Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
0
Helpful
2
Replies

DMVPN with Dual WAN

J. S. Black
Level 1
Level 1

‎11-26-2012 05:29 PM - edited ‎02-21-2020 06:30 PM

So I have a DMVPN network with 2 hubs (2821's).  This setup is used for VoIP applications over the Internet for teleworkers. At the main hub site I used to have only 1 Internet feed which was DSL with a static IP.  Now I have 2 WAN feeds for this site - 1 FTTB w/ PPPoE & the DSL with static IP.  Since this site also hosts a PRI, I want all voice communications to go through the FTTB link instead of the DSL for obvious reasons, but keep the DSL as DMVPN Hub for all NHRP lookups as this link has a static IP address & is very stable.  We originally put the PRI router as a DMVPN spoke which connected through the FTTB link, with another router acting as the DMVPN hub on the DSL link.  This was obviously a waste of machinery.

I want to combine both routers into one.  So I tried something like this (don't laugh):

Gi0/0 to FTTB (Dialer1 connects to Internet)

Gi0/1 to DSL (Public IP towards 877 demarc)

Tun0 attaches to Dialer1 public IP and connects to other spokes, no VRF

Tun1 attaches to Gi0/1 public IP and acts as DMVPN hub (ip nhrp map multicast dynamic) under VRF "Hub"

EIGRP AS 1 is set up twice, once under router eigrp 1, and the other using router eigrp 2 using an address-family under the Hub VRF.

This kinda works but obviously Tun0 & Tun1 do not speak to each other.  I also had to remove the ip nhrp map instruction that pointed to Hub1 on Tun0, as this was causing a weird condition in the router where it was repeatedly trying to connect a tunnel to itself, and crash the router because the NHRP process would go haywire.  So my users must rely on the Hub2 to get a NHRP lookup for the PRI site.  If Hub2 goes down, everything works in the network except for tunnel connections to the FTTB link.  I'd rather not have to configure 2 tunnels on each spoke router unless I really have to.  Is there an easier way around this?

Note that this is NOT a production system so I'm eager to try out new things... I'd never pull this kind of stunt on a real network.  Thoughts?

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-27-2012 01:40 PM

A few odd things there, but maybe I'm not appreciating some details because of lack of some basics.

Do you mind attching a topology diagram + some snippets of configuration :-)

0 Helpful

ju_mobile
Level 1
Level 1

‎11-28-2012 12:39 AM

I'd recommend considering your requirements. I'm sure your aware that on occasions it's better to redesign that keep applying sticking plasters.

If you consider you wish to use a single hub with dual external link then your routing from the edge has to accommodate. Have you considered mpls over dmvpn?

On a sticking plaster you could look at using IP-unnumbered.

Food for thought?

Cheers

Julian

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents