Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1262
Views
0
Helpful
7
Replies

DMVPN router size.

Mike Buyarski
Level 3
Level 3

‎01-30-2013 02:44 PM - edited ‎02-21-2020 06:40 PM

my company has 2 2901 routers that are currently running the point to point vpn connections between our 58 locations. If i convert the vpn's over to DMVPN connections will i be able to have all 58 locations on one 2901? will it be able to handle all of them without taxing the routers CPU beyond what would be considered an acceptable utilization?

Labels:
0 Helpful
7 Replies 7

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-30-2013 09:02 PM

Mike,

It always depends on traffic pattern and what features you wanted to run.

I think it's safe to say you best discuss this with your Cisco SE. However I'll try to make some comments.

I could only find some data on 2911, which could up to 200+ tunnels (lab environment scaling test).


Also in some (pretty old) docs I could find we're recommending 2901's total tunnel count to be around 55 for best performance. Whether this still holds today, that's another matter.

AFAIR this can be easily extended with a VPN ISM card.

You could loadbalance the tunnels between your two routers and probably get a very decent performance, but again, the exact scaling will depend on features (and timers) you will want to run on top.

HTH,

M.


0 Helpful

david.tran
Level 4
Level 4
In response to Marcin Latosiewicz

‎01-31-2013 05:11 AM

My experience with Cisco SEs has not been very positive.  I don't think you can count on them either. 

Does anyone believe that a Cisco Pix 515E can terminate 2000 VPN tunnels?  That's what Cisco spec indicated

You might be able to do it but the box might not pass any traffics

0 Helpful

Mike Buyarski
Level 3
Level 3

‎01-31-2013 06:25 AM

the load balancing sounds interesting. We have 2 separate internet connections that each 2901 would be on, and each router would be a hub setup. that way if one internet connection or router goes down the other would still be running so the remote locations can stay connected. of course each router would still have all 58 locations connected to it.

I could not find anything on the 2901's recommend capacity for DMVPN connections either. But i would think a DMVPN would take less cpu per connection than the older point to point connections?

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Mike Buyarski

‎01-31-2013 07:29 AM

Mike,

DMVPN relies on NHRP where point to point does not need to, so in fact there is a bit more to process (consider periodic re-registrations).

Look also into FlexVPN - benefits of IKEv2, all features of DMVPN + much more.

Whatever you decide (DM or Flex) - BGP is the protocol you WANT to run, it will ensure best scalability.

M.

0 Helpful

Marcin chojna
Level 1
Level 1
In response to Marcin Latosiewicz

‎02-17-2013 06:07 AM

Hi  Marcin,

What kind of BGP you propose IBGP or eBGP?

Marcin

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Marcin chojna

‎03-03-2013 03:57 AM

Marcin,

It depends, almost all setups I saw ran iBGP, although one praticulary big one used eBGP.

Typically iBGP I would say, most of the examples you will see on CCO will be iBGP based - but again, it's typically a lab :-)

M.

0 Helpful

Marcin chojna
Level 1
Level 1
In response to Marcin Latosiewicz

‎03-03-2013 04:43 AM

Marcin

I think iBGP is more flexible but rather  more complicated to configure.

he he ,I had one lab in brussels    (almost two years ago) so for now enough SEC  labs time for RS.:)

0 Helpful
Customers Also Viewed These Support Documents