I've been reading about dmvpn and have done a setup on gns3, all works well using routers.
now the topics I see is that dmvpn hubs get high cpu usage.
I think some if it is because of routing tables (eigrp usage) some could be due to fragmentation but a lot of it is most likely due to encryption/decryption.
I did some reading and some say you need an ipsec hardware card in your router to offload the encrypt/decrypt to the card. is this true?
will an ipsec hardware card lower cpu usage? when do you need this card?
on this same topic,
when I have a hub and spokes that are dhcp, is there any way to tell the hub accept connections only from these mac addresses? the macs being the macs of my spokes.
That's a good question, according to my knowledge it's not possible to authenticate it based on mac address.
You are absolutely right, it will take the loads related to encryp./decryp. off from the CPU thus reducing the cpu usage on the router. You need that card when the router's cpu usage is high only by doing ipsec/vpn traffics without doing any routing and switching.
The Cisco VPN and SSL AIM provides up to 40 percent better performance for IPsec VPN over the built-in IPsec encryption, and up to twice the performance for SSL VPN encryption. The Cisco VPN and SSL AIM supports all three of these functions in hardware: SSL encryption in hardware, VPN IPsec encryption in hardware using either Data Encryption Standard (DES) or Advanced Encryption Standard (AES), and the IP Payload Compression Protocol (IPPCP) in hardware.
Check following link for more info about aim vpn module: AIM VPN module