DMVPN dual hub - qos preclasify limitation

Similar Messages

• DMVPN DUAL HUB SINGLE CLOUD CONFIGURATION EXAMPLE

  Hi,
  I am looking for a simple configuration for a dmvpn network running eigrp with two hubs on a single cloud.
  Do i just create two nhs entries, nhrp map entries, and two multicast entries on the spoke router tunnel interfaces?  And on the hub routers add a delay on the tunnel interfaces for the one i prefer to be the secondary?
  I am looking for confirmation and any other tweaks i need to make. i cant seem to find any examples.
  Thanks in advance!!

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• DMVPN Dual Hub

  Hello
  I have one Hub Router 2901 with 2 Internet Provider whichare connected by 2 off. IP`s. If the primary connection goes down the router switch to the second connection on the wan interface. This works perfect.
  Now my problem.
  I have 4 Spoke-Router 881 3G wichshould be connected by DMVPN with the Hub. DMVPN works perfect on the primary connection. If the primary connection goes down and the second (backup) on. DMVPN is down. 
  is ist possible to connect the tunnel interface to 2 adresses? If i insert a 2nd ip nhrp map und ip nhrp multicast i cannnot send any data over the Tunnel.
  thanks for help !!!
  interface Tunnel1
  description DMVPN zu ASCOM-HUB1
  bandwidth 100000
  ip address 10.100.0.1 255.255.255.0
  no ip redirects
  no ip proxy-arp
  ip mtu 1400
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  ip nhrp authentication NhrP-K3y
  ip nhrp map multicast XXX.XXX.XXX.XXX
  ip nhrp map 10.100.0.250 XXX.XXX.XXX.XXX
  ip nhrp network-id 1
  ip nhrp nhs 10.100.0.250
  ip nhrp registration no-unique
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip verify unicast reverse-path
  ip tcp adjust-mss 1360
  keepalive 10 3
  tunnel source FastEthernet4
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

  Hello
  Thanks
  I have 2 differend ISP`s with differend Ip`s.
  So i insert a small photo how it looks like. The orange VPN`s work fine but if the Telekom crash and the hub switch to UPC the DMVPN is not working.
  Here is the config from the hub.
  So is it possible to insert more than one ip nhrp map address?
  Thanks
  interface Tunnel0
  description HUB1-DMVPN
  bandwidth 1000000
  bandwidth inherit
  ip address 10.100.0.250 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1400
  ip verify unicast reverse-path
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  no ip split-horizon eigrp 1
  ip nhrp authentication XXXXXX
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  ip nhrp holdtime 300
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip tcp adjust-mss 1360
  delay 10
  keepalive 10 3
  cdp enable
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

• Dual DMVPN Dual Hub Request for Help?

                     Hello Anyone with DMVPN experience,
                      Can you please have a look at my DMVPN queries in the attached document?
                      Thank you
                      Regards
                      Phuc Le

  Hi Phuc Le,
  I found for you a quite detailed design and implementation guide. Please read carefully and implement a test bed. I'm sure you will get support for specific issues if you run into problems.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html
  These documents are carefully written and I never encountered any problems with such reference implementations.
  Also: Please don't formulate your questions in an attached document, this makes it diffucult for us to give you answers.
  Best regards, MiKa

• Dual-DMVPN Design with Dual Hubs on a single router ??

  Hi All,
  In DMVPN, in Dual-DMVPN Design with Dual Hubs , can a single router perform the role of dual hubs.
  The router has two different internet links. It is intended that when one link goes down, spokes shud connect to the same router onto the other active internet connection. Is this possible ?

  Since no one has answered yet, I'll give you the practical answer.
  You'll have issues with IPSec and static routing. "DMVPN" itself probably wouldn't have an issue, but it would depend on IPSec and routing to work.
  It is easier, by far, to put in a second router. And when you factor in your time to try to make it work (and it may not work), the second router is less expensive.
  Rob

• Dual cloud dual hub single tier dmvpn with backup service provider

  Hi,
  I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
  The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
  Is there a guide for this case?
  What is the best practice in this case?
  Thanks in advance,
  Mladen

  Dynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
  My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
  I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
  I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface.

• Different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  please explain
  different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• Configuration Dual HUB Dual Dmvpn

  Hi Dears
  i configurate simple  DMVPN on my network. Now i want to configurate Dual HUB Dual DMVPN.
  i can not find any good configuration documentation how config that.
  please provide me a link or any pdf fot configuration DUal HUB Dual Dmvpn .
  thanks.

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• DMPVN Dual Hub Configuration

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

• Dual hub with one hub :-S

  Hi,i know the title is absurde .
  that is my topology :
  there are two links between router R1 (Hub) and router R4 (ISP) :
  The primary DMVPN cloud should be with the primary link (150.0.0.0/24)
  The secondary DMVPN cloud should be with the secondary link (150.0.1.0/24)
  the HUB must have one tunnel interfaces for each physical interface,so we need two tunnel interfaces .
  If i choose Dual  hub dual dmvpn cloud that mean that  i must have two tunnel interfaces for each spoke.
  If i choose Dual  hub single dmvpn cloud that mean that i must have just one tunnel interface for each spoke.
  the Hub must always use the primary link,to reach spokes1 (we are in the primary DMVPN cloud).
  but if the primary link goes down the second must be used by the hub and we move to the second DMVPN cloud .
  the ISP should use the secondary link only if the primary is down .
  a default route should be configured on the ISP to reach Internet.
  Is this possible (correct) ?,if yes :
  which model is the best : dual hub dual dmvpn cloud or dual hub single dmvpn cloud?
  how can i configure the ISP to use the secondary link only if the primary is down?
  if we have two hubs,how/why  the spokes prefer the primary hub?
  in this situation: how the spokes will prefer the primary DMVPN cloud (the primary Link)?

  You should. Both drives should show up if you press F12 at the ThinkPad POST screen (along with other attached bootable media).
  W520: i7-2720QM, Q2000M at 1080/688/1376, 21GB RAM, 500GB + 750GB HDD, FHD screen
  X61T: L7500, 3GB RAM, 500GB HDD, XGA screen, Ultrabase
  Y3P: 5Y70, 8GB RAM, 256GB SSD, QHD+ screen

• Dual-DMVPN with Dual Hubs

  Are there any routing issues when using mGRE interfaces on spokes. I need spoke-to-spoke connectivity. Obviously if I opt for p-pGRE interfaces then traffic from spoke-to-spoke will have to go via one of the hubs.
  I understand there was a limitation in IOS whereby mGRE interfaces on spokes prevented it from learning many routes via the hub.
  tia
  Ajaz

  Since no one has answered yet, I'll give you the practical answer.
  You'll have issues with IPSec and static routing. "DMVPN" itself probably wouldn't have an issue, but it would depend on IPSec and routing to work.
  It is easier, by far, to put in a second router. And when you factor in your time to try to make it work (and it may not work), the second router is less expensive.
  Rob

• Dual Hubs & Single DMVPN

  Hi, i AM FACING PROBLEM . When i close the connection of existing spoke and hub router 1 it must get connected to hub router 2. But un-fortunately its not working. Any clue
  HUB ROUTER 1 Configuration:
  interface Tunnel10
  description $FW_INSIDE$
  bandwidth 1024
  ip address 192.168.10.100 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1400
  ip nbar protocol-discovery
  no ip next-hop-self eigrp 1
  ip flow ingress
  ip flow egress
  ip nat inside
  ip nhrp authentication abc_vpn
  ip nhrp map multicast dynamic
  ip nhrp network-id 99
  ip nhrp holdtime 300
  ip nhrp nhs 192.168.10.100
  ip nhrp server-only
  ip virtual-reassembly
  ip tcp adjust-mss 1380
  no ip split-horizon eigrp 1
  delay 1000
  qos pre-classify
  tunnel source GigabitEthernet0/1
  tunnel mode gre multipoint
  tunnel key 100000
  interface gigabitethernet0/1
  ip address 86.96.196.xxx 255.255.255.240
  HUB ROUTER 2 Configuration:
  interface Tunnel10
  bandwidth 1000
  ip address 192.168.10.95 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1400
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  ip nhrp authentication arco_vpn
  ip nhrp map multicast dynamic
  ip nhrp map multicast 86.96.196.xxx
  ip nhrp map 192.168.10.100 86.96.196.xxx
  ip nhrp network-id 99
  ip nhrp holdtime 300
  ip nhrp nhs 192.168.10.100
  ip virtual-reassembly
  ip tcp adjust-mss 1360
  delay 1000
  qos pre-classify
  tunnel source GigabitEthernet0/1
  tunnel mode gre multipoint
  tunnel key 100000
  interface gigabitethernet0/1
  ip address 78.93.203.xx 255.255.255.252
  SPOKE ROUTER  Configuration:
  interface Tunnel10
  bandwidth 512
  ip address 192.168.10.74 255.255.255.0
  no ip redirects
  ip mtu 1500
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  ip nhrp authentication arco_vpn
  ip nhrp map multicast 78.93.203.XX
  ip nhrp map 192.168.10.95 78.93.203.XX
  ip nhrp map 192.168.10.100 86.96.196.XXX
  ip nhrp map multicast 86.96.196.XXX
  ip nhrp network-id 99
  ip nhrp holdtime 300
  ip nhrp nhs 192.168.10.100
  ip nhrp nhs 192.168.10.95
  delay 1000
  qos pre-classify
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 100000

  Do you have dynamic routing to fallback between the tunnels ?
  Mashal Alshboul

• DMVPN per tunnel QOS. show policy-map multipoint not working

  Hi All,
  I have a DMVPN hub which is a 1841 with image c1841-advsecurityk9-mz.151-4.M1.bin .
  I have been using DMVPN and its awesome but now trying to get the QOS sorted out and having issues.
  I have configured the interface like so.
  interface Tunnel1
  ip address 10.255.255.1 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication xxx
  ip nhrp map multicast dynamic
  ip nhrp map group ADSL1 service-policy output ADSL1
  ip nhrp network-id 1
  ip nhrp redirect
  ip tcp adjust-mss 1360
  no ip split-horizon
  ip ospf 1 area 0
  tunnel source Loopback0
  tunnel mode gre multipoint
  tunnel key 1
  tunnel path-mtu-discovery
  tunnel protection ipsec profile VPN
  end
  policy-map ADSL1
  class class-default
    shape average 1000000
    service-policy Classes
  policy-map Classes
  class Silver
    bandwidth percent 25
    fair-queue
  class Gold
    bandwidth percent 50
    fair-queue
  class Scavanger
    bandwidth percent 5
  class class-default
    fair-queue
  The output of show dmvpn detail shows it has applied the QOS rule.
  NG-SR-WE-RT-2#show dmvpn detail
  Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
      N - NATed, L - Local, X - No Socket
      # Ent --> Number of NHRP entries with same NBMA peer
      NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
      UpDn Time --> Up or Down Time for a Tunnel
  ==========================================================================
  Interface Tunnel1 is up/up, Addr. is 10.255.255.1, VRF ""
     Tunnel Src./Dest. addr: 10.32.0.100/MGRE, Tunnel VRF ""
     Protocol/Transport: "multi-GRE/IP", Protect "VPN"
     Interface State Control: Disabled
  Type:Hub, Total NBMA Peers (v4/v6): 1
  # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
      1  x.x.x.x    10.255.255.2    UP    1d18h    D    10.255.255.2/32
  NHRP group: ADSL1
  Output QoS service-policy applied: ADSL1
  but my router cannot run show policy-map multipoint... it doesnt come up with a tab but i can write it in by hand.  Even when i write it in by hand it outputs blank.
  I cut the ADSL1 shape down to 512k and it didnt take affect so i dont think the qos is working at all.
  Is my feature set too low?
  Cheers,
  Simon

  Ray,
  There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
  Also coexistance of other service-policy etc etc.
  The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
  M.

• QoS binding limited to IP address range and SSID on WLAN

  Our VLAN id 2 is used only by a WLAN SSID
  Defining a QoS profile as using VLAN id 2 did not work. No upper rate limitation worked
  Only using the IP address range of the VLAN or the SSID appeared to work.
  It does not appear consistent, when a VLAN id can be specified on a WLAN in the  Wireless Basic Setting Table
  It is also inconsistent, that the proper SSIDs are not listed in the drop down box on the
  Add / Edit Profile Binding Configuration page. They only appear as AP-1, AP-2 etc.

  Has this been fixed under firmware 1.0.4.17? I cannot get this work with any type of Traffic Selector (IP/MAC/VLAN/DSCP/SSID).
  Any suggestions are greatly appreciated. Thanks!

• Platinum QoS profile limits data traffic

  Hello,
  I have WLC which controls a WLAN that hosts data traffic and VoIP traffic.
  I have enabled Platinum QoS profile and the throughput of the WLAN decreases to approximately 10 Mbps (With bronze QoS profile throughput was like 22~25 Mbps).
  I would like to know how does the QoS profile limit the throughput of the WLAN? WLC gives a warning that data traffic will be affected but that doesn't tell much about the actual mechanism of traffic limiting.
  I used iperf software sending UDP data @ 500 Mbps to measure the throughput.
  BR
  Olli Karhunen

  I think this url might help
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowlan_ch2.html