived in filename.
  I have read in sdn a number of posted messages on a similar topic and many have suggested a 'How-to' paper titled "How to Extract data with Open Hub to a Logical Filename".  However i could not seem to be able to get document from the link given. 
  Just wonder if anyone has the correct or latest link to the document, or would appreciate if you could share the document with all in sdn if you have a copy.
  Many thanks and best regards,
  Victoria

  Hi,
  After creating open hub press F1 in Application server file name text box from the help window there u Click on Maintain 'Client independent file names and file paths'  then u will be taken to the Implementation guide screen > click on Cross client maintanance of file name > create a logical file path by clicking on new entiries > after creating logical file path now go to Logical file name definition there give your Logical file , name , physical file (ur file name followed by month or year what ever is applicable (press f1 for more info)) , data format (ASC) , application area (BW) and logical path (choose from F4 selection which u have created first), now goto Assignment of  physical path to logical path > give syntax group >physical path is the path u gave at logical file name definition.
  however we have created a logical path file name to identify the file by sys date but ur requirement seems to be of dynamic date of tranaction data...may u can achieve this by creating a variable. U can see the help from F1 that would be of much help to u. All the above steps i have explained will help u create a dynamic logical file.
  hope this helps u to some extent.
  Regards