02-07-2018 11:12 AM - edited 03-05-2019 09:53 AM
I'm reviewing the architecture of a two Datacenter IWAN deployment and realized we have a master transit router in the mix. I had previously thought that we only needed a backup hub master controller in our second datacenter, so when the primary failed we could still provide policy decisions to our branch sites.
The terminology of a transit site is extremely confusing. Several documents indicate transit sites are required in this topology , but don't actually say -what they do-. In my likely wrong understanding, a transit site would be where a branch would "transit" to another site, but that is not the case as we have DMVPN Phase 3 working. All branch sites should be able to query for a remote site and form a tunnel directly to it.
I guess I'm trying to figure out whether this additional router is necessary. It would seem to me that the border routers at this second datacenter need to connect back to a master at the same site, but since the redundant master controller is not "in use" until the primary fails, they need to get their policy decisions from somewhere local rather than somewhere far away.
So what is the purpose of a transit site?
Can a redundant hub master controller also be a master transit router?
For example this document seems to indicate that there is MC2 in your second datacenter which is also called out as a transit, but in my case I have a standalone transit router and a standalone mc router.
https://asbtechblog.wordpress.com/2017/04/18/adventures-in-iwan-part-2-intelligent-path-control/
Solved! Go to Solution.
03-01-2018 05:36 AM
Hello.
Transit site feature was developed to address design requirements of having backup/secondary data center.
"Transit site" basically a site, that MAY be a transit point for traffic flowing from one site to another. So, a DMVPN Hub router must belong either to primary Hub or to a transit site.
The major result of having MC (Transit site) on secondary DC is:
The major drawback of NOT having transit site is that Hub MC would see ALL BRs (in both DCs) as potential exit points, so may move traffic between them, unexpectedly loading inter-DC link.
***
Q: Can a redundant hub master controller also be a master transit router?
A: MC on transit site can't be a backup of primary Hub MC.
03-01-2018 05:36 AM
Hello.
Transit site feature was developed to address design requirements of having backup/secondary data center.
"Transit site" basically a site, that MAY be a transit point for traffic flowing from one site to another. So, a DMVPN Hub router must belong either to primary Hub or to a transit site.
The major result of having MC (Transit site) on secondary DC is:
The major drawback of NOT having transit site is that Hub MC would see ALL BRs (in both DCs) as potential exit points, so may move traffic between them, unexpectedly loading inter-DC link.
***
Q: Can a redundant hub master controller also be a master transit router?
A: MC on transit site can't be a backup of primary Hub MC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide