DMVPN with 3 hubs failover

ittechk4u1 · ‎02-21-2020

Are anyone have sample config with 3 hubs with fail over .

Currently i am using dual hub and it working perfectly.

Spoke to Spoke communication is not required.

I am trying to achieve failover between the 3 Hubs. All the 3 Hubs will have separate Public IPs and all three HUBs are connected vai a VLAN.

Here are my sample config:

HUB1:

interface Tunnel1
bandwidth 80000
ip address 172.31.198.4 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN172
ip nhrp map multicast dynamic
ip nhrp network-id 4
ip nhrp holdtime 300
ip tcp adjust-mss 1360
delay 1000
tunnel source IP1.IP1.IP1.IP1
tunnel mode gre multipoint
tunnel key 4
tunnel protection ipsec profile DMVPN

HUB2:

interface Tunnel1
bandwidth 80000
ip address 172.31.198.5 255.255.255.0
no ip redirects
ip nhrp authentication DMVPN172
ip nhrp map 172.31.198.4 IP1.IP1.IP1.IP1
ip nhrp map multicast IP1.IP1.IP1.IP1
ip nhrp network-id 4
ip nhrp holdtime 300
ip nhrp nhs 172.31.198.4
ip tcp adjust-mss 1360
delay 1500
tunnel source IP2.IP2.IP2.IP2
tunnel mode gre multipoint
tunnel key 4
tunnel protection ipsec profile DMVPN

HUB3:

what should be the config for HUB3 ?

Thanks in advance

Georg Pauwen · ‎02-21-2020

Hello,

EDIT: you can use 1 tunnels on the spoke, map it to all three hubs, and use OSPF priority on the hubs. Which routing protocol(s) are you using ?

ittechk4u1 · ‎02-21-2020

HI Georg,

Thank you.

I am using single cloud with three HUBs.

HUb1 and HUB2 are active....and working normally. Now i want to add HUB3 in this topology/in same cloud.

What should be the config on HUB3 so that failover works correctly.

Georg Pauwen · ‎02-21-2020

Hello,

here is the config. On the spoke, make sure you add a mapping for the third hub:

HUB_3

interface Tunnel1
bandwidth 80000
ip address 172.31.198.6 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN172
ip nhrp map 172.31.198.4 IP1
ip nhrp map multicast IP1
ip nhrp network-id 4
ip nhrp holdtime 300
ip nhrp nhs 172.31.198.4
ip tcp adjust-mss 1360
delay 2000
tunnel source IP3
tunnel mode gre multipoint
tunnel key 4

SPOKE

interface Tunnel1
ip address 172.31.198.7 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN172
ip nhrp map 172.31.198.4 IP1
ip nhrp map 172.31.198.5 IP2
ip nhrp map 172.31.198.6 IP3
ip nhrp network-id 4
ip nhrp holdtime 300
ip nhrp nhs 172.31.198.4
ip nhrp nhs 172.31.198.5
ip nhrp nhs 172.31.198.6
ip tcp adjust-mss 1360
tunnel source IPx
tunnel mode gre multipoint
tunnel key 4

ittechk4u1 · ‎02-21-2020

Thanks

after this setup i have an issue about HUB priority in Spoke:

my config on spoke:

Spoke:

interface Tunnel1
bandwidth 20000
ip address 172.31.198.51 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN172
ip nhrp map 171.31.198.4 IP1.IP1.IP1.IP1
ip nhrp map multicast IP1.IP1.IP1.IP1
ip nhrp map 172.31.198.5 IP2.IP2.IP2.IP2
ip nhrp map multicast IP2.IP2.IP2.IP2
ip nhrp map 172.31.198.27 IP3.IP3.IP3.IP3
ip nhrp map multicast IP3.IP3.IP3.IP3
ip nhrp network-id 4
ip nhrp holdtime 300
ip nhrp nhs 171.31.198.4 priority 2 cluster 4
ip nhrp nhs 171.31.198.5 priority 1 cluster 4
ip nhrp nhs 171.31.198.27 priority 3 cluster 4
ip nhrp nhs cluster 4 max-connections 3
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 4
tunnel vrf ISP1
tunnel protection ipsec profile DMVPN

HUB "171.31.198.4 " has the highest priority in cluster but still all traffic(Default route ) is going over HUB2"171.31.198.5 " why ?

Thanks

Georg Pauwen · ‎02-21-2020

Hello,

priority 1 is higher than priority 2, and 3 is lower than 2. Change the priorities accordingly. Also, the IP addresses start with 171, shouldn't that be 172 ?

ip nhrp nhs 171.31.198.4 priority 2 cluster 4 --> middle
ip nhrp nhs 171.31.198.5 priority 1 cluster 4 --> highest
ip nhrp nhs 171.31.198.27 priority 3 cluster --> lowest