03-28-2012 01:27 AM - edited 03-04-2019 03:49 PM
Ok im labbing this up at the moment in preparation for a new project, the basic layout is:
Firstly when I just setup a routed connection between router 1&2 everything worked fine:
Switch1 - Vlan1: ip igmp snooping
Router1 - internal interface: ip pim sparse-dense-mode
Router1 - external interface: ip pim sparse-dense-mode
Router2 - external interface: ip pim sparse-dense-mode
Router2 - internal interface: ip pim sparse-dense-mode
Switch2 - Vlan1: ip igmp snooping
Using PRTG I see that the bitrate all the way through is consistently ~150kb/s (my video streaming bitrate)
Then I tested with a DMVPN configured between Router 1&2 once again everything worked fine.
The only changes were, I removed ip pim sparse-dense-mode from the external router interfaces and put it on the tunnel interfaces.
When I use PRTG to observe the traffic, it was ~150kb/s all the way up to Router1 internal interface, then both of the DMVPN interfaces and Router2 internal interface showed ~300kb/s. The switch ports for client 1 & 2 only showed ~150kb/s.
So... what am I missing here? Why is the bandwidth double across the GRE IPSEC connection?
03-31-2012 09:36 AM
Hi,
This is interesting. Can you please post the entire configuration from both your routers? Also, if you have the option of increasing or decreasing the multicast data stream rate, is the amount of data carried by the DMVPN always roughly twice the rate of the original stream?
Best regards,
Peter
04-01-2012 11:36 PM
By any chance is the multicast source the DMVPN Spoke? Maybe it is being replicated back to the source (e.g with DMVPN to allow spoke-spoke comms) with some strange multicast config.
Sent from Cisco Technical Support iPhone App
04-17-2012 12:37 AM
I believe this is because the DMVPN host has to encrypt each packet as if it is an individual stream due to the way IPSec is processed for each destination. I do not think the DMVPN host can encrypt/encapsulate a single packet then sent it to 2 different destinations. Correct me if I am wrong but I believe IPSec encrypted packet's original source and destinations ip headers are encapsulated with the rest of the data and a new source and destination header is applied and these new source and destination headers are for the individual destination routers ip instead of just being a multicast destination ip.
Hope this helps.
04-19-2012 08:42 PM
The WAN destination is the same... its the internal IP address behind the other router that the traffic is destined for multiple machines.
I'll grab the configs from the routers shortly.
04-23-2012 12:20 AM
Hub config:
Spoke Config:
Any words of wisdom appreciated.
12-20-2013 01:13 AM
i just found this post and i might be late any way, DMVPN is a NBMA network, therefore you need on all tunnel interfaces:
ip pin nbma-mode
Regards
Andrea
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: