We are currently running DMVPN on advanced security 12.4.11T2 on hub and spokes and we want to go to a newer IOS since this is deferred.
Should I go to a T or a mainline release?
the latest releases are
12.4.24T3 (ED) or 12.4.22T5(MD) T release.
I would appreciate your opinion.
I would definetly go for a MD release, unless there are some features you need in newer trains.
I have very good feedback with 12.4(15)T train - and would go for the latest revision, it's also MD.
12.4(2x)T trains include new CEF code that is now a bit better (bugwise) in latest revisions - and some nice features like per-tunnel QoS.
It seems that the releases supporting, as for example the "Per Tunnel QoS" feature, depends on the hardware as well.
According to a recent experience, the per tunnel QoS (ip nhrp group...) is not supported in the 12.4(24)T3 (an ED) and 12.4(22)T5 (an MD) installed on an ISR2821! It seems too incredible but I verified it!
However the feature navigator indicates the 3825 or 3845 to support the "per tunnel QoS"!
What do you think?
It might be a problem with compilation process... potentially.
The only restrictions I see for per tunnels qos are:
•You cannot configure a per-tunnel QoS policy on a tunnel interface and a separate QoS policy on the outbound physical interface at the same time.
•You can attach a per-tunnel QoS policy on the tunnel only in the egress direction.
If above is fulfiled I would open a TAC case to have this one verified.
Indeed, according to Cisco docs, the only restrictions are those you mentioned.
Another prerequisite is to activate "cef" on the router before it would be possible to configure the "Per Tunnel QoS", and in my case, ip cef was activated!
But what have you meant by "a problem with compilation process"?
Untill this moment I've found no potential mistake in handling the upgrade process from a previous versions 12.4(20)T3. All was correctly undertoken.
It sometimes happens that some features are not compiled into certain images.
If this is unintentional or design/supportability issue that's another topic.
Open a TAC case if you verified in FN that this feature should be available on given platform.
I currently recommend 12.4(15)T13, 12.4(24)T3 as the most stable releases for DMVPN.
If you don't need the new features that are available in 12.4(24)T3 then you can stay with 12.4(15)T13.