is it possible with PfR3.0 to build a redundant HUB design ?
We have diffrent regions that we want to interconnect with DMVPN Phase 3 by using Spoke-to-Spoke tunnels.
In all configuration examples i only find that it is possible to use a single Master HUB.
But i think it is not a good idea to have only one single device that is publishing site-prefixes and policies.
Is it also possible to use PfR3.0 in a hirachical HUB design as well ?
All examples from cisco are commonly not build with redundancy or more complex / realistic designs ...
Just found an example with two DC´s and using "Tranit Hub" feature.
Can someone help ?
There is no explicit redundancy protocol built-in in PfRv3, as far as I know.
There is an option to use a cold standby workaround by having a secondary NC running exactly the same PfR configuration but advertising PfR loopbacks as /31 prefixes. In this case if the primary box fails, the routing falls back to the pre-PfR state and then secondary MC rebuilds the TC etc and starts to control the traffic. May take some minutes for PfR to converge on the new MC.
Check out the latest BRKRST-2362 session on Ciscolive365.com
In XE 3.15 they have introduce a transit hub feature that may help you with horizontal scalability across central site as well as creating regional hubs.
Which component are you referring to? The DC? MC? DMVPN Hub?
3.15 introduced some functionality which allows for connectivity to a single provider from two separate routers at the same site. You could implement it this way or simply place an additional hub at a separate site.
My deployment has 2 MPLS Hubs, each at different sites and 2 Internet Hubs, again, each at different sites. With the new code you can theoretically place 2 MPLS Hubs for example at the same site now with the extra Path differentiator used in the channel.
The question was about redundancy for hub Master Controller, which sometimes is reffered as domain controller. So I was referring to hub MC.
Two DMVPN hubs in HQ in my case are central border routers, each of them has MPLS and Internet links. In total 4 WAN links for HQ.
DMVPN spokes are branch MC/BR combined. Typical DMVPN spoke has MPLS and Internet links, some sites have two spokes, hence 4 WAN links.
Indeed in 3.15 there is a path ID feature. Unfortunately there is a nastty bug in 3.15.0, a part of startup config doesn't make it to running config at the time of router startup, clearly showing parser errors on console during startup. TAC SR ID 635423545 in case you are interested. Config sections afected are digital voice dial-peers, NBAR2 custom app definitions and some others. Platforms affected at least for our customer are ASR 1000 and ISR 4000. So we are waiting for 3.15.2 or maybe 3.16 with the fix. Commit window fo r3.15.1 was closed at the time we discovered the problem.
Hello. Let me put a note here for anybody, who would find this article later.
If you want a redundancy for master hub role, then it may be achieved in three ways:
Transit site feature helps you in following cases (per http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfrv3/configuration/15-mt/pfrv3-15-mt-book/pfrv3-transit-site.pdf):
Also could you let me know what are your requirements for H-DMVPN?
PS: scalability could be a primary challenge if you design a big PFRv3-enabled network, as largest verified scale is 2000 branches.