10-11-2013 07:38 PM - edited 02-21-2020 07:14 PM
Hi All,
I have scenario as below.
Single Hub, dual DMVPN cloud over 2 WAN links. At Spoke site, both WAN links connected to single router. The requirement is to route specific application(email, FTP) via secondary DMVPN cloud , and fail-over to primary DMVPN cloud if secondary fails.
This can be achieved by 2 option at spoke router:
1) Policy based Route, 2 application(Email,FTP) , use next-hop-ip HUB Secondary DMVPN Tunnel IP . To achieve fail-over, i would need to track availability of next-hop-ip via IP SLA, and apply in PBR route-map.
2) Tweak Routing Protocol(OSPF or EIGRP) cost to prefer both Server IP via Secondary DMVPN Tunnel.
Now the question is, i dont see any problem at spoke router, but at HUB. How do Hub router return the traffic via secondary DMVPN tunnel in both above Options ? Do I need to apply PBR in HUB, saying that if match Server Source IP, exit interface is Seconday DMVPN tunnel ? but how about fail-over to primary DMVPN ? Or if use Routing protocol, how to make sure traffic that came from secondary DMVPN tunnel should return via the same way? Could be possible to use route tagging?
Any suggestion is welcomed.
Regards,
Nagis
10-14-2013 12:22 PM
Hi Nagis,
Normal routing is not application aware. You can use PBR to route traffic based on the application, or you can use PfR.
With PfR, you can create class based on the application port number, and assign the type of traffic to a link-group. Within the link-group, you can config one link as primary and the other as backup. So in your case, you can have 2 classes, one for email and FTP, and assign one DMVPN tunnel as primary; rest for the other class, and assign the other DMVPN tunnel as primary.
Check the PfR wiki page for some config examples.
http://docwiki.cisco.com/wiki/PfR:Home
HTH,
Lei Tian
10-23-2013 11:56 PM
Hi,
Thanks. Btw im assuming you suggesting to use pfr in spoke router. But my question is how hub router return the traffic via the same path that it came from. Eg, in pfr i choose tunnel 2 for email class. How does hub router return the traffic via tunnel 2, while tunnel 1 is primary based on routing metric.
Sent from Cisco Technical Support Android App
10-24-2013 03:59 AM
Yes, most of the PfR feature are used to control egress traffic; to make the flow symmetric, you can apply similar rule on the hub site as well. So, both hub and spoke will use tunnel 2 for email class.
HTH,
Lei Tian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide