Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
0
Helpful
5
Replies

DMVPN Dual Hub

Raimund Schimanovits
Level 1
Level 1

‎11-12-2013 02:54 AM - edited ‎02-21-2020 07:18 PM

Hello

I have one Hub Router 2901 with 2 Internet Provider whichare connected by 2 off. IP`s. If the primary connection goes down the router switch to the second connection on the wan interface. This works perfect.

Now my problem.

I have 4 Spoke-Router 881 3G wichshould be connected by DMVPN with the Hub. DMVPN works perfect on the primary connection. If the primary connection goes down and the second (backup) on. DMVPN is down. 

is ist possible to connect the tunnel interface to 2 adresses? If i insert a 2nd ip nhrp map und ip nhrp multicast i cannnot send any data over the Tunnel.

thanks for help !!!

interface Tunnel1

description DMVPN zu ASCOM-HUB1

bandwidth 100000

ip address 10.100.0.1 255.255.255.0

no ip redirects

no ip proxy-arp

ip mtu 1400

ip authentication mode eigrp 1 md5

ip authentication key-chain eigrp 1 EIGRP1-key

ip nhrp authentication NhrP-K3y

ip nhrp map multicast XXX.XXX.XXX.XXX

ip nhrp map 10.100.0.250 XXX.XXX.XXX.XXX

ip nhrp network-id 1

ip nhrp nhs 10.100.0.250

ip nhrp registration no-unique

ip nhrp shortcut

ip nhrp redirect

ip virtual-reassembly in

ip verify unicast reverse-path

ip tcp adjust-mss 1360

keepalive 10 3

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key 2

tunnel path-mtu-discovery

tunnel protection ipsec profile DMVPN

Labels:
0 Helpful
5 Replies 5

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-12-2013 04:54 AM

First of all remove "keepalive" statment from multipoint interface :-)

Answer to your question might depend on whether you are advertising same prefix to both ISPs or if it's two ISP providing you internet using different IP addresses.

What you can look into is VRF-lite approach and two tunnel interface on all devices.

0 Helpful

Raimund Schimanovits
Level 1
Level 1
In response to Marcin Latosiewicz

‎11-12-2013 05:39 AM

Hello

Thanks

I have 2 differend ISP`s with differend Ip`s.

So i insert a small photo how it looks like. The orange VPN`s work fine but if the Telekom crash and the hub switch to UPC the DMVPN is not working.

Here is the config from the hub.

So is it possible to insert more than one ip nhrp map address?

Thanks

interface Tunnel0

description HUB1-DMVPN

bandwidth 1000000

bandwidth inherit

ip address 10.100.0.250 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1400

ip verify unicast reverse-path

ip authentication mode eigrp 1 md5

ip authentication key-chain eigrp 1 EIGRP1-key

no ip split-horizon eigrp 1

ip nhrp authentication XXXXXX

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp shortcut

ip nhrp redirect

ip virtual-reassembly in

ip tcp adjust-mss 1360

delay 10

keepalive 10 3

cdp enable

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 2

tunnel path-mtu-discovery

tunnel protection ipsec profile DMVPN

 

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Raimund Schimanovits

‎11-12-2013 09:56 AM

This is a longer discussion...

You can have quite a few mappings in NHRP.

The problem is tunnel source and routing. You would need to have a tunnel sourced also from the other interface.

Then, most likely, you have a choice of running dual-cloud instead of dual-hub.

VRF-lite seems like a very good solution here. You would be able to actually have utilization of both ISPs at the same time, if you chose to.

0 Helpful

Raimund Schimanovits
Level 1
Level 1
In response to Marcin Latosiewicz

‎11-12-2013 11:58 AM

It´s not so easy to make such solution. I have also a backup connection by 3G on the Spoke 881.

Maybe somebody has a good idea. I will look for the VRF-lite tomorrow.

Thanks

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Raimund Schimanovits

‎11-13-2013 02:32 AM

The "problem" is in your underlay routing and it will translate itself to your overlay in one way or another.

You can use some dirty tricks but supportability of this would be questionable.

For example: why not have EEM script change your tunnel source (and NHRP mapping).

Many things depend on your objectives and constraints. You can start discussion with your SE about this, there's nothing better then sitting down with pen and paper and discussing with someone live.

Or wait until Cisco Live 2014 and head to a design clinic :-)

One of the folks in TAC is working on few different ways to provide DMVPN redundnacy, but I can't say when it will be published.

And again, remove GRE keeplaives from your tunnel config - this is not supported on mGRE. :-)

0 Helpful
Customers Also Viewed These Support Documents