cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1460
Views
0
Helpful
3
Replies

Asymmetric Routing in Dual DMVPN Cloud

NAGISWAREN2
Level 1
Level 1

Hi All,

I have scenario as below.

Single Hub, dual DMVPN cloud over 2 WAN links. At Spoke site, both WAN links connected to single router. The requirement is to route specific application(email, FTP)  via secondary DMVPN cloud , and fail-over to primary DMVPN cloud if secondary fails. 

This can be achieved by 2 option at spoke router:

1) Policy based Route, 2 application(Email,FTP) , use next-hop-ip HUB Secondary DMVPN Tunnel IP . To achieve fail-over, i would need to track availability of next-hop-ip via IP SLA, and apply in PBR route-map.

2) Tweak Routing Protocol(OSPF or EIGRP) cost to prefer both Server IP via Secondary DMVPN Tunnel.

Now the question is, i dont see any problem at spoke router, but at HUB. How do Hub router return the traffic via secondary DMVPN tunnel in both above Options ? Do I need to apply PBR in HUB, saying that if match Server Source IP, exit interface is Seconday DMVPN tunnel ? but how about fail-over to primary DMVPN ? Or if use Routing protocol, how to make sure traffic that came from secondary DMVPN tunnel should return via the same way? Could be possible to use route tagging?

Any suggestion is welcomed.

Regards,

Nagis       

Regards, Nagis
3 Replies 3

Lei Tian
Cisco Employee
Cisco Employee

Hi Nagis,

Normal routing is not application aware. You can use PBR to route traffic based on the application, or you can use PfR.

With PfR, you can create class based on the application port number, and assign the type of traffic to a link-group. Within the link-group, you can config one link as primary and the other as backup. So in your case, you can have 2 classes, one for email and FTP, and assign one DMVPN tunnel as primary; rest for the other class, and assign the other DMVPN tunnel as primary.


Check the PfR wiki page for some config examples.

http://docwiki.cisco.com/wiki/PfR:Home

HTH,

Lei Tian

NAGISWAREN2
Level 1
Level 1

Hi,

Thanks. Btw im assuming you suggesting to use pfr in spoke router. But my question is how hub router return the traffic via the same path that it came from. Eg, in pfr i choose tunnel 2 for email class. How does hub router return the traffic via tunnel 2, while tunnel 1 is primary based on routing metric.


Sent from Cisco Technical Support Android App

Regards, Nagis

Yes, most of the PfR feature are used to control egress traffic; to make the flow symmetric, you can apply similar rule on the hub site as well. So, both hub and spoke will use tunnel 2 for email class.

HTH,

Lei Tian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: