We are planning to implement DMVPN (phase 3) through internet to connect 100 plus locations (including business critical locations) . These locations are located around the globe including embargoed countries. However , while browsing through various case studies of DMVPN implementation, we understand the solution is used a backup link and not primary link for many of companies. Would like to know from you anyone that if the solution is successful as primary link as well. Kindly advise..
I have seen environments where more than 100 spoke sites are connected to Hub end using DMVPN.
However, the underlying the connectivity that they use is MPLS for Hub to spoke reachability.
Sure, a single internet link will provide an availability of 99.9% or less. However a MPLS link is not much better at 99.95%. These figures are from the CiscoLive! presentation BRKRST-2021.
According to the same presentation if you deploy the standard Cisco IWAN solution leveraging DMVPN and dual internet links you can achieve 99.99% availability terminated on a single router.
In addition by using the internet costs are reduced by 75% in comparison to MPLS. See CiscoLive! presentation BKRCRS-2000 for details.
Don't forget to rate all posts that are helpful.
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Case studies using DMVPN as a backup, are more due, I believe, to the question of reliability of the "Internet" rather than the DMVPN technology, itself.
I used to work within an international company with offices all over the world. Usually we had a private WAN link and Internet VPN link to each site. Although Internet VPN was "sold" to management as a lower cost backup/secondary, we usually treated the two links equally (as they had about the same bandwidths). I saw very little difference in performance between the two technologies. Regarding reliability, in 1st world countries, reliability was about the same. In 3rd work countries, VPN actually has a slight edge (because if was often newer infrastructure and a primary focus for the country's build outs [i.e. everyone wants Internet access]).