DMVPN: HUB's behind a LoadBalancer and Spoke-Spoke communication

Unanswered Question
Jan 12th, 2008


we are planning a scaling DMVPN network for around 2000 spokes.

Is it possible to install the HUB's behind a Load Balancer so that they are reachable only through 1 VIP address and ALSO the possibility of a direkt spoke-spoke communication when needed?

I only found Phase 2 and SLB for HUBs but

without a spoke-spoke communication.

see page 13 there is what we like to have but with the extension of spoke-spoke communication.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kfischbach Mon, 01/14/2008 - 07:50

Have found the solution. The Hubs must be connected through an separate tunnel on which NHRP runs.

dmitry Mon, 01/14/2008 - 15:42

I have been waiting for Cisco to get the spoke-spoke functionality working for this DMVPN HUBs behind load balancer environment. The traditional DMVPN with multiple HUBs does not really scale well, plus it is not very stable routing and NHRP wise.

Would you care to tell more about your solution. As far as I know on a HUB you cannot have one tunnel for spoke to HUB connections and the other just for HUB-HUB, the NHRP requests from the spokes to find out about the other spoke public IP will not be forwarded between the tunnel interfaces on the HUB

kfischbach Tue, 01/15/2008 - 11:12


we've successfuly tested this feature. The trick is only additional GRE-Tunnels between the HUBs with the same NHRP ID. I'll attache a newer design guide and also my HUB configs from our lab. When you need additional infos pleas contact me.




This Discussion