Best Network Design for Remote branches and HUB

ciscobigcat · ‎06-08-2011

I need some help with a design project. What is the best approach for a network that has 100+ branches around the world and only one headquarter (main office)? In the main office, I have a single ASA 5510, lots of 2950s, one 3750, one 6503 chassi and 6 2811s.

This is what needs to be accomplished:

A VPN system where all the branches communicate to HUB and keep a site-to-site tunnel up at all times with the HUB
Currently, there is no need for branch to branch communication however I'd like the design to be scalable in case needs arises in the future so this way, making the branches talk to each other would be seamless and non-interruptive
I'd like to have the branches with as minimum configuration as possible.
The devices we have at branches are routers, ASAs, PIXs and concentrators.
Some branches have single router with dual ISPs and some branches have 2 routers with one ISP in each.
some branches are behind a dynamic ISP connection, meaning that their public IP address will be changing.
Some branches, there are cisco edge devices that we do not control, thus I'd like to design a HUB VPN network in such a way that would just make me give those guys very minimum configuration statements.
There are 3 subnets that ALL branches must have access to. If one of them changes, I'd like this change to propagate automatically to all peers without the need of me going into every single branch device and making the change manually.

thank you in advance

Giuseppe Larosa · ‎06-08-2011

Hello,

DMVPN could be a good fit for your needs but you need two more powerful routers at the HQ to act as HUB routers, you can daisy chain hubs partitioning the branches but even with 6 2811 I don't know if you can cover 100 branches

see

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html

see scalability chapter results for unicast traffic

Hope to help

Giuseppe