Centralized internet using DMVPN

Answered Question

Dear All,


I am having a client who has one HO and 300 Branch offices. HO is having one leased line and all branches having ADSL(dynamic IP).currently this setup is working fine .


There new  requirement is to forward all Internet traffic from branches to HO


in branch I have given a default route pointing to the HO tunnel interface IP . now all  traffic is reaching HO and i am able to browse Internet as well, but the issue is that the Internet is dead slow (sometime page will not open also).



Am I doing it correctly or any modification needs to be done .


Kindly suggest ...   Diagram and config files are attached.


Please note that they don't have any proxy server as of now. and in the diagram I am discussing about R4 and R5 routers .


thanks


Jibson

Correct Answer by Marcin Latosiewicz about 6 years 6 months ago

My big post just got deleted because of a hickup of internet .....



Please correct routing.


Having same route twice in your case achieves load balancing per packet!


Idealy with you requirements.


You would have:

- static route pointing to hub IP address via physical address with low metric.

- default static route with high metric (acting as fallback)

- default route advertised via ospf to all spokes (or static route via lower metric then the one above and possibly some route tracking)

-(optional, if needed) route for management access.



Once you correct this, let's discuss rest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marcin Latosiewicz Wed, 09/29/2010 - 09:15
User Badges:
  • Cisco Employee,

Jibson,


I would suggest to look at CPU load on hub routers and on BW utilization on interface poiting to the internet - to see if you're not oversubscribing the CPU or the bandwidth.


If you're using same interface to terminate DMVPN and going to the internet for web... well this could be designed a bit better ;-)


Adding a cacheing engine or proxy will for sure help.


As a general rule you might consider traffic shaping to smooth out traffic spikes.

But the problem is very generic, maybe not coming from DMVPN infrastracture but somewhere else?


Marcin

Hi marcin,


Thanks for your support,


As you suggested i am going to recommend the same to the customer.


1. in the branch router i am using two default routes one for dialer  and the other one is pointed to the hub router tunnel interface , is that configuration ok ?

    I have tried PBR as well  in the branch router to forward 80,443 & 21 traffic. but it was not working .

2. could you please guide me how to check interface bandwidth utilization

3. I am having  doubt on NAT as well  . packets are comming from outside interface and after NAT it will take the same interface to go to internet . does it create any troubles or its normal.

Correct Answer
Marcin Latosiewicz Wed, 09/29/2010 - 09:57
User Badges:
  • Cisco Employee,

My big post just got deleted because of a hickup of internet .....



Please correct routing.


Having same route twice in your case achieves load balancing per packet!


Idealy with you requirements.


You would have:

- static route pointing to hub IP address via physical address with low metric.

- default static route with high metric (acting as fallback)

- default route advertised via ospf to all spokes (or static route via lower metric then the one above and possibly some route tracking)

-(optional, if needed) route for management access.



Once you correct this, let's discuss rest.

Hi Marci,


That worked.......... after correcting routes Internet started working normally.  Thanks a LOT for your support....



Now one more issue which i am facing is that few branches are working fine but others are still having issues. I  compared  the  configuration with a working one and the config seems to be ok. any suggestions .

Marcin Latosiewicz Sat, 10/02/2010 - 06:37
User Badges:
  • Cisco Employee,

Jibson,


Can you please open a separate thread on the forums with show techs from both a device which s working fine and device which is affected.


I'll make sure someone looks into that one.


That will at least get us started ;-)


Marcin

Actions

This Discussion