Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
0
Helpful
3
Replies

DMVPN Dual Hub Question

genelidman
Level 1
Level 1

‎07-15-2004 09:34 AM - edited ‎02-21-2020 01:14 PM

Anyone have a running Dual Hub VPN network???

I have an existing DMVPN solution up and running with 1 Hub and 5 Spokes. My company has just acquired another company and now I must add 5 new spokes. For load-balancing and redundancy I want to turn one the the existing spokes into a second Hub and have half my spokes connect to it (I am running EIGRP). I understand that each configured spoke will establish a tunnel with it's hub, but I am wondering if and how the two hubs will create tunnels between each other.

My configuration is basically the same as found in the Cisco document linked below so I won't attach it.

http://www.cisco.com/warp/public/105/dmvpn.html

Any help on this matter would be appreciated!

Thanks,

Gene

Labels:
0 Helpful
3 Replies 3

ehirsel
Level 6
Level 6

‎07-21-2004 03:31 AM

I don't have experience in running DMVPN, however I had a look at the cisco doc, and it seems to me that whether or not you are using dual-hub/single-DMVPN or dual-hub/dual-DMVPN that each spoke connects to both hubs.

In your case does each spoke only connect to one hub, and only one hub?

The routing protocols between the hubs should take care of the return paths, if you have the case where the spokes connect to only one hub. You do not necessarily need to create a seperate tunnel between the hubs (i.e., they are co-located and have a subnet in common to exchange routing info over - but it applies if the hubs are not co-located as well.) However having a GRE tunnel connected via IPSec is a good security mechanism to avoid spoofed routing advertisements. In any case, there will be a need for the hubs to exchange routing info, due to hosts that are on the backside of the hubs using only one of them as the default gateway whereas the tunnel to the spoke is connected to the other one.

Let me know if this helps.

0 Helpful

rwcrowe
Level 1
Level 1
In response to ehirsel

‎07-22-2004 12:51 PM

I would scale the existing hub. Add another headend device.

0 Helpful

ehirsel
Level 6
Level 6
In response to rwcrowe

‎07-22-2004 06:05 PM

If all the spokes will connect to both hubs, you will not need to configre a tunnel on the hubs since each one will be receiving route advertisements for all the spokes. You can adjust the metrics in EIGRPm, if you want the spokes to prefer one hub over the other.

On the other hand, if the spokes will only connect to one hub, then you will have to have the hubs exhcnage routing table updates - doing that over a GRE tunnel using IPSEC is a good security practice to insure that only authorized devices can send and process route updates. In this case it will be easier to use another eigrp AS or a seperate routing protocol such as OSPF to prevent route info loops and other issues that can arise when trying to propogage the route advertisements from the spokes.

0 Helpful
Customers Also Viewed These Support Documents