Solved: Implementing DMVPN

bappysust · ‎06-06-2009

Hi all,

Hope you all are fine. I have two cisco 3845 with C3845-ADVIPSERVICESK9-M), Version 12.4(3d) at Head office end as Core Router and 200+ cisco 1811 and 30+ Cisco 851 at Branch and Remote location. I am getting bored with creating p2p GRE tunnel with IPSEC at my core Routers. I am afraid of counting the configuration lines. I am thinking about DMVPN. How wise it will be with current Hardware platform. My managemnet is not agree with expenssive hardware as they are in cost cutting process. But I am anxious about sudden collapse of my network. Please suggest me.

Regards

Nazmul

Bangladesh

Giuseppe Larosa · ‎06-06-2009

Hello Nazmul,

as Joseph has noted you should be fine.

You may need to upgrade IOS images on branch routers.

The following link to DMVPN solution reference design can help

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_4_Phase2.html

notice table 4-3 about performance of routers in a Hub and spoke scenario (it shouldn't be with spoke to spoke tunnels that is in the following paragraph)

With EIGRP you easily get an Hub and Spoke DMVPN without spoke to spoke tunnels: actually some tricks are needed to support dynamic spoke to spoke tunnels ( no ip next-hop-self eigrp ASN in tunnel configuration ).

Only concerns are for the 851

you can check this using

Feature navigator

www.cisco.com/go/fn

search by feature

digit D and select DMVPN phase 1

in the list of platforms I can see 831, 836, 837, 877 but I don't see 851

Hope to help

Giuseppe

View solution in original post

Joseph W. Doherty · ‎06-06-2009

Just what DMVPN was designed to improve . . .

My understanding, DMVPN hardware requirements should be about the same assuming you don't configure spokes to allow spoke-to-spoke tunnels.

Configuration likely will be much, much smaller on hub router since you only need one tunnel inteface to support all the spokes.

Routing configuration probably will be slightly different and likely smaller too. This assumes you move from many logical p-2-p to multipoint and are running a IGP that supports multipoint, easily.

What might not leverage/reduce hub configuration is QoS, especially if you shape from hub to spoke.

bappysust · ‎06-06-2009

Thanks Joseph for your reply. Ours is a banking organization which is fully centralize. No branch to branch communication required except head office to branch. My understanding is Hub and spoke tunnel would suffice. What I should know is that current hardware pltaforms at head end and branch end is sufficient or not.

Note I have eight service providers to connect my remote locations.And I am using EIGRP as the Routing Protocol.

Joseph W. Doherty · ‎06-06-2009

Well, my understanding, for a pure hub and spoke, DMVPN shouldn't load up your devices much different from their p-2-p configurations. "Under the covers", the major difference is DMVPN rides on top of mGRE rather than GRE.

Spoke-to-spoke is a different story since, in theory, any branch might need to process VPN tunnels from every other branch.

EIGRP should be a suitable routing protocol.

Giuseppe Larosa · ‎06-06-2009