Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
975
Views
0
Helpful
3
Replies

F5 load balancing of DMVPN Tunneling

djeffries
Level 1
Level 1

‎12-10-2015 11:00 AM - edited ‎03-05-2019 02:54 AM

I am looking to scale our DMVPN Architecture. Currently we have ASR1002-X Hub router (which can only handle approx 3K DMVPN Tunnels on a single chassis). To scale to 10K spoke routers in the field, I was thinking I can use an F5 load balancer in front of a group of ASR1002-X routers. My question is...1) can this even be done?...and 2) is there any configurations (HUB-1, HUB-2, HUB-3 & SPOKE-1) online I can use as a starting point?

I guess my concern is how the HUB routers behind the F5 are configured. The spoke will be configured with a single primary DMVPN Peer IP and A Tunnel IP and also a secondary DMVPN Peer IP and A Tunnel IP.

Any help would be greatly appreciated.

Labels:
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎12-10-2015 12:41 PM

All the Hub rservers will need the same configuration to terminate all the possible spokes out there. IMO, as much as I love the F5's, I would design it w/o them. Could you design your WAN with a distributed model? Smaller sites connect to regions who then connect back to HQ? What about running multiple hubs with others providing backup in case of failure? Or configuring GLBP and letting it spread connections across your hubs?

0 Helpful

djeffries
Level 1
Level 1
In response to Collin Clark

‎12-10-2015 04:37 PM

Thanks for the quick reply - Given the first statement, which is what I was expecting, my focus is on how to configure the tunnel interfaces on HUB-1 and HUB-2. For example; would the IP Address of the tunnel interface on HUB-1 be configured exactly the same as the tunnel interface on HUB-2 (using the same exact IP Address on the tunnel interface)? Just looking for clarification. If there is a basic configuration example of a spoke and HIB-1 and HUB-2 would be nice.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to djeffries

‎12-11-2015 07:09 AM

The two hubs can either be in the same DMVPN cloud or they can each be in their own. Either way, each would have their own IP addresses. The spokes would have the configuration of both hubs in their config. I'll see if I can dig up some examples. Check this link too-

http://d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKSEC-4054.pdf

0 Helpful
Customers Also Viewed These Support Documents