I am looking at setting up DMVPN backup for our WAN. The most likely scenario would be dual hub / dual cloud. I've deployed single-hub DMVPNs before without difficulty and I understand the overall concept of dual hub. One thing I have a question on, though. In every example I have seen the two hub routers always share a single backend LAN connection between them. In my particular case this is not too workable, since the two hubs will be at different physical locations (one at the main datacenter and one at the backup datacenter.) Is there a specific reason that this backend LAN connection is shown as being on the same segment at both hubs? What are the implications if the two hubs do NOT share a LAN segment this way?
In our setup all traffic would ideally go to the primary datacenter. In other words, if the primary hub was down but the primary datacenter was otherwise unaffected, we'd still want the backup traffic to ultimately make its way to the primary datacenter. The only time the backup datacenter would be used is if the entire primary datacenter was down.
To clarify, there will be internal routing between the datacenters, so the two hubs would be able to "see" each other via the internal WAN. They just would not literally both have an internal LAN interface on the same segment (unless we extended a segment with OTV between the datacenters, but that seems like overkill.)
Thanks in advance,
Have you referred to the following document yet? http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html#dualhubdual
I think the hard part would be to get the routing correct to have Hub2 route traffic over the internal WAN link (assuming you have same setup as mat_rouch) if Hub1 is down. Adjusting the OSPF cost (assuming you use ospf) to have backup site less preferable along with the delay mentioned in the cisco doc should be able to handle that.
I've read it, thank you. In my case it is ph1 with ptpgre on spokes and eigrp with delay for backup hub. There must be another pair of routers for hardware redundancy in my opinion.
What do you mean? Are you saying an extra pair of routers for the Hubs? Like having 4 Hubs total, 1 pair for primary DMVPN tunnel and 2nd pair for backup DMVPN tunnel? You'd have to play with the off-set list in EIGRP to assign whats primary and backup. This may be quite tricky if you're working off of 2 pairs of Hubs.