Solved: Re: Centralized internet using DMVPN

jibsoni · ‎09-29-2010

Dear All,

I am having a client who has one HO and 300 Branch offices. HO is having one leased line and all branches having ADSL(dynamic IP).currently this setup is working fine .

There new requirement is to forward all Internet traffic from branches to HO

in branch I have given a default route pointing to the HO tunnel interface IP . now all traffic is reaching HO and i am able to browse Internet as well, but the issue is that the Internet is dead slow (sometime page will not open also).

Am I doing it correctly or any modification needs to be done .

Kindly suggest ... Diagram and config files are attached.

Please note that they don't have any proxy server as of now. and in the diagram I am discussing about R4 and R5 routers .

thanks

Jibson

Marcin Latosiewicz · ‎09-29-2010

My big post just got deleted because of a hickup of internet .....

Please correct routing.

Having same route twice in your case achieves load balancing per packet!

Idealy with you requirements.

You would have:

- static route pointing to hub IP address via physical address with low metric.

- default static route with high metric (acting as fallback)

- default route advertised via ospf to all spokes (or static route via lower metric then the one above and possibly some route tracking)

-(optional, if needed) route for management access.

Once you correct this, let's discuss rest.

View solution in original post

Marcin Latosiewicz · ‎09-29-2010

Jibson,

I would suggest to look at CPU load on hub routers and on BW utilization on interface poiting to the internet - to see if you're not oversubscribing the CPU or the bandwidth.

If you're using same interface to terminate DMVPN and going to the internet for web... well this could be designed a bit better ;-)

Adding a cacheing engine or proxy will for sure help.

As a general rule you might consider traffic shaping to smooth out traffic spikes.

But the problem is very generic, maybe not coming from DMVPN infrastracture but somewhere else?

Marcin

jibsoni · ‎09-29-2010

Hi marcin,

Thanks for your support,

As you suggested i am going to recommend the same to the customer.

1. in the branch router i am using two default routes one for dialer and the other one is pointed to the hub router tunnel interface , is that configuration ok ?

I have tried PBR as well in the branch router to forward 80,443 & 21 traffic. but it was not working .

2. could you please guide me how to check interface bandwidth utilization

3. I am having doubt on NAT as well . packets are comming from outside interface and after NAT it will take the same interface to go to internet . does it create any troubles or its normal.

Marcin Latosiewicz · ‎09-29-2010

My big post just got deleted because of a hickup of internet .....

Please correct routing.

Having same route twice in your case achieves load balancing per packet!

Idealy with you requirements.

You would have:

- static route pointing to hub IP address via physical address with low metric.

- default static route with high metric (acting as fallback)

- default route advertised via ospf to all spokes (or static route via lower metric then the one above and possibly some route tracking)

-(optional, if needed) route for management access.

Once you correct this, let's discuss rest.

jibsoni · ‎10-02-2010

Hi Marci,

That worked.......... after correcting routes Internet started working normally. Thanks a LOT for your support....

Now one more issue which i am facing is that few branches are working fine but others are still having issues. I compared the configuration with a working one and the config seems to be ok. any suggestions .

Marcin Latosiewicz · ‎10-02-2010

Jibson,

Can you please open a separate thread on the forums with show techs from both a device which s working fine and device which is affected.

I'll make sure someone looks into that one.

That will at least get us started ;-)

Marcin