Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1990
Views
0
Helpful
5
Replies

Dual Spoke with DMVPN Dual HUB design

lap
Level 2
Level 2

‎03-29-2011 02:59 AM - edited ‎02-21-2020 05:15 PM

Hi,

I need some advices regarding the following design.

One of our customer is runing a DMVPN dual hub design phase 2.

The customer wants to add a router at a spoke location to achive hardware and line redundancy. So I would like to know what is the best practice setup regarding this design?

I was thinking of running HSRP and IP SLA tracking a branch location between the 2 routers. Is that the correct way to do it? What about HUB location, it will have 2 routes to same subnet so to influence return traffic I guess that I will change bandwidth and delay on the second spoke router so it is higher than the first spoke router right?

Thanks in advance,

Regards,

Laurent Prat

Labels:
0 Helpful
5 Replies 5

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎04-04-2011 10:35 AM

Laurent,

Indeed that's one of the possibilities, possibly the least complicated, thus (one could argue) - the best ;-)

If what your customer is concerned only about losing carrier on the line to ISP (or one spoke router) you can have both spokes connect to same hub and run HSRP for previous hop.

There's not much change in regards to dual hub, you replicate what you had with one spoke to another.

We could probably come up with something more advanced/different, but you'd need to share current design and what the customer would like to achieve with new design (i.e. their requirements).

Marcin

0 Helpful

lap
Level 2
Level 2
In response to Marcin Latosiewicz

‎04-06-2011 06:17 AM

Hi Marci,

Thanks for your answer.

The customer requirement is not to depend on one ISP only (many outage, it is in Hungary). So maybe it could get a second ISP and connect it to the same router. So that could be another possibility right? I mean one spoke router with 2 ISP. Is that possible? Do you see any disadvantages in this design compare to the one I suggested?

Again, thank you very much for helping.

Regards,

Laurent

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to lap

‎04-06-2011 08:12 AM

Laurent,

Having two ISPs on one router is not a problem, you can implement simple tracking of reachability to know when to make a "failover".

With a bit of tinkering (local policy etc) you could probably make tunnels via different ISPs active at the same time - in which case it would be strictly required to point the other tunnel to another DMVPN cloud (you cannot have same addressing of two interfaces .... unless you decide you use VRF!)

However having two spokes in same location with HSRP and two ISPs gives you also hardware redundancy, but costs a bit on top... of course ;-)


A whole world of possibilities is at hand. Without a problem you can have two ISPs both in their VRFs and have them connect to the hub(s).

Marcin

0 Helpful

lap
Level 2
Level 2
In response to Marcin Latosiewicz

‎04-07-2011 09:42 AM

Marcin,

Thanks for your message. That´s interesting. I will let you know what the design will be. I will take in consideration the idea of having both Tunnel running at the same time on one spoke.

As I know you are experienced with DMVPN I would like to ask you something. Here is my questions:

My customer is running Dual hub but right now only one hub is active as the secondary hub has problem with certificates. The other day the HUB router lost connection to the Internet and straight away the customer called me and said: "our sites in Holland lost connectivity between each other (spoke to spoke) but only the sites in Holland. I don´t understand because when the spoke to spoke tunnel is up and running it should last for 24 hours.

I said:" Well as you are currently running with one HUB when this HUB loose connetion to the Internet, the Spokes loose routing information from all the network (net behind HUB and other spokes) so that is why you got an outage on the spoke to spoke tunnels. Then I add, that is why you should have 2 HUBs up and running.

As a side note customer is using Phase 2.

Would you add something to my explanation? I was trying to understand why the spoke to spoke tunnels went down, it that cause of NHRP time out, I guess is NHRP which brings down the spoke to spoke tunnels, no?

Many questions but I would really like to know;-)

Best regards,

Laurent

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to lap

‎04-08-2011 09:36 AM

Laurent,

I would agree with both of your conclusions.

Dual cloud solution would most likely alleviate the problem. Dual hub (in single cloud) ... well in principle it would but we'd need to have to wait for NHRP timers to expire.

And yes once NHRP entry expires would use spoke-to-spoke tunnels.

Marcin

0 Helpful
Customers Also Viewed These Support Documents