URGENT dual cloud dual hub single tier dmvpn with backup service provider

Unanswered Question
Jul 3rd, 2008
User Badges:


I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).

The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?

Is there a guide for this case?

What is the best practice in this case?

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
hadbou Wed, 07/09/2008 - 13:40
User Badges:
  • Bronze, 100 points or more

Dynamic Multipoint VPN (DMVPN) combines generic routing encapsulation (GRE) tunnels, IPSecurity (IPSec) encryption, and Next Hop Resolution Protocol (NHRP). It allows for the management of devices with dynamically assigned IP addresses. It also enables direct spoke-to-spoke communication, without the need to go through the hub.

Refer the following url for more info on DMVPN:



This Discussion