Single HUB with dual ISP uplinks ( DMVPN )

shamax_1983 · ‎08-29-2012

Hi All,

Tried to find the clear explanation for this for last couple of days but coudn't. So please help as I'm new to DMVPNs

Currently we have a single DMVPN cloude between 1 hub and 2 spokes. Hub has only one uplink (ADSL) and each Spoke has single uplink as well. We are hoping to install a 3G module ( with a 2nd ISP ) only on the hub and use the 3G uplink as the back up, so that the spokes can link up with the HUB via its 3G interface when the primary ADSL goes down.

So my question is, what is the best way to approach this ? I've seen lot of articles on DUAL-HUB/DUAL-ISP but haven't seen much with this setup. Please point me in to the right direction. Also if you can provide me with some examples that'll be much appreciated.

Thanks in advance.

Marwan ALshawi · ‎08-29-2012

If you are using one hub and dual interfaces on the spokes you could run two DMVPN mgre tunnels on the hub run two dmvpn clouds on the spokes u need to run two tunnels as well for the two DMVPN clouds

Using routing protocols u can prefer one path over the other

Sent from Cisco Technical Support iPad App

shamax_1983 · ‎08-29-2012

Hi Marwanshawi,

Thanks for your reply. The setup is with 2 ISP links on the Hub. spokes will have only 1 ISP links as shown on the diagram above.

As you mentioned, I tried to have two cloudes on the hub on each WAN IP and on spokes both cloudes are coming on to the same WAN ip. But I had lot of trouble doing that because I'm not sure how exactly I should advertise eigrp routes.. Do I advertise all subnets including both DMVPNs out from all tunnels OR should I use some Tricks to limit some routes on some interfaces ?? To avoide route leaking may be??.. Please help.

Thanks for your help

Sent from Cisco Technical Support iPhone App

Marwan ALshawi · ‎09-10-2012

If only the hub using the second interface then advertise the summary route of your internal network over the second tunnel/dmvpn

And leave the first one to advertise the more specific route over the first tunnel to be more preferred and the the second one with the summary will be used only in the case of first one gose down

This is a simple option you may use

Hope this help

Sent from Cisco Technical Support iPad App

shamax_1983 · ‎02-16-2014

After lot of research and trial and error, I found some answers to this myself..

Answers to my own question:

1) The best case scenario, Two physical routers at the HUB site, Two DMVPN clouds, one terminating on each hub

2) If you can't put two routers in the HUB site, you have two options:

I) Introduce a VRF (VRF-ISP2) and configure the second ISP uplink to be in the VRF, configure second DMVPN HUB tunnel interface in the GLobal Routing Table (GRT) and configure this tunnels "transport traffic" to originate from within the VRF ( aka, put the command, tunnel vrf VRF-ISP2 ). Configure SPOKEs to have two tunnels one terminated on the primary interface (public IP) and the otherone on the ISP2 interface.. ( you should have a static default gateway route within the VRF pointing its nexthop IP of the ISP2). This alone should get you going, you will see two routes for all internal subnets via two DMVPN paths... Tweek the Delays if you want single route to appear on the routing table and the otherone to be a feasible successor incase of EIGRP..

But if you want your HUB sites' internet access to be redundant as well, this needs more trickery, I have tried many things in the past but the best setup I have configured so far is to have GRE tunnel between GRT and VRF, and to have a second default gateway with higher metric poining this GRE tunnel on the Global routing table.. of cource you will have to configure NAT'ing on GRT and VRF both. and also a static route in the VRF pointing the GRE tunnel for the HUB sites' internal subnet so it knows where to send return traffic.

II) The other way to do this to have two VRFs on the HUB, one for the ISP1 and one for ISP2, run mBGP and export/import routes between VRFs using route targets.. So what would you have on your Global routing table.. Nothing.. . Inside your VRF-ISP1 will have all primary routes + some imported secondary routes from the Other VRF which can be used as backup routes.. But this method is only convenient if you are building the topology from the scratch and NOT adding the second Link on an operational router.. you don't want to take the rist of tring to migrate all interfaces/tunnels from GRT to VRF remotely and lock yourself out... .. also this is a bit more involved as far as BGP and VRF goes.. If you leave the comapny and a new person takes over.. they will curse you so much hehe.. This is kind of valid for the option 1 as well..