We have recently moved encryption to the Application Layer of our network, this was a business requirement for other reasons. But from the network department we see this as an opportunity to increase the scalablity and longevity of our routers.
We are currently running a DMVPN network with approximately 800 spoke nodes, the majority being c871s. We would like to migrate the DMVPN to plain old mGRE, as the encryption is no longer a requirement of the Network Layer. This however doesn't seem like an easy task. I am trying to investigate the different options available to me complete this migration. For some reason I thought there was a way to make the encryption in DMVPN optional, such that I could make the hubs optional then migrate the spokes, however this is contingent on encryption being optional. If not the only way I can see accomplishing this is creating a new NHRP hub and migrating the spokes to this new hub one by one.
I'm all ears if someone could validate the "optional" option, or if there is a third or fourth option.