DMVPN Spoke with 2 internet link
Hi All,
I am stuck in a situation where we have 2 hubs one in HQ and one in DR site. Both hubs are configured to have different dmvpn cloud. We have some branches with two internet links one adsl and another 3G.
I want to setup dmvpn in such a way so that if adsl goes down then dmvpn tuneel should come up via 3G.
What I know is i would require different tunnels on spoke for achieving this. Currently on each spoke I have two tunnels one terminates on HQ and another terminates on DR and both are live. I am managing routes via eigrp.
My question is that do I need to create another dmvpn cloud for this to work as I can not use same subnet IP on new tunnels which will be having 3G as source ? or shall I create new subnet for tunnels which will work over 3G ??
if i create new tunnel for 3G network then what will be the configuration on HQ & DR as we have only on internet link on DR & HO.
can anybody help me on this ?
just need idea how to achive it. my full dmvpn is working over internet no private mpls....
Hi Jain,
You can let HQ and DR in same DMVPN Cloud. In HQ, do Static NHRP MAP to DR and vise versa.
Spoke routers, create two static NHRP Map and NHS.
Tunnel0
description Spoke
ip nhrp map multicast HQ-WAN-IP
ip nhrp map HQ-Tunnel-IP HQ-WAN-IP
ip nhrp map multicast DR-WAN-IP
ip nhrp map DR-Tunnel-IP DR-WAN-IP
ip nhrp network-id 123
ip nhrp holdtime 60
ip nhrp nhs HQ-Tunnel-IP
ip nhrp nhs DR-Tunnel-IP
This will allow you use one DMVPN cloud for two Hub.
Secondly, for spoke failover to 3G, you would need to create another DMVPN Tunnel at HUB and SPOKE router
At HUB, use different Tunnel IP, but tunnel source will be same. In order this to work, i will suggest you to use DMVPN over IPSec. Use Diffrent tunnel key and ip nhrp network-id for both tunnel interface. Use "shared" command when apply ipsec policy in Tunnel interface.
Sample config at Hub( I only show the difference in Tunnel config)
tunne0
description ***Primary Tunnel***
ip address x.x.x.x
ip nhrp network-id 1
tunnel key 1
tunnel protection ipsec profile TN-DMVPN shared
tunne1
description ***Primary Tunnel***
ip address y.y.y.y
ip nhrp network-id 2
tunnel key 2
tunnel protection ipsec profile TN-DMVPN shared
At Spoke, you configure same as primary tunnel, but make sure to change network-id and tunnel key. Here, you may no need to use "shared" command when apply ipsec policy
Hope this helps.
Regards,
Nagis
Similar Messages
-
Cisco 1841 with PPP Internet link down
Hi brothers, please help.
We have Cisco 1841 with ATM card connect to Internet . Some days one Dialer interface of ISP is down and only restart router to get Dialer interface up again. I check debug PPP negotiation & see that no inbound packets from ISP.
I really need to fix this issue permanently, not need to restart router to recover Internet.
Thanks!
All line protocol from ATM0/0/0 & Dialer interfaces are up, but Dialer interface cannot get allocated IP addresses.
interface ATM0/0/0
description ISP Internet
no ip address
no atm ilmi-keepalive
dsl operating-mode itu-dmt
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Dialer2
description ISP Internet 1
mtu 1492
bandwidth 8000
ip address negotiated
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap hostname xxx
ppp chap password 7 xxx
no cdp enable
wr1#show ip int br
Interface IP-Address OK? Method Status Protocol
ATM0/0/0 unassigned YES NVRAM up up
ATM0/1/0 unassigned YES NVRAM up up
Dialer2 unassigned YES IPCP up up
wr1#show int atm0/0/0
ATM0/0/0 is up, line protocol is up
Hardware is HWIC-DSLSAR (with Alcatel ADSL Module), address is 001f.9e87.xxx(bia 001f.9e87.xxx)
Description: ISP Internet
MTU 4470 bytes, sub MTU 4470, BW 832 Kbit/sec, DLY 610 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported
Encapsulation(s): AAL5
23 maximum active VCs, 256 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input never, output 23:48:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1084
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
58124 packets input, 30790858 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 348 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
51848 packets output, 16773091 bytes, 0 underruns
6 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
wr1#show int dia2
Dialer2 is up, line protocol is up (spoofing)
Hardware is Unknown
Description: ISP Internet
Internet address will be negotiated using IPCP
MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Class-based queueing
Output queue: 0/1000/0 (size/max total/drops)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
52937 packets input, 30470954 bytes
52931 packets output, 17287959 bytes
Bound to:
Virtual-Access2 is up, line protocol is down
Hardware is Virtual Access interface
MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP REQsent
PPPoATM vaccess, cloned from Dialer2
Vaccess status 0x44
Bound to ATM0/0/0 VCD: 1, VPI: 0, VCI: 38, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di2 (Encapsulation PPP)
Last input 00:00:09, output never, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 40403
Queueing strategy: Class-based queueing
Output queue: 65/1000/0 (size/max total/drops)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
58124 packets input, 30591958 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
93405 packets output, 17935575 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
syslog for debug ppp negotiation:
2014-09-10 08:49:31 Local7.Notice local IP address 801: wr1.lon: .Sep 10 01:51:33.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to down
2014-09-10 08:49:32 Local7.Notice local IP address 804: wr1.lon: .Sep 10 01:51:35.247: %TRACKING-5-STATE: 3 ip sla 3 state Up->Down
2014-09-10 09:13:40 Local7.Error local IP address 808: wr1.lon: Sep 10 02:15:42.646: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to up
2014-09-10 09:13:40 Local7.Notice local IP address 809: wr1.lon: Sep 10 02:15:43.646: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to up
2014-09-10 09:13:45 Local7.Error local IP address 810: wr1.lon: Sep 10 02:15:48.957: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
2014-09-10 09:13:45 Local7.Debug local IP address 811: wr1.lon: Sep 10 02:15:48.961: Interface Virtual-Access2 max_reserved_bandwidth config will not
2014-09-10 09:13:45 Local7.Debug local IP address 812: wr1.lon: take effect on the queueing features configured via service-policy
2014-09-10 09:13:45 Local7.Info local IP address 813: wr1.lon: Sep 10 02:15:48.965: %DIALER-6-BIND: Interface Vi2 bound to profile Di2
2014-09-10 09:13:45 Local7.Debug local IP address 814: wr1.lon: Sep 10 02:15:48.965: Vi2 PPP: Sending cstate UP notification
2014-09-10 09:13:45 Local7.Debug local IP address 815: wr1.lon: Sep 10 02:15:48.969: Vi2 PPP: Processing CstateUp message
2014-09-10 09:13:45 Local7.Debug local IP address 816: wr1.lon: Sep 10 02:15:48.973: PPP: Alloc Context [662C56A4]
2014-09-10 09:13:45 Local7.Debug local IP address 817: wr1.lon: Sep 10 02:15:48.973: ppp3 PPP: Phase is ESTABLISHING
2014-09-10 09:13:45 Local7.Debug local IP address 818: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Using dialer call direction
2014-09-10 09:13:45 Local7.Debug local IP address 819: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Treating connection as a callout
2014-09-10 09:13:45 Local7.Debug local IP address 820: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Session handle[14000004] Session id[3]
2014-09-10 09:13:45 Local7.Debug local IP address 821: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[OPEN] State[Initial to Starting]
2014-09-10 09:13:45 Local7.Debug local IP address 822: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: No remote authentication for call-out
2014-09-10 09:13:45 Local7.Debug local IP address 823: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
2014-09-10 09:13:45 Local7.Debug local IP address 824: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:46 Local7.Debug local IP address 825: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:46 Local7.Debug local IP address 826: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[UP] State[Starting to REQsent]
2014-09-10 09:13:48 Local7.Debug local IP address 827: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: O CONFREQ [REQsent] id 2 len 14
2014-09-10 09:13:48 Local7.Debug local IP address 828: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:48 Local7.Debug local IP address 829: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:48 Local7.Debug local IP address 830: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:50 Local7.Debug local IP address 831: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: O CONFREQ [REQsent] id 3 len 14
2014-09-10 09:13:50 Local7.Debug local IP address 832: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:50 Local7.Debug local IP address 833: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:50 Local7.Debug local IP address 834: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:52 Local7.Debug local IP address 835: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: O CONFREQ [REQsent] id 4 len 14
2014-09-10 09:13:52 Local7.Debug local IP address 836: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:52 Local7.Debug local IP address 837: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:52 Local7.Debug local IP address 838: wr1.lon: Sep 10 02:15:55.000: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:54 Local7.Debug local IP address 839: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: O CONFREQ [REQsent] id 5 len 14
2014-09-10 09:13:54 Local7.Debug local IP address 840: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:54 Local7.Debug local IP address 841: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:54 Local7.Debug local IP address 842: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:56 Local7.Debug local IP address 843: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: O CONFREQ [REQsent] id 6 len 14
2014-09-10 09:13:56 Local7.Debug local IP address 844: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:56 Local7.Debug local IP address 845: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:56 Local7.Debug local IP address 846: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:58 Local7.Debug local IP address 847: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: O CONFREQ [REQsent] id 7 len 14
2014-09-10 09:13:58 Local7.Debug local IP address 848: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:58 Local7.Debug local IP address 849: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:58 Local7.Debug local IP address 850: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:00 Local7.Debug local IP address 851: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: O CONFREQ [REQsent] id 8 len 14
2014-09-10 09:14:00 Local7.Debug local IP address 852: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:00 Local7.Debug local IP address 853: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:00 Local7.Debug local IP address 854: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:02 Local7.Debug local IP address 855: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: O CONFREQ [REQsent] id 9 len 14
2014-09-10 09:14:02 Local7.Debug local IP address 856: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:02 Local7.Debug local IP address 857: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:02 Local7.Debug local IP address 858: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:04 Local7.Debug local IP address 859: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: O CONFREQ [REQsent] id 10 len 14
2014-09-10 09:14:04 Local7.Debug local IP address 860: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:04 Local7.Debug local IP address 861: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:04 Local7.Debug local IP address 862: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:06 Local7.Debug local IP address 863: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP DISC: LCP failed to negotiate
2014-09-10 09:14:06 Local7.Debug local IP address 864: wr1.lon: Sep 10 02:16:09.107: PPP: NET STOP send to AAA.
2014-09-10 09:14:06 Local7.Debug local IP address 865: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: No remote authentication for call-out
2014-09-10 09:14:06 Local7.Debug local IP address 866: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[Timeout-] State[REQsent to Stopped]
2014-09-10 09:14:06 Local7.Debug local IP address 867: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
2014-09-10 09:14:06 Local7.Debug local IP address 868: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: Phase is DOWNHello ,
As line comes up after reloading the device this does not looks like configuration issue but hardware .
Either connection between ATM card and modem is getting idle or some issue with ATM card .
Did you try replacing ATM card with a spare one to see if issue persists .
HTH
Sunil Bhadauria
! Kindly rate all helpful posts and accordingly mark correct answers to help forum ! -
Make .PDF display in email while preserving its Internet Links
I've created one A4-page mixed media (text and images) .pdf invitation with two embedded URLs – a map reference and email reply (which work fine) – but disappointingly it appears as an attachment when received. Recipients have to launch the file to reveal its content – and find the embedded links. When saved as a .jpg it reveals but the links are lost. How do I deliver it so that it appears visually when recipients open the mail in their Inbox with the Internet links intact?
The solution is http://support.microsoft.com/kb/2716529 but as you write, the "fixit" is only for Windows 8.
To apply it on Windows 7, download, unzip, then run the attached registry script. -
Firefox is set as the default browser, but if I click a link in MS Word, the link is opened with MS Internet explorer. Why?
What version of Windows and Office is it? I had this issue with an older version of office and Windows XP. Basically, MS are using their browser (IE) because it's their software (MS Office). If you go to options in MS word though, you should be able to find an option to set the default browser to open links.
-
Trying to download update to CoPilot Live and CoPilot GPS with maps. Files sizes are large and taking hours to download on wireless connection. How can I download updates and new maps while connected to PC and Itunes through hard wire internet link?
I'm on my iPad, so I don't know if this is the page with an actual download. I don't see a button, but assume that is because I am on an iPad. It is in the DL section of Apple downloads.
http://support.apple.com/kb/DL1708 -
Touch screen not working with internet link in safari
Anyone has the same problem?
After 1.1.1 update, my touch screen occassionally fails to respond any tap on internet links in safari. no matter which web site you go to, no link will work on tap.
I tried to clean catch, cookies, etc. The only way to out of it is to reset the phone (both key pressed).
It happens about once or twice a day, not often enough for Apple people to duplicate it, but enough to bother me.I have had the same exact problem occur 3 or 4 times since the update. I fix it by turning the phone off and on again.
-
RoboHelp 8 How to create a hotspot with a URL/internet link
Using RoboHelp 8, within the verbage of a topic, how do I create a URL/internet link (EX: www.mysite.com) that is clickable and will take the user to that web site?
Highlight the content to be clickable, click Insert > Hyperlink, click on the down arrow next to the "Link To" field and select Web Address. Enter the URL and click OK.
Read the RoboColum(n) for a tips, tricks and musings on the Technical Communication Suite products. -
Dual-DMVPN Design with Dual Hubs on a single router ??
Hi All,
In DMVPN, in Dual-DMVPN Design with Dual Hubs , can a single router perform the role of dual hubs.
The router has two different internet links. It is intended that when one link goes down, spokes shud connect to the same router onto the other active internet connection. Is this possible ?Since no one has answered yet, I'll give you the practical answer.
You'll have issues with IPSec and static routing. "DMVPN" itself probably wouldn't have an issue, but it would depend on IPSec and routing to work.
It is easier, by far, to put in a second router. And when you factor in your time to try to make it work (and it may not work), the second router is less expensive.
Rob -
DMVPN QoS Configuration over sat link
Hi everyone, having one of those days where I cant seem to see the trees through the forest! Hopefully someone can point the way :)
We have a DMVPN setup with Hub & spoke, 3 remote sites over satellite but the remote sites internet traffic does not come over the vpn, it goes out via the ISP.
One particular site we've been having flooding and packet loss issues with has now been increased from 256k to a 512Kb Cir and the ISP has allowed a 1536 burst - this is where im confused most!
Almost all examples of QoS i see is to limit/restrict the flow to less than the provider CIR is allowing to avoid them dropping packets, so in this scenario, how do I make the most of the burst rate?
The DMVPN is currently set up with QoS policies via IP nhrp map groups, shaping the tunnel to 256k then child maps prioritizing mgmt, Skype etc. Although this seems like a great idea, im being led to believe I should just have qos pre-classify on the tunnel and set the policy-map on the Internet interface, but what I cant work out is how to prioritize or allocate most of the bandwidth to the tunnel for 'work related' purposes and limiting web browsing as currently it seems http/https traffic it taking all the bandwidth!
If I don't use the bandwidth command on the physical interface it appears it believes it has 100m, so I think I need to set it 512k but not sure how to utilize the burst.
Then im guessing I should use something like priority percent and shape average percent to prioritize tunnel traffic over http but does qos then need to be configured on the Hub somewhere as well?
If anyone has a similar setup and can provide example config that would be great.
Any assistance is greatly appreciated, please let me know if you want any configs/outputs.
Cheers,
KevThanks for the reply Marcin, however that doesn't really answer my question(s).
I am fully aware of per tunnel qos as well as HQos, im just no expert in either!
I understand that per tunnel qos applies the settings to the tunnel, but anything Not going via the tunnel will not have any qos applied and that currently seems to be the issue, naughty streaming media and http/https traffic flooding the link!
Using Hqos will apply to the whole link, but it seems I need qos-pre classify on the tunnel to apply before it gets encrypted, or should I just prioritise all GRE so that all tunnel traffic gets priority?
Perhaps I just have my settings too low, http(s) traffic takes all it can leaving work related tunnel traffic, email etc starved of BW.
If anyone has any example configs of similar setups that would be much appreciated, its easier for me to reverse engineer! :)
cheers,
Kev -
VPN server on 871 already functioning as DMVPN spoke?
Last week I was sitting in an hotel far away from my family. I wanted to use Skype or MSNMessenger to contact them with Webcam. It didn't work, because there was some huge firewall, blocking several ports. So I decided to setup a VPN server @home, so I could access to everything I wanted, and not be blocked by the firewall of an islamic state... :-)
My 871w @home is functioning as a DMVPN spoke which works well.
Is it possible to contact my router from far away, and then be able to access the internet and my home-lan?
If someone can point me to a (simple :-) config, I will be very thankful...Try these links:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801eafcb.shtml
http://www.cisco.com/en/US/products/ps6660/products_white_paper0900aecd803e7ee9.shtml -
MPLS BGP routes push to DMVPN spokes
I have an MPLS with BGP. I also have sites that are not connected directly to the MPLS, but have a s2s VPN to hub sites that are connected to the MPLS and that way they access the MPLS resources. I need to communicate the route changes to the MPLS when the DMVPN fails-over to another hub.
Currently this is my config:
Datacenter (MPLS only)
interface GigabitEthernet0/1
description MPLS
ip address 192.168.0.34 255.255.255.252
interface Vlan2
ip address 192.168.96.2 255.255.255.0
router bgp 65511
bgp log-neighbor-changes
network 192.168.96.0
neighbor 192.168.0.33 remote-as 65510
Hub site 1 (MPLS + internet)
interface Tunnel200
ip address 10.99.99.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp holdtime 600
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description MPLS
ip address 192.168.1.2 255.255.255.0 secondary
ip address 192.168.0.2 255.255.255.252
router bgp 65001
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.21.0
!10.99 clients are DMVPN spokes
neighbor 10.99.99.3 remote-as 99010
neighbor 10.99.99.3 route-reflector-client
neighbor 10.99.99.21 remote-as 99001
neighbor 10.99.99.21 route-reflector-client
!as 65000 is the MPLS PE
neighbor 192.168.0.1 remote-as 65000
Hub Site 2, has the same configuration, except for local ip address and router BGP ID.
Spoke site:
interface Tunnel200
ip address 10.99.99.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1
ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2
ip nhrp network-id 12345
ip nhrp holdtime 600
ip nhrp nhs 10.99.99.1 priority 1
ip nhrp nhs 10.99.99.16 priority 5
ip nhrp nhs fallback 60
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description Internal
ip address 192.168.3.1 255.255.255.192
router bgp 99010
bgp log-neighbor-changes
network 192.168.3.0
neighbor 10.99.99.1 remote-as 65001
neighbor 10.99.99.16 remote-as 65013
On this spoke site
#sh ip route
B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
which is the HUB network, but the rest of the MPLS routes are not "learned".
What am I missing?
Thanks!Hi Jon, I've ommited the configuration of the MPLS provider routers in between. The DC is connected to a router that has the AS 65510.
DC:CPE---PE:{MPLS}PE---CPE:HUB---{internet}---Spoke
The DC is ok getting the network information via BGP:
#sh ip route
B 192.168.3.0/24 [20/0] via 192.168.0.33, 3d05h
B 192.168.21.0/24 [20/0] via 192.168.0.33, 3d05h
#sh ip bgp 192.168.21.0
BGP routing table entry for 192.168.21.0/24, version 559
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
65510 3549 6140 3549 65000
192.168.0.33 from 192.168.0.33 (###.###.###.###)
Origin IGP, localpref 100, valid, external, best
#sh ip route 192.168.21.0
Routing entry for 192.168.21.0/24
Known via "bgp 65511", distance 20, metric 0
Tag 65510, type external
Last update from 192.168.0.33 3d05h ago
Routing Descriptor Blocks:
* 192.168.0.33, from 192.168.0.33, 3d05h ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65510
MPLS label: none
Spoke:
#sh ip bgp
BGP table version is 494, local router ID is 192.168.21.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.129.32/27 10.99.99.16 0 65013 65012 3549 ?
*> 192.168.96.0 10.99.99.16 0 65013 65012 3549 6745 65510 ?
#sh ip route 192.168.96.0
Routing entry for 192.168.96.0/24
Known via "bgp 99001", distance 20, metric 0
Tag 65013, type external
Last update from 10.99.99.16 00:02:11 ago
Routing Descriptor Blocks:
* 10.99.99.16, from 10.99.99.16, 00:02:11 ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65013
MPLS label: none
#sh ip bgp 192.168.96.0
BGP routing table entry for 192.168.96.0/24, version 465
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
65013 65012 3549 6745 65510
10.99.99.16 from 10.99.99.16 (10.2.16.1)
Origin incomplete, localpref 100, valid, external, best
The route is not being updated to the rest of the routers, and the 192.168.21.0 network is still announced via the old route.
(from spoke)
ping 192.168.96.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.96.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
From DC
#traceroute 192.168.21.1
Type escape sequence to abort.
Tracing the route to 192.168.21.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.33 [AS 65510] 0 msec 0 msec 0 msec
2 172.50.1.33 [AS 65510] 56 msec 36 msec 36 msec
3 10.80.1.1 [AS 3549] 44 msec 44 msec 44 msec
4 10.80.1.2 [AS 3549] 172 msec 172 msec 168 msec
5 172.50.1.1 [AS 3549] 168 msec 168 msec 172 msec
6 172.50.1.2 [AS 3549] 180 msec 180 msec 176 msec
7 192.168.0.2 [AS 65000] 172 msec 172 msec 168 msec <- old route, should be 192.168.0.9
8 192.168.0.2 [AS 65000] !H * !H -
DMVPN Default routes (over internet and over tunnel)
Hello all,
I want to implement a DMVPN (using OSPF) solution in which all routers are connected to the internet and all of then have dynamic IP addresses (except hub). Because of this each router have a default gateway pointing to the ISP IP address.
With this solution I want a spoke to skope topology and I also want all customer internet traffic to go via central site. The problem is that I need a defaut route to reach other spokes and this way traffic to internet via central site does not use the tunnel.
Is there any feature that alow to overcome this situation?
Regards,
João CarvalhoAbsolutely. You can do this easily with VRF Lite. Configure a separate VRF for your customer, place the tunnel interface and the customer's VLAN into the VRF and run your OSPF process within the VRF. This allows the router's global routing table to keep a default gateway to the ISP, but lets you define the customer's default gateway as the DMVPN hub. I have a dual-hub DMVPN network with a couple of hundred sites using exactly this approach.
-
Cisco DMVPN Spoke ISP Redundancy
Hi Dears,
I want to configure DMVPN on cisco routers. I want to configure dual ISP at spoke's. ADSL link is primary and 3g is backup and configure dmvpn.
How i configure in HUB and Spoke sites? I want to use Eigrp protocol.Hi Teymur,
You can configure a single tunnel interface on the spoke, primary hub and the secondary hub for dual hub and dual isp on spoke.
Use EEM script for failover between your ISP connections and can configure both hubs on the same tunnel interface.
Introduce delay on the secondary hub tunnel interface so that it is less preferred.
Spoke Tunnel configuration :
interface Tunnel0
bandwidth 1000
ip address 10.10.0.12 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.10.0.1 172.16.1.1
ip nhrp map 10.10.0.2 172.16.1.2
ip nhrp network-id 100000
ip nhrp holdtime 300
ip nhrp nhs 10.10.0.1 <---- Primary Hub
ip nhrp nhs 10.10.0.2 <---- Secondary Hub
delay 1000
tunnel source Ethernet0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
Primary Hub
interface Tunnel0
ip address 10.10.0.1 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
no ip split-horizon eigrp 1
delay 1000
tunnel source Ethernet0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
Secondary Hub
interface Tunnel0
ip address 10.10.0.2 255.255.255.0
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
no ip split-horizon eigrp 1
delay 1500 <--- Increase the delay so that the routes learnt from this is less prefered
tunnel source Ethernet0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
For Dual ISP failover on Spoke :
Configure tracking with IP SLA monitor. Then use EEM script to change the source and route of the tunnel when the track fails.
If Ethernet0/0 is the primary WAN interface and Ethernet0/1 is the backup then you can use the below template.
track 1 ip sla 1 reachability
ip sla 1
icmp-echo <Primary Next-hop IP> source-interface Ethernet0/0
threshold 3000
timeout 3000
frequency 3
ip sla schedule 1 life forever start-time now
ip sla responder
event manager applet Failto-secondary-tunnel
event track 1 state down
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface tunnel0"
action 1.3 cli command "shut"
action 1.4 cli command "tunnel source Ethernet0/1"
action 1.5 cli command "no shut"
action 1.6 cli command "exit"
action 1.7 cli command "ip route 0.0.0.0 0.0.0.0 <backup next-hop ip>"
action 1.8 cli command "ip route 0.0.0.0 0.0.0.0 <Primary next-hop ip> 10"
action 1.9 cli command "end"
event manager applet Comeback-primary-tunnel
event track 1 state up
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface tunnel0"
action 1.3 cli command "shut"
action 1.4 cli command "tunnel source Ethernet0/0"
action 1.5 cli command "no shut"
action 1.6 cli command "exit"
action 1.7 cli command "ip route 0.0.0.0 0.0.0.0 <Primary next-hop ip>"
action 1.8 cli command "ip route 0.0.0.0 0.0.0.0 backup next-hop ip> 10"
action 1.9 cli command "end"
Hope that helps -
ince updating my firefox browser whenever i click on an internet link in an email it does not open on firefox athough my mac switches to the firefox window as i have this set to be my default browser- what should i do?
I have the same problem, and I also wondered if Google toolbar has anything to do with it. There GMAIL was set as the default mail application at first. I have removed that setting, but Firefox 4.0.1 continues to use GMAIL instead of Outlook which is my selection for mailto handling.
-
Transferring library to 2nd computer with no internet access
I am trying to transfer my iTunes library to a 2nd compter (Media Center) in another room. The purchased music won't play because of authorization issues. Since my second computer is not internet linked, how do I authorize it for play?
i "Doing it once has no effect thiat I can hear."
Most likely it is a case of your audio sensitivity and depth of listening - not a technical issue. The audio quality loss is a matter of fact due to re-sampling loss. Consider yourself 'lucky' that you do not (or cannot) notice the difference.
I find the typical AAC/128 format fairly thin to begin with - especially when compared to the higher bit rate &/or Lossless formats. Transcoding a 128kbps file is very noticeable to me.
As the technology of the iPods, headphones and encoding improves, more people may start to notice the 'limitations' of the lower bit rate formats.
Maybe you are looking for
-
I tried to type in details but unable to do so. we lived in a gated apt buildings in Hi with 24-hour security guards and cameras. This false sense of security led us to foolishly leave the computer on all the time, not log off even when out shoppin
-
Shared Office 365 calendars not showing up in iCal
We are using Microsoft's Office 365 and have users with a variety of devices and applications (Mac/iCal/Mail, Windows/Outlook, iPhone, Android, etc.). I am the administrator of the Exchange accounts. I have created four calendars that are viewable by
-
where can i download a working version of Facetime. I was having problems with mine and I deleted it. Now it won't let me re-install it from the app store.
-
I am on 11.2.0.1 on RHEL Linux 5.6 and on Standalone single instance Grid Infrastructure , lets say i want to apply a patch, assuming this patch needs a shutdown of all components, So apart of Database instance and Listener running from grid home, wh
-
Can I use third party DAQ boards with Labview real time?
I have an Adlink DAQ 2010 card that I curently use with labview. Will this card also work with Labview real time? What requironments are there for 3rd party cards to work with Labview real time? Thanks!