I was wondering if anyone could offer any ideas \ insight for an issue we currently have at the company I work for (basically poor performance on DMVPN tunnels i.e download \ upload speeds).
We have an overlay network which operates on a hub \ spoke model per region e.g North America, Europe etc. If in NOAM, site A wants to communicate with site B, it creates a spoke-to-spoke connection. If site A wants to talk to site C in Europe (for example) it goes to the hub (AWS VPC) and transits AWS to Europe and then connects from there to the site C. So within region = spoke to spoke and across regions = hub & spoke.
Just last piece of info if it helps, we have taken WOC's out of the equation, so performing test from L3 switch \ router and also applied 'shaping' for outbound traffic to help manage upload performance speed. So main problem is download speed which is inconsistent and very low considering router capabilities and bandwidth on last mile circuits and transit (AWS Internet backbone)
We use DMVPN and Amazon AWS regional PoP where we have a VPC to transit across regions e.g NOAM to Europe and vice versa.
For priority traffic we have MPLS with Verizon and this traffic performs well. For remaining traffic we use Internet circuits at each site (DIA) and create tunnels using DMVPN being either spoke to spoke or hub \ spoke for this traffic. The problem is the performance, specifically download speed is very poor, typically less than 10mbps even though the access circuit ranges from 50mb upwards. Utilisation on the circuit is fine but performance for DMVPN is very poor. iPerf from one client on LAN side to server on receiving side (site A to site C for example) shows similar results to speedtest applications.
We use VRF's to separate traffic e.g office, mobile, Guest etc. Hence my interest in the VPN and VRF topics
We have HSECK9 licenses installed to support the throughput on Cisco 4k series - mainly 4331 router.