Centralized internet using DMVPN

Answered Question
Sep 29th, 2010
User Badges:

Dear All,


I am having a client who has one HO and 300 Branch offices. HO is having one leased line and all branches having ADSL(dynamic IP).currently this setup is working fine .


There new  requirement is to forward all Internet traffic from branches to HO


in branch I have given a default route pointing to the HO tunnel interface IP . now all  traffic is reaching HO and i am able to browse Internet as well, but the issue is that the Internet is dead slow (sometime page will not open also).



Am I doing it correctly or any modification needs to be done .


Kindly suggest ...   Diagram and config files are attached.


Please note that they don't have any proxy server as of now. and in the diagram I am discussing about R4 and R5 routers .


thanks


Jibson

Correct Answer by Marcin Latosiewicz about 6 years 9 months ago

My big post just got deleted because of a hickup of internet .....



Please correct routing.


Having same route twice in your case achieves load balancing per packet!


Idealy with you requirements.


You would have:

- static route pointing to hub IP address via physical address with low metric.

- default static route with high metric (acting as fallback)

- default route advertised via ospf to all spokes (or static route via lower metric then the one above and possibly some route tracking)

-(optional, if needed) route for management access.



Once you correct this, let's discuss rest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marcin Latosiewicz Wed, 09/29/2010 - 09:15
User Badges:
  • Cisco Employee,

Jibson,


I would suggest to look at CPU load on hub routers and on BW utilization on interface poiting to the internet - to see if you're not oversubscribing the CPU or the bandwidth.


If you're using same interface to terminate DMVPN and going to the internet for web... well this could be designed a bit better ;-)


Adding a cacheing engine or proxy will for sure help.


As a general rule you might consider traffic shaping to smooth out traffic spikes.

But the problem is very generic, maybe not coming from DMVPN infrastracture but somewhere else?


Marcin

jibsoni@hotmail.com Wed, 09/29/2010 - 09:38
User Badges:

Hi marcin,


Thanks for your support,


As you suggested i am going to recommend the same to the customer.


1. in the branch router i am using two default routes one for dialer  and the other one is pointed to the hub router tunnel interface , is that configuration ok ?

    I have tried PBR as well  in the branch router to forward 80,443 & 21 traffic. but it was not working .

2. could you please guide me how to check interface bandwidth utilization

3. I am having  doubt on NAT as well  . packets are comming from outside interface and after NAT it will take the same interface to go to internet . does it create any troubles or its normal.

Correct Answer
Marcin Latosiewicz Wed, 09/29/2010 - 09:57
User Badges:
  • Cisco Employee,

My big post just got deleted because of a hickup of internet .....



Please correct routing.


Having same route twice in your case achieves load balancing per packet!


Idealy with you requirements.


You would have:

- static route pointing to hub IP address via physical address with low metric.

- default static route with high metric (acting as fallback)

- default route advertised via ospf to all spokes (or static route via lower metric then the one above and possibly some route tracking)

-(optional, if needed) route for management access.



Once you correct this, let's discuss rest.

jibsoni@hotmail.com Sat, 10/02/2010 - 03:58
User Badges:

Hi Marci,


That worked.......... after correcting routes Internet started working normally.  Thanks a LOT for your support....



Now one more issue which i am facing is that few branches are working fine but others are still having issues. I  compared  the  configuration with a working one and the config seems to be ok. any suggestions .

Marcin Latosiewicz Sat, 10/02/2010 - 06:37
User Badges:
  • Cisco Employee,

Jibson,


Can you please open a separate thread on the forums with show techs from both a device which s working fine and device which is affected.


I'll make sure someone looks into that one.


That will at least get us started ;-)


Marcin

Actions

This Discussion