Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
3
Replies

spoke unable re-establish vpn tunnel when hub suffers line failure and line is restore

jomo frank
Level 1
Level 1

‎12-22-2010 10:05 AM - edited ‎03-06-2019 02:39 PM

Hello expert,

I have hub and three spokes environment and I am using dmvpn for my tunnel.
I notice when my hub drop due to line disruption and service is restore
The  respected spokes are taken a very long time to re-establish the vpn
tunnel.
I enabled dead peer detection on the spokes to deal with issue but the tunnels
Still takes a long time to re-establish.
Can any one help me to resolve the above.

Regards
Jomo

Labels:
0 Helpful
3 Replies 3

rtjensen4
Level 4
Level 4

‎12-22-2010 11:04 AM

I think it might have to do with NHRP. The hub has to learn the NHRP mappings before it can build the tunnels. When the hub's interface goes down, those mappings are likely flushed. The Spokes have a static mapping to the Hub, but the hub has to learn about the spokes. I may be wrong, but I am guessing the delay is due to the interval that the spokes re-register NHRP with the hub.

0 Helpful

rtjensen4
Level 4
Level 4
In response to rtjensen4

‎12-22-2010 11:08 AM

You can configure ip nhrp holdtime on the spokes. The spokes will send an NHRP registration message every 1/3 the holdtime interval configured. This may speed up the process. HTH

http://blog.ine.com/2008/08/02/dmvpn-explained/

0 Helpful

jomo frank
Level 1
Level 1
In response to rtjensen4

‎12-29-2010 04:17 AM

hello expert,

I sorry for the late reply but i was away on vacation.

I tried set the holdtime value to 60 seconds on both hub and spoke but the time taken to re-establish connection remain around 60minutes.

The only way i achieve a quick re-establishment of tunnel is to restart the spoke.

For a test enivorment this okay but in production enviroment where the spoke will be at remote location this is not practical.

Any other solution i am very anxious

Regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card