we have a vpn core (full mesh) between three sites with Cisco 3645 routers. Each site has two 3645 routers (R1 & R2). Each router has four tunnels to a remote. On top of that, we have routing protocol (OSPF) over gre tunnel.
Here is the problem we are having: when we lost a tunnel, it takes ospf upto 8 seconds to converge. Does anyone know a better way to speed up the convergence or is there a better way to design a full mesh vpn core?
8 seconds is pretty good for default OSPF. Have you looked at where the delays are occuring? If your tunnels are solid, you should be able to tune the hello timer down to one second and declare the tunnel down after missing two consecutive hellos, but you want to avoid having your network thrash.
If your VPNs are fast enough (delay is what counts), you could also consider switching to IS-IS, which allows configuring fast enough hellos to detect link down in one second. See chapter two of my book, High Availability Networking with Cisco, for tips on speeding up route convergence with OSPF, EIGRP and IS-IS.
Bottom line, though, is that router to router protocols are not like SONET rings and you are not going to get sub-second convergence using standard routing protocols.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :