11-23-2018 01:40 PM - edited 03-12-2019 05:32 AM
This topic is a chance to discuss more about the best practices to configure, deploy and troubleshoot Dynamic Multi-point VPN (DMVPN) on Cisco Routers. The session provides insight about the base components involved in DMVPN and its different phases of deployment. It focus particularly on the basic configuration of its phases and on the best practices required when using DMVPN on Cisco routers.
Dynamic Multipoint VPN is a Cisco IOS/IOS-XE Software solution for building scalable IPsec Virtual Private Networks (VPNs). This routing technique is used to build Virtual Private Networks with multiple sites without having to statically configure all devices, DMVPN essentially creates a mesh VPN topology over the public or private WAN or Internet. Its deployments include mechanisms such as GRE tunneling and IPsec encryption with Next Hop Resolution Protocol (NHRP) routing, they are designed to reduce administrative burden and provide reliable dynamic connectivity between sites.
To participate in this event, please use thebutton below to ask your questions
Ask questions from Monday November 26th to Friday 14th of December, 2018
Featured expert
Leonardo Peña Davila is a Network Engineer with over 15 years of experience on network design, enterprise networks, administration and support. He works as Network Engineer on Microplus Computo y Servicios in Mexico. Before he worked on Petroleos de Venezuela as Network Engineer administrating and managing a diverse amount of complex networks, from WLC, ACS, ASA to CUCM. Leonardo obtained his first Cisco CCNA certification in 2002 and he has a CCNP R&S as well, he is passionate about his profession and committed to keep up-to-date with new technology developments. He is interested on Data Center technology, particularly on Nexus switches, APIC, APIC-EM, VMware virtualization, ESX, ESXi, UCS and Network Programmability.
Leonardo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security community.
Find other events https://community.cisco.com/t5/custom/page/page-id/Events?categoryId=technology-support
**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
12-19-2018 09:46 PM
Hi nmeadows02,
I'm sharing an excellent document where you can find beside of the best practices configuring DMVPN, some of the most common problems we usually face when deploying this technology and how to approach a troubleshooting step by step.
Please take a look at this document and do not hesitate if you have further questions.
Regards
Leonardo
12-14-2018 04:53 AM
MTU?
We have various service provider connections--some are better than others. Across the Cellular connections an MTU of 922 is often the best we can achieve, while on quality Fiber connections we can achieve the tunnel max of MTU 1476.
My question is related to performance: should we establish multiple DMVPN endpoints? One for the "better" connections and one for the rest?
12-19-2018 09:33 PM
Hi Citynet,
When planning to deploy DMVP you have to follow some best practices to avoid any issues. One of the the best practices recommended on Cisco Design and impementation guide :
IP MTU – Set the IP maximum transmission unit (MTU) to 1400 on all DMVPN tunnel interfaces to eliminate the potential for fragmentation. GRE and IPsec headers add about 60 bytes to the packet, and cause the router to fragment larger packets if this exceeds the interface MTU, straining the CPU.
TCP MSS – Set the TCP maximum segment size (MSS) value to 1360 on all DMVPN tunnel interfaces. This value is calculated by subtracting 40 bytes from the IP MTU value. Use the command ip tcp adjust-mss 1360 to set the value on the mGRE tunnel interface toward the spokes. This helps TCP sessions adjust to the lower MTU and is needed if Path MTU Discovery (PMTUD) does not work between end hosts.
Concerning the question about performance, It always depends on what kind of traffic is the most important on your environment, what Apps you need to keep up and running, based on that information you can think about what is the best design for your network .
Regards
Leonardo
12-14-2018 07:22 AM
What are the best practices for a multi-hub DMVPN phase 3 environment?
Are there any configuration considerations for the tunnels that is different than a single hub?
Also, how would you configure EIGRP on the hubs/spokes in regards to summaries & split horizon in this scenario?
12-19-2018 10:08 PM
Hi Michael,
Take a look at the following link. you will find an excellent document about Design and implementation of DMVPN.
HTH
Regards
Leonardo
12-20-2018 08:33 AM
Thanks for sharing your knowledge and for all the great assistance you’ve provided here. We kindly appreciate it, you’re an important contributor of this community
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide