Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2369
Views
0
Helpful
8
Replies

DMVPN/IWAN with 4G Backup

Go to solution
de1denta
Level 3
Level 3

‎10-13-2016 09:21 AM - edited ‎03-05-2019 07:16 AM

Hi All,

 

Does anyone know if it’s possible to deploy a DMVPN spoke router with a primary DSL connection and 4G backup? We are looking for a solution for a client that has branch offices with unreliable connectivity and would like to ensure that the tunnel is automatically re-routed over the 4G interface in the event that the DSL interface is down. We are currently looking at Cisco 890 series routers for the spoke sites to acheive this.

Many thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
WILLIAM STEGMAN
Level 4
Level 4
In response to de1denta

‎10-18-2016 11:46 AM

You shouldn't have any issue running IWAN enabled branches and non-IWAN enable branches off the same hub Internet router.  That's typically how you might migrate spokes over for example, some are running simple DMVPN while others are running DMVPN with IWAN.  And yes, you can create a 2nd tunnel interface on the hub that uses the same source interface hosting your Internet connection without issue.  You'll want to use a different key id for each tunnel interface.

you're welcome, good luck.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
WILLIAM STEGMAN
Level 4
Level 4

‎10-14-2016 09:40 AM

I think this can be broken into 2 different issues/questions.  

Can you use 4G as a transport for DMVPN?

You can employ DMVPN across any transport as long as you have IP connectivity between nodes.

In this case you're transport is the Internet using two different source interfaces, in which case you'd create two different tunnel interfaces with two different source interfaces at the spoke, likely having one DMVPN hub router at the other end of the tunnel with two different tunnel interfaces using the same source interface.

http://www.cisco.com/c/en/us/support/docs/security-vpn/dynamic-multi-point-vpn-dmvpn/119022-configure-dmvpn-00.html

 

The other part of your post mentions IWAN, which would be different since a 2nd hub router would need to host the 2nd transport, assuming your design would include spokes that have a mix of MPLS and broadband as their transports, this becomes a challenge.  Is this your situation?

If not, and you're using broadband for both transports, then no problem, you just define each hub as the corresponding path and  preference is controlled by you defining the preferred path in your IWAN configuration at the master controller.  For example, 

class VOICE sequence 10
match dscp ef policy voice
path-preference WAN-1 fallback WAN-2

where WAN-1 is your DSL connection in this case and 4G is is WAN-2.  

WAN-1 and WAN-2 can be completely different transports on a different router, i.e. MPLS and broadband, since you define the name under your tunnel interface.

int tu10

  tunnel source "interface hosting transport connection"

  tunnel vrf WAN-1

 

0 Helpful

Go to solution
de1denta
Level 3
Level 3
In response to WILLIAM STEGMAN

‎10-18-2016 03:56 AM

Hi,

Thank you for the response.

Its going to be a mix of transport and IWAN/DMVPN I think. This is my scenario:

We have a single datacentre with a single MPLS link and resilient internet links. There are ~ 10 large branch offices. We will have 2 x IWAN hubs (one for MPLS and one for internet) in the DC and 2 x IWAN spoke routers in each branch office. We are happy with this design.

We also have a large number of smaller offices that will have DSL and 4G connectivity as I described in my first post. To provide IWAN functionality for these sites, I assume that we can build a tunnel over the DSL connection to the IWAN internet router but what do we do about the 4G connection? Can this use a separate tunnel interface on the IWAN internet router or will we need to provision a 3rd IWAN hub dedicated for 4G?

Thank you

0 Helpful

Go to solution
WILLIAM STEGMAN
Level 4
Level 4
In response to de1denta

‎10-18-2016 07:54 AM

Not to muddy the water too much, but will/does your 4G connection lead to an MPLS network, or is it using the Internet?  There are options for Service Providers to offer MPLS over 4G.  In that case, there wouldn’t be an issue since you could have two different transports leading to two different hub routers. 

Is your 4G using Internet?  If so, do you want to load balance on only the spoke side, or are you looking to load balance on the spoke side with 2 ISPs and the hub side with 2 different ISPs?

0 Helpful

Go to solution
de1denta
Level 3
Level 3
In response to WILLIAM STEGMAN

‎10-18-2016 08:37 AM

Hi,

The 4G will use internet so each spoke will have 2 internet connections, one via DSL and one via 4G. We are looking to loadbalance on the spoke side with PFR to make the most efficient use of the available bandwidth.

0 Helpful

Go to solution
WILLIAM STEGMAN
Level 4
Level 4
In response to de1denta

‎10-18-2016 11:23 AM

I've gone over your scenario a few times, but I can't imagine a way on how you accomplish that.  I can see having different MPLS providers at various branches for example, and using a loopback at your hub as the source for a tunnel since all you need is L3 connectivity between endpoints, which you could accomplish across an MPLS network, but not the Internet. 

In the end you need to have a path defined at the master controller that ties to a tunnel interface.  I don't see how you can have a 3rd transport/path.  Your MC will have a policy with a path preference and a fallback, i.e. mpls and Internet.   Sorry I couldn't give you a better answer.

 

0 Helpful

Go to solution
de1denta
Level 3
Level 3
In response to WILLIAM STEGMAN

‎10-18-2016 11:31 AM

Hi,

Thank you for taking the time to think about this.

If we decide to use the 4G as backup for the DSL internet connections instead then I assume that we can treat the small remote sites as DMVPN only and use the configuration you provided in your earlier post?

http://www.cisco.com/c/en/us/support/docs/security-vpn/dynamic-multi-point-vpn-dmvpn/119022-configure-dmvpn-00.html

If so, can we create the 2 tunnel interfaces on the Internet Hub router even though it its used for iWAN for the large branch offices or should this be seperate?

Thank you

0 Helpful

Go to solution
WILLIAM STEGMAN
Level 4
Level 4
In response to de1denta

‎10-18-2016 11:46 AM

You shouldn't have any issue running IWAN enabled branches and non-IWAN enable branches off the same hub Internet router.  That's typically how you might migrate spokes over for example, some are running simple DMVPN while others are running DMVPN with IWAN.  And yes, you can create a 2nd tunnel interface on the hub that uses the same source interface hosting your Internet connection without issue.  You'll want to use a different key id for each tunnel interface.

you're welcome, good luck.

0 Helpful

Go to solution
de1denta
Level 3
Level 3
In response to WILLIAM STEGMAN

‎10-18-2016 12:01 PM

Thank you so much for your assistance

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card