DMVPN/Routing solution for 190 remote branches

surajgovindan1 · ‎05-26-2013

Dear all,

I do have a query related to DMVPN.

I have a plan to connect my 190 remote branches to my H.Q.

my primary link from 70 branches are ADSL and would like to have 3G as secondary/backup link and i have identified Cisco 886 router at remote branches.

there are almost 120 locations where i do not have ADSL link available in this case in these locations my primary link will be 3G and would like to have PSTN dialup as secondary/backup link. I could not find router which has both these features and thought of going with Cisco 1900 series with 3G modules.

can anyone help me here by suggestng the right router?

at the H.Q im planning to have a 3925 with advanced enterprise IOS, here can you help me with which IOS i need to quote?

Since there are multiple products i do not want to go with EIGRP, do you think OSPF will be a GOOD option here, as i have mentioned clearly i only have certain data which needs to flow from remotre branch to H.Q, a pure HUB-SPOKE topology.

please let me know what everyone has to say in this scenario. may be i will get better ideas.

Thanks.....

SG

Karsten Iwen · ‎05-26-2013

Some ideas / things to consider

For the router you need the security-license. With that you can do all you need for DMVPN.
For a new deployment I would consider not to use DMVPN, but the newer FlexVPN.
The 1900 would also be my choice for your 3G locations.
For your environment OSPF would be a little more complex then EIGRP, but still a good solution.
If you go with DMVPN, consider watching the DMVPN-Webinars from Ivan Pepelniak (http://www.ipspace.net/DMVPN_trilogy). Lots to learn there about DMVPN, but they are not free.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

surajgovindan1 · ‎05-26-2013

Hi Karsten,

Thanks for the response.

in nutshell could you share how Flex VPN is superior or more flexible than DMVPN?

Regards,

SG

Karsten Iwen · ‎05-26-2013

I wouldn't say that it is really superior because with both you will achieve your goal. But FlexVPN is the successor to DMVPN and a couple of other VPN-technologies. And with that it's the way to go for new deployments.

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-intro-ikev2-flex.html

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

pamirian76 · ‎05-26-2013

I used the hub and spoke model (dmvpn) with 1200 spokes no issues it can scale to around 3000 spokes.

my 2 hubs are asr routers and spokes are 1811 but moving to 891 soon. the 891 series can do dsl and dialup... I THINK there is a version of 891 that can do LTE, I don't know aobut 3G.

19xx series can do what you ask because you can add modules.

your 3925 should do the job just fine unless your spokes are resource intensive.

and yes you can do routing on dmvpn, actually I'm connecting each spoke to both hubs and controlling THE path with eigrp, it works great. this way if 1 hub fails all spokes will use the other path to me. I give to my spokes (stores) 1 subnet, it's the only subnet they need to access so I don't give them a default route to me but just the 10.x.x.x subnet they will need to have access to.

surajgovindan1 · ‎05-26-2013

Hi Pamirian,

Thanks for your response too.

At the spoke side i have selected Cisco C886 router which has ADSL and 3G options. here i will be using ADSL as primary link and 3G as backup.

i have certain locations may be around 80 or 90 where ADSL is not available , here 3G will be the primary link and i would like to have PSTN dialup as backup link.

at the HUB side i have considered only 1 router and i have only 1 ISP available who can provide internet leased circuit.

What are your suggestions in this scenario, i havent done such configurations before so would like to know more from you.

how do you foresee the PSTN dial backup in this scenario.

what are the possible challenges in routing ?

Thanks

SG

Karsten Iwen · ‎05-27-2013

Really only one Hub-router? At least on the Hub I always design with two devices. How much downtime can you allow for your spokes? And what is the cost for a second router compared to the cost of the downtime?

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

surajgovindan1 · ‎05-27-2013

Hi Karsten,

The reson is we only have one ISP to depend on. in this case i'm not sure how effectively i can configure a 2nd circuit and expect redundancy because in most of the cases ISP will provide 2nd link from the same exchange, in this case it really doesnt make sense to opt 2nd link from same ISP.

do you have some suggestions?

Karsten Iwen · ‎05-27-2013

For failures on the ISP-side you hopefully have some SLAs in place. But your HUB-routers are under your responsibility. And there I would plan for redundancy if one router crashes in some way. And that is "just one more box" to buy.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

surajgovindan1 · ‎05-27-2013

Thanks Karsten,

Do you have some sample config's with Dual HUBS or any data sheets?