DMVPN DUAL HUB SINGLE CLOUD CONFIGURATION EXAMPLE

Hi,
I am looking for a simple configuration for a dmvpn network running eigrp with two hubs on a single cloud.
Do i just create two nhs entries, nhrp map entries, and two multicast entries on the spoke router tunnel interfaces?  And on the hub routers add a delay on the tunnel interfaces for the one i prefer to be the secondary?
I am looking for confirmation and any other tweaks i need to make. i cant seem to find any examples.
Thanks in advance!!

Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
Thanks

Similar Messages

  • Different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

    please explain
    different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

    Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
    i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
    Thanks

  • Dual cloud dual hub single tier dmvpn with backup service provider

    Hi,
    I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
    The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
    Is there a guide for this case?
    What is the best practice in this case?
    Thanks in advance,
    Mladen

    Dynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
    My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
    I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
    I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface.

  • Dual Hubs & Single DMVPN

    Hi, i AM FACING PROBLEM . When i close the connection of existing spoke and hub router 1 it must get connected to hub router 2. But un-fortunately its not working. Any clue
    HUB ROUTER 1 Configuration:
    interface Tunnel10
    description $FW_INSIDE$
    bandwidth 1024
    ip address 192.168.10.100 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 1400
    ip nbar protocol-discovery
    no ip next-hop-self eigrp 1
    ip flow ingress
    ip flow egress
    ip nat inside
    ip nhrp authentication abc_vpn
    ip nhrp map multicast dynamic
    ip nhrp network-id 99
    ip nhrp holdtime 300
    ip nhrp nhs 192.168.10.100
    ip nhrp server-only
    ip virtual-reassembly
    ip tcp adjust-mss 1380
    no ip split-horizon eigrp 1
    delay 1000
    qos pre-classify
    tunnel source GigabitEthernet0/1
    tunnel mode gre multipoint
    tunnel key 100000
    interface gigabitethernet0/1
    ip address 86.96.196.xxx 255.255.255.240
    HUB ROUTER 2 Configuration:
    interface Tunnel10
    bandwidth 1000
    ip address 192.168.10.95 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 1400
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nhrp authentication arco_vpn
    ip nhrp map multicast dynamic
    ip nhrp map multicast 86.96.196.xxx
    ip nhrp map 192.168.10.100 86.96.196.xxx
    ip nhrp network-id 99
    ip nhrp holdtime 300
    ip nhrp nhs 192.168.10.100
    ip virtual-reassembly
    ip tcp adjust-mss 1360
    delay 1000
    qos pre-classify
    tunnel source GigabitEthernet0/1
    tunnel mode gre multipoint
    tunnel key 100000
    interface gigabitethernet0/1
    ip address 78.93.203.xx 255.255.255.252
    SPOKE ROUTER  Configuration:
    interface Tunnel10
    bandwidth 512
    ip address 192.168.10.74 255.255.255.0
    no ip redirects
    ip mtu 1500
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nhrp authentication arco_vpn
    ip nhrp map multicast 78.93.203.XX
    ip nhrp map 192.168.10.95 78.93.203.XX
    ip nhrp map 192.168.10.100 86.96.196.XXX
    ip nhrp map multicast 86.96.196.XXX
    ip nhrp network-id 99
    ip nhrp holdtime 300
    ip nhrp nhs 192.168.10.100
    ip nhrp nhs 192.168.10.95
    delay 1000
    qos pre-classify
    tunnel source GigabitEthernet0/0
    tunnel mode gre multipoint
    tunnel key 100000

    Do you have dynamic routing to fallback between the tunnels ?
    Mashal Alshboul

  • DMVPN dual hub - qos preclasify limitation

    Hi,
    Reading the DMVPN design guide I found: "qos pre-classify is not supported in an architecture that implements two different headends for mGRE tunnels and VPN tunnels."
    http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf
    Currently i am using a single headed DMVPN design with qos preclasify configured on the hub and voice works just perfect. My concern is with regards to implementing  a secondary hub for redundancy. How will the qos be handled if the qos preclasify is not supported?
    Thanks,

    I'm not aware of any limiation if you're using two separate tunnel interfaces (as opposed to two NHRP mappings on a single tunnel interface).
    Nor does:
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-per-tunnel-qos.html#GUID-182BD32F-56D4-479C-BFEF-B9738291E046
    mention any.
    If in doubt, please open a TAC case.

  • DMVPN Dual Hub

    Hello
    I have one Hub Router 2901 with 2 Internet Provider whichare connected by 2 off. IP`s. If the primary connection goes down the router switch to the second connection on the wan interface. This works perfect.
    Now my problem.
    I have 4 Spoke-Router 881 3G wichshould be connected by DMVPN with the Hub. DMVPN works perfect on the primary connection. If the primary connection goes down and the second (backup) on. DMVPN is down. 
    is ist possible to connect the tunnel interface to 2 adresses? If i insert a 2nd ip nhrp map und ip nhrp multicast i cannnot send any data over the Tunnel.
    thanks for help !!!
    interface Tunnel1
    description DMVPN zu ASCOM-HUB1
    bandwidth 100000
    ip address 10.100.0.1 255.255.255.0
    no ip redirects
    no ip proxy-arp
    ip mtu 1400
    ip authentication mode eigrp 1 md5
    ip authentication key-chain eigrp 1 EIGRP1-key
    ip nhrp authentication NhrP-K3y
    ip nhrp map multicast XXX.XXX.XXX.XXX
    ip nhrp map 10.100.0.250 XXX.XXX.XXX.XXX
    ip nhrp network-id 1
    ip nhrp nhs 10.100.0.250
    ip nhrp registration no-unique
    ip nhrp shortcut
    ip nhrp redirect
    ip virtual-reassembly in
    ip verify unicast reverse-path
    ip tcp adjust-mss 1360
    keepalive 10 3
    tunnel source FastEthernet4
    tunnel mode gre multipoint
    tunnel key 2
    tunnel path-mtu-discovery
    tunnel protection ipsec profile DMVPN

    Hello
    Thanks
    I have 2 differend ISP`s with differend Ip`s.
    So i insert a small photo how it looks like. The orange VPN`s work fine but if the Telekom crash and the hub switch to UPC the DMVPN is not working.
    Here is the config from the hub.
    So is it possible to insert more than one ip nhrp map address?
    Thanks
    interface Tunnel0
    description HUB1-DMVPN
    bandwidth 1000000
    bandwidth inherit
    ip address 10.100.0.250 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 1400
    ip verify unicast reverse-path
    ip authentication mode eigrp 1 md5
    ip authentication key-chain eigrp 1 EIGRP1-key
    no ip split-horizon eigrp 1
    ip nhrp authentication XXXXXX
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    ip nhrp holdtime 300
    ip nhrp shortcut
    ip nhrp redirect
    ip virtual-reassembly in
    ip tcp adjust-mss 1360
    delay 10
    keepalive 10 3
    cdp enable
    tunnel source GigabitEthernet0/0
    tunnel mode gre multipoint
    tunnel key 2
    tunnel path-mtu-discovery
    tunnel protection ipsec profile DMVPN

  • Dual DMVPN Dual Hub Request for Help?

                       Hello Anyone with DMVPN experience,
                        Can you please have a look at my DMVPN queries in the attached document?
                        Thank you
                        Regards
                        Phuc Le

    Hi Phuc Le,
    I found for you a quite detailed design and implementation guide. Please read carefully and implement a test bed. I'm sure you will get support for specific issues if you run into problems.
    http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html
    These documents are carefully written and I never encountered any problems with such reference implementations.
    Also: Please don't formulate your questions in an attached document, this makes it diffucult for us to give you answers.
    Best regards, MiKa

  • Configuration Dual HUB Dual Dmvpn

    Hi Dears
    i configurate simple  DMVPN on my network. Now i want to configurate Dual HUB Dual DMVPN.
    i can not find any good configuration documentation how config that.
    please provide me a link or any pdf fot configuration DUal HUB Dual Dmvpn .
    thanks.

    Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
    i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
    Thanks

  • Dual hub with one hub :-S

    Hi,i know the title is absurde .
    that is my topology :
    there are two links between router R1 (Hub) and router R4 (ISP) :
    The primary DMVPN cloud should be with the primary link (150.0.0.0/24)
    The secondary DMVPN cloud should be with the secondary link (150.0.1.0/24)
    the HUB must have one tunnel interfaces for each physical interface,so we need two tunnel interfaces .
    If i choose Dual  hub dual dmvpn cloud that mean that  i must have two tunnel interfaces for each spoke.
    If i choose Dual  hub single dmvpn cloud that mean that i must have just one tunnel interface for each spoke.
    the Hub must always use the primary link,to reach spokes1 (we are in the primary DMVPN cloud).
    but if the primary link goes down the second must be used by the hub and we move to the second DMVPN cloud .
    the ISP should use the secondary link only if the primary is down .
    a default route should be configured on the ISP to reach Internet.
    Is this possible (correct) ?,if yes :
    which model is the best : dual hub dual dmvpn cloud or dual hub single dmvpn cloud?
    how can i configure the ISP to use the secondary link only if the primary is down?
    if we have two hubs,how/why  the spokes prefer the primary hub?
    in this situation: how the spokes will prefer the primary DMVPN cloud (the primary Link)?

    You should. Both drives should show up if you press F12 at the ThinkPad POST screen (along with other attached bootable media).
    W520: i7-2720QM, Q2000M at 1080/688/1376, 21GB RAM, 500GB + 750GB HDD, FHD screen
    X61T: L7500, 3GB RAM, 500GB HDD, XGA screen, Ultrabase
    Y3P: 5Y70, 8GB RAM, 256GB SSD, QHD+ screen

  • Dual-DMVPN Design with Dual Hubs on a single router ??

    Hi All,
    In DMVPN, in Dual-DMVPN Design with Dual Hubs , can a single router perform the role of dual hubs.
    The router has two different internet links. It is intended that when one link goes down, spokes shud connect to the same router onto the other active internet connection. Is this possible ?

    Since no one has answered yet, I'll give you the practical answer.
    You'll have issues with IPSec and static routing. "DMVPN" itself probably wouldn't have an issue, but it would depend on IPSec and routing to work.
    It is easier, by far, to put in a second router. And when you factor in your time to try to make it work (and it may not work), the second router is less expensive.
    Rob

  • DMPVN Dual Hub Configuration

    In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
    Can someone shed some light on this?

    In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
    Can someone shed some light on this?

  • PCK :: Configuration Example: Message Exchange

    Hello experts,
    I has a problem with the configuration example from the SAP help to the partner Connectivity Kit.
    http://help.sap.com/saphelp_nw04/helpdata/en/8b/895e407aa4c44ce10000000a1550b0/frameset.htm
    I have built up everything like in the description - two PCK (party_A and party_B) and XI (party_XI).
    In message monitor of the first PCK (party A) stands that a message is explained successfully and second with error.
    Status: waiting.
    Details -
    audit log:
    Success Delivering to channel: message_an_xi
    Error Exception caught by adapter framework: String index out of range: 0
    Error Delivery of the message to the application using connection AFW failed, due to: String index out of range:0.
    Message Data:
    Error Category XI_J2EE_ADAPTER_ENGINE
    Error Code GENERAL_ERROR
    Wo und wie muss ich Fehler beseitigen?
    Has already explained jemang this example?
    Is it executable?
    Thank's.
    Regards,
    Alex

    Hi Zoran
    While using BPM as well you will need to have communication channels.
    BPM - > BAPI request.
    BAPI response -> BPM
    both sender and receiver channels are required for you.
    1.Demand for a material is send via HTTP to XI
    2.XI does a material availability check to the SAP system
    3.A material reservation has to be done if there are any materials available in the stock (inventory) to the SAP system
    4.If there is no material available a purchase order to a supplier (no SAP) has to be done via FTP
    5.Parallel to the purchase order a purchase order confirmation is send to the the SAP system.
    6.The supplier sends a purchase order confirmation to XI
    7.The XI sends a purchase order confirmation to the SAP system
    If i understood your requirement correctly and you want to use BPM. You need to do following in BPM
    Receivestep1(receive HTTP post) -> transform1(mapping to BAPI request) ->send step1(Send BAPI request to SAP) -> Receivestep2 (Receive BAPI response from SAP) -> Transform2 (Map BAPI response to File)-> send2(File post to non SAP supplier)-> Receive3(receive purchase order confirmation)-> transform3(map to SAP purchase order confirmation)-> send3(Purchase order confirmation to sap)
    You need no of channels
    1.Receive 1 - (HTTP)
    2.Send1/Receive2 - (RFC)
    3.Send2 - (FTP)
    4. Receive3( HTTP or FTP)
    5. For purchase order confirmation.
    Thanks
    Gaurav

  • Creating cofiles for single system configuration

    Hi All,
    we have sandbox system where it's congifured like single system  in STMS.
    when we try to release the requests it's showing local object  request number relesed but i am unable to find the cofiles and data files at os end.
      Since our system in configured as single system with out target system cofiles will not be created, but i have tried with virtual system and create the transport route  but still unable to find the cofiles.
    Is there any way to make cofiles available at OS end   for single system configuration which having one physical system and one virtual system ....
    Please suggest..
    Thanks,
    Subhash.G

    Hello John,
      Please go through my weblog:
    <b>Configuring ESS in SAP Enterprise Portal 6.0>
      Hope this may solve your problem.
    Best Regards,
    Srinivas.

  • Need Configuration example for DS-LITE ( Tunneling IPv4-IPv6)+NAT44.

    Hi,
    I need to understand DS-LITE with configuration example. Can anyone please help me out?
    Regards,
    RA

    Hi Rahul,
    DS-Lite is only supported on the CGSE in CRS and on the ISM in the ASR9k. Here is a sample config that might help you to understand.
    RP/0/RSP0/CPU0:router(config)#
    interface te0/0/0/0
    ipv6 add 2001:db8:ff00::1/64
    interface te0/1/0/0
    ipv4 add 192.168.100.1/24
    interface ServiceApp61
    ipv6 address 2001:db8:1::1/64
    service cgn demo service-type ds-lite
    interface ServiceApp41
    ipv4 address 192.168.1.1 255.255.255.252
    service cgn demo service-type ds-lite
    service cgn demo
    service-type ds-lite dslite-1
    map address-pool x.y.z.0/24
    aftr-tunnel-endpoint-address 2001:db8:ffff::1
    address-family ipv4
       interface ServiceApp42
    address-family ipv6
       interface ServiceApp41
    router static
    address-family ipv4 unicast
    x.y.z.0/24 ServiceApp42
    address-family ipv6 unicast
    2001:db8:ffff::1/128 ServiceApp41
    regards

  • Can I find NX7K VDC design/configuration examples?

    We have a couple of NX7K that we plan to have 2 VDC on each. So the 7K can function as a virtual core switch and virtual distribution switch. I have read about some VDC concepts but have not been able to find a detailed VDC design and configurations example document from Cisco sites. If any one has seen one, can you share that with me?
    A few subjects I like to find good examples:
    Connection in between ports in different VDC;
    Management connectivity to each VDC;
    Routing config between VDC.
    Thanks

    Hello
    The best source that would cover all the relevant VPC details would be the design guide available here:
    http://www.cisco.com/en/US/products/ps9670/products_implementation_design_guides_list.html
    The first 4 chapters are lots to read but it very good
    Hth
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for

  • Automatic Payment Errror

    Dear All, While running the automatic payment i m facing some error (Error screen shot File URL attached) Steps what i followed also mentioned in the screen shot file........ http://rapidshare.com/files/133748553/app.doc.html Please help me to solve

  • How do I open attachments to my emails. What app/prog do I need.

    I have just purchased Ipad 2. On receiving emails I find that I am unable to open attachments, either jpeg or video etc. Spoke to the ipad help line and despite following his directions, apart from googling for info, I am no further forward. Being a

  • Media encode CC2014.2 stops while exporting a premiere project

    Hello everybody, I have a huge problem with media encoder CC 2014.2. Every time I want to export a premiere project, media encoder stops : "media encoder CC 2014.2 as encountered a problem and needs to close". I reinstalled everything on a clean and

  • No flashback versions query and flashback transaction query tools on EM?

    No Flashback Versions Query and Flashback Transaction Query tools on EM Console? How to do Flashback Versions Query work and Flashback Transaction Query on EM Console?

  • How To upload a infotype via BDC recording

    Hi , I am looking to do a BDC recording to upload a infotype which is 105 for communications My office head quarters are moving so they are changing the first 6 digits of the tlefone numbers but the extensions will remain the same so how is this poss