Dual-DMVPN with Dual Hubs

Similar Messages

• DMVPN Dual Hub

  Hello
  I have one Hub Router 2901 with 2 Internet Provider whichare connected by 2 off. IP`s. If the primary connection goes down the router switch to the second connection on the wan interface. This works perfect.
  Now my problem.
  I have 4 Spoke-Router 881 3G wichshould be connected by DMVPN with the Hub. DMVPN works perfect on the primary connection. If the primary connection goes down and the second (backup) on. DMVPN is down. 
  is ist possible to connect the tunnel interface to 2 adresses? If i insert a 2nd ip nhrp map und ip nhrp multicast i cannnot send any data over the Tunnel.
  thanks for help !!!
  interface Tunnel1
  description DMVPN zu ASCOM-HUB1
  bandwidth 100000
  ip address 10.100.0.1 255.255.255.0
  no ip redirects
  no ip proxy-arp
  ip mtu 1400
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  ip nhrp authentication NhrP-K3y
  ip nhrp map multicast XXX.XXX.XXX.XXX
  ip nhrp map 10.100.0.250 XXX.XXX.XXX.XXX
  ip nhrp network-id 1
  ip nhrp nhs 10.100.0.250
  ip nhrp registration no-unique
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip verify unicast reverse-path
  ip tcp adjust-mss 1360
  keepalive 10 3
  tunnel source FastEthernet4
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

  Hello
  Thanks
  I have 2 differend ISP`s with differend Ip`s.
  So i insert a small photo how it looks like. The orange VPN`s work fine but if the Telekom crash and the hub switch to UPC the DMVPN is not working.
  Here is the config from the hub.
  So is it possible to insert more than one ip nhrp map address?
  Thanks
  interface Tunnel0
  description HUB1-DMVPN
  bandwidth 1000000
  bandwidth inherit
  ip address 10.100.0.250 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1400
  ip verify unicast reverse-path
  ip authentication mode eigrp 1 md5
  ip authentication key-chain eigrp 1 EIGRP1-key
  no ip split-horizon eigrp 1
  ip nhrp authentication XXXXXX
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  ip nhrp holdtime 300
  ip nhrp shortcut
  ip nhrp redirect
  ip virtual-reassembly in
  ip tcp adjust-mss 1360
  delay 10
  keepalive 10 3
  cdp enable
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 2
  tunnel path-mtu-discovery
  tunnel protection ipsec profile DMVPN

• Dual-DMVPN Design with Dual Hubs on a single router ??

  Hi All,
  In DMVPN, in Dual-DMVPN Design with Dual Hubs , can a single router perform the role of dual hubs.
  The router has two different internet links. It is intended that when one link goes down, spokes shud connect to the same router onto the other active internet connection. Is this possible ?

  Since no one has answered yet, I'll give you the practical answer.
  You'll have issues with IPSec and static routing. "DMVPN" itself probably wouldn't have an issue, but it would depend on IPSec and routing to work.
  It is easier, by far, to put in a second router. And when you factor in your time to try to make it work (and it may not work), the second router is less expensive.
  Rob

• Dual cloud dual hub single tier dmvpn with backup service provider

  Hi,
  I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
  The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
  Is there a guide for this case?
  What is the best practice in this case?
  Thanks in advance,
  Mladen

  Dynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
  My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
  I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
  I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface.

• DMVPN DUAL HUB SINGLE CLOUD CONFIGURATION EXAMPLE

  Hi,
  I am looking for a simple configuration for a dmvpn network running eigrp with two hubs on a single cloud.
  Do i just create two nhs entries, nhrp map entries, and two multicast entries on the spoke router tunnel interfaces?  And on the hub routers add a delay on the tunnel interfaces for the one i prefer to be the secondary?
  I am looking for confirmation and any other tweaks i need to make. i cant seem to find any examples.
  Thanks in advance!!

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• Dual hub with one hub :-S

  Hi,i know the title is absurde .
  that is my topology :
  there are two links between router R1 (Hub) and router R4 (ISP) :
  The primary DMVPN cloud should be with the primary link (150.0.0.0/24)
  The secondary DMVPN cloud should be with the secondary link (150.0.1.0/24)
  the HUB must have one tunnel interfaces for each physical interface,so we need two tunnel interfaces .
  If i choose Dual  hub dual dmvpn cloud that mean that  i must have two tunnel interfaces for each spoke.
  If i choose Dual  hub single dmvpn cloud that mean that i must have just one tunnel interface for each spoke.
  the Hub must always use the primary link,to reach spokes1 (we are in the primary DMVPN cloud).
  but if the primary link goes down the second must be used by the hub and we move to the second DMVPN cloud .
  the ISP should use the secondary link only if the primary is down .
  a default route should be configured on the ISP to reach Internet.
  Is this possible (correct) ?,if yes :
  which model is the best : dual hub dual dmvpn cloud or dual hub single dmvpn cloud?
  how can i configure the ISP to use the secondary link only if the primary is down?
  if we have two hubs,how/why  the spokes prefer the primary hub?
  in this situation: how the spokes will prefer the primary DMVPN cloud (the primary Link)?

  You should. Both drives should show up if you press F12 at the ThinkPad POST screen (along with other attached bootable media).
  W520: i7-2720QM, Q2000M at 1080/688/1376, 21GB RAM, 500GB + 750GB HDD, FHD screen
  X61T: L7500, 3GB RAM, 500GB HDD, XGA screen, Ultrabase
  Y3P: 5Y70, 8GB RAM, 256GB SSD, QHD+ screen

• Different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  please explain
  different between Dual hub-dual DMVPN cloud Vs Dual hub-single DMVPN cloud

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• Configuration Dual HUB Dual Dmvpn

  Hi Dears
  i configurate simple  DMVPN on my network. Now i want to configurate Dual HUB Dual DMVPN.
  i can not find any good configuration documentation how config that.
  please provide me a link or any pdf fot configuration DUal HUB Dual Dmvpn .
  thanks.

  Thanks Paul, I have looked over this design guide as this was the fist place i went.  however, i cannot find a configuration example for dual hub/single cloud.
  i see the high level design and know you can do it.   but it doesnt show what the configuration would look like...unless i am just reading over it.
  Thanks

• DMPVN Dual Hub Configuration

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

  In the DMVPN design guide it is stated that in a dual hub configuration one hub should be set as the primary via EIGRP metrics. Is there a reason for this? Why can't both routes act as successors so that load-balancing can take place. The only thing I can think of is that it could cause problems with spoke-to-spoke communication.
  Can someone shed some light on this?

• DMVPN phase 3 migration with Central hub

  I am looking at migrating my phase 2 DMVPN network to phase 3. The current network contains 3 regional hubs each serving approx 100 spokes. The end goal is to be able to build spoke to spoke tunnels between sites that are homed to hubs in different regions. I understand from reading the document "Migrating from Dynamic Multipoint VPN Phase 2 to Phase 3" that phase 3 regional hubs can be linked in a heirarchy via a cental hub but there is no detail in the doc and I have not been able to find a white paper that deals with this specifically. Does anyone have experience with this topology or have documention that deals with central hub configuration and deployment?
  Regards,
  Mike

  Mike,
  Might be a good idea to run this by your SE.
  In general phase 3 design with phase 3 images you need to remember you will follow routing for NHRP, i.e. if you summarize properly you will scale pretty decently (with or without regional hub).
  What are the benefits of phase 3 design comapred to phase 2 design that you're trying to achieve?
  Marcin.
  P.S. If we're talking about same migtation document
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/prod_white_paper0900aecd8055c34e_ps6658_Products_White_Paper.html
  it's an un-maintained marketing document, all our efforts to correct some of the problems there (ip ospf network point-to-multipoint for example) so far have not come to fruition.

• Open Hub: How-to doc "How to Extract data with Open Hub to a Logical File"

  Hi all,
  We are using open hub to download transaction files from infocubes to application server, and would like to have filename which is dynamic based period and year, i.e. period and year of the transaction data to be downloaded. 
  I understand we could use logical file for this purpose.  However we are not sure how to have the period and year to be dynamically derived in filename.
  I have read in sdn a number of posted messages on a similar topic and many have suggested a 'How-to' paper titled "How to Extract data with Open Hub to a Logical Filename".  However i could not seem to be able to get document from the link given. 
  Just wonder if anyone has the correct or latest link to the document, or would appreciate if you could share the document with all in sdn if you have a copy.
  Many thanks and best regards,
  Victoria

  Hi,
  After creating open hub press F1 in Application server file name text box from the help window there u Click on Maintain 'Client independent file names and file paths'  then u will be taken to the Implementation guide screen > click on Cross client maintanance of file name > create a logical file path by clicking on new entiries > after creating logical file path now go to Logical file name definition there give your Logical file , name , physical file (ur file name followed by month or year what ever is applicable (press f1 for more info)) , data format (ASC) , application area (BW) and logical path (choose from F4 selection which u have created first), now goto Assignment of  physical path to logical path > give syntax group >physical path is the path u gave at logical file name definition.
  however we have created a logical path file name to identify the file by sys date but ur requirement seems to be of dynamic date of tranaction data...may u can achieve this by creating a variable. U can see the help from F1 that would be of much help to u. All the above steps i have explained will help u create a dynamic logical file.
  hope this helps u to some extent.
  Regards

• Extract Data with OPEN HUB to a Logical Filename

  Hi Experts,
  Can anybody help me in sending the link for How to guide...Extract Data with OPEN HUB to a Logical Filename?
  Thanks in advance.
  BWUser

  Hi,
  check this links...
  http://searchcrm.techtarget.com/generic/0,295582,sid21_gci1224995,00.html
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/e698aa90-0201-0010-7982-b498e02af76b
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1570a990-0201-0010-1280-bcc9c10c99ee
  hope this may help you ..
  Regards,
  shikha

• Need help to import and syncronize HCM pagelets with Interaction Hub, how can I do that?

  Hi,
  I need help to import and synchronize HCM pagelets with Interaction Hub, how can I do that? The default page "Select Remote Content" of the WorkCenter "Unified Navigation WorkCenter" is not working as well, when I run the import/sync button I get the following error message:
  Integration Gateway: General Connection Failed (158,10836)
  This error is thrown when there is no valid response.
  Possible errors include:
  Bad gateway URL
  Sync Service Timeout set and Service actually timed out.
  Java exception thrown - Check Application Server for possible Java exception

  Do you have integration configured between the two systems?  It sounds like you don't from the error.  Here is a walk-through on setting up Unified Navigation although it assumes you have integration already working.  If you haven't done that, it's documented a hundred different places.
  http://remotepsadmins.com/2013/03/04/peoplesoft-unified-navigation-with-peoplesoft-applicatations-portal-interaction-hub/

• Need help with open hub

  Hi eveybody,
           I was trying to wok with open hub. Created infospoke, destination i gave was a csv file named d:/openmara.csv path, saved and activated the info spoke. I went to d:/ to view the uploaded files, two file was created, when i try to open a file it says "unable to read" , when i tried to open the second one i could open the file and see some datas but not in a correct format, why is that?
  Then i tried to load the data in database, so in the infospoke i selected the option for destination as database,saved and activated the infospoke, now where should i go to see the uploaded datas physically?
  Could anyone help me with this.
  Thanks,
  RR.

  Hi,
  Thanks for the reply. I created a infospoke and destination was database option. Opened the se16 gave the table name which starts with /bic/....(please correct me if i am wrong),then the initial screen of se16 came up with all the fields , but when i executed it, the table is empty.Could you say why it is happening.
  Thanks,
  RR.

• Export data from BW to oralce with open hub service.

  Hi Dear all,
  When I tried to export data from BW to oralce with open hub service. There is no available RFC destination for this oracle system. That means i need to create a RFC destination for the oracle server.
  How can i achive this, in SM59? But U don't know much how to configure this. Is there any expert can help me there?
  Kevin

  Hi kevinhuang  ,
  RFC connection.......... You can check in SM59 tcode...Double click on the the desired Source system
  or
  RSA1-->Source systems and then right click on Source system and Check
  To test RFC connection...RSA1 ....Source system....... Right click on desired source system >> Connection Parameter.....Test connection
  Pls go thru this links,
  http://help.sap.com/saphelp_nw70/helpdata/EN/43/79f902dfb06fc9e10000000a1553f6/frameset.htm
  BI Open Hub Destination and data transfer process setup
  http://www.ibm.com/developerworks/data/library/techarticle/dm-0802li/index.html
  Hope this helps U.
  Regards
  Chandra Sekhar
  Edited by: Chandra  Sekhar T on Apr 21, 2009 3:36 PM

• Usb laser printing, HD's with integral hubs, and open doors to network?

  Bought a N capable base station and an airport express this week as I have multiple minis and a macbook and wish to put my itunes onto a central drive and use wireless printing.
  Spent an “interesting” evening last night setting up, and I seem to have worked out how to use itunes via aliases etc.
  But – when I try to print, the dialogue box comes up, the laser printer (Samsung 2550) starts up, but fails to print.
  My set up is as follows – Iomega 320gb mini HD (powered) plugged into the USB on the base station and then the laser and my inkjet plugged into the USB sockets on the HD (its one of those which has an integral USB and FW hub built in).
  Now, as it was very late in the evening, I didn’t do any more trouble shooting, but am intrigued as to why the printer would not print. The log says that the print job has been completed, but nothing comes out. I disconnected the printers from the hd hub and then disconnected the HD. I then plugged the printer directly into the base station, but it still doesn’t work.
  Annoyingly enough, the printer worked fine the previous night when I was using it with the usb on the airport express alone (hadn’t bought the base station at this point).
  The computer(s) “see” the laser printer without difficulty, so I see no reason why it should not print using the base station.
  One thing which occurs to me is to plug a powered USB hub into the base station, and then separately plug the HD and the Laser into sockets on this hub, rather than using the integral hub of the HD. Again, I cant see why this should be necessary but I’ll give it a try.
  Any thoughts re this?
  One Last Thing…
  The main reason for buying the kit is to cover a “weak spot” in the house for wifi. Hence the idea was to connect my modem/router via Ethernet to the base station, and then use the airport express as a WDS to effectively re-broadcast the signal and hopefully provide maximum signal strength throughout the house.
  My question is – having used the airport utility to do this, am I right in presuming that the airport express then becomes effectively “invisible” and hence when I use my mini in the weak spot to log onto a network via airport, I should only see the SSID of my main base station (although in reality I will be accessing it via the airport express). I think this must be right because when I added the airport express the signal strength in the weak area of the house went to the max.
  My base station uses WAP protection but I don’t appear to have any protection set up on the airport express (which I realise is a router in its own right). Do I need to add protection to the airport express to prevent access to my overall network? In otherwords, is an unprotected airport express acting as a WDS, effectively an open back door to the network? Would a neighbour etc be able to pick up my network SSID being broadcast by the airport express and log onto that without the WAP password?
  Finally what is the difference between the airport express being a remote or a relay station. I would have thought that to act as a network extender, it should be set to relay, but the default appears to be remote. The Apple help sections don’t appear to distinguish between functionality, merely state the options.
  Any help/advice gratefully accepted
  Airport extreme, mac minis    

  I then plugged the printer
  directly into the base station, but it still doesn’t
  work.
  You need to get this to work first. Otherwise forget it to work with a Hub. Turn the printer on FIRST. Then turn on the base station.
  One thing which occurs to me is to plug a powered USB
  hub into the base station, and then separately plug
  the HD and the Laser into sockets on this hub, rather
  than using the integral hub of the HD. Again, I cant
  see why this should be necessary but I’ll give it a
  try.
  Direct connection and powered USB Hub are the only supported configurations by Apple. I've had no problem with attaching up to 7 separate devices on a $20 powered hub. Having a "integrated hub" like you describe may theoretically work, but it is not the same thing as a separate hub.
  My question is – having used the airport utility to
  do this, am I right in presuming that the airport
  express then becomes effectively “invisible” and
  hence when I use my mini in the weak spot to log onto
  a network via airport, I should only see the SSID of
  my main base station (although in reality I will be
  accessing it via the airport express).
  If you use WDS or "extend" the network, all base stations will still broadcast the SSID.
  My base station uses WAP protection
  You must mean WEP or WPA. There is no WAP protection.
  but I don’t
  appear to have any protection set up on the airport
  express (which I realize is a router in its own
  right). Do I need to add protection to the airport
  express to prevent access to my overall network? In
  other words, is an unprotected airport express acting
  as a WDS, effectively an open back door to the
  network? Would a neighbor etc be able to pick up my
  network SSID being broadcast by the airport express
  and log onto that without the WAP password?
  Yes, even if you turn SSID broadcast off, the SSID is broadcasted during the transactions and it will be easily detected using iStumbler. An yes you are letting a nice open back door for your neighbors.