Dear All, I am mid way through delivery of an MPLS network for a customer. We have the option of adding a DMVPN internet backup. The WAN routing protocol is BGP for both DMVPN and MPLS (MPLS is straight routing - no overlay or getvpn) The customer has some pretty odd ideas about how to use the service, mainly they are very paranoid about oversubscibing the MPLS link for their "golden" application, so have come up with all kinds of weird and wacky solutions that they call "requirements". As a result, they have the idea that they cannot route all traffic over MPLS, and instead want to create a mix of route filter, PBR, NAT, ACL and all kinds of horrible things to keep the MPLS link "sacred". I would like to guide them to use the service in a better way leveraging PfR, something simple to start with like: - use MPLS all of the time by default - when it reaches 80% utilisation, switch the non-critical traffic to DMVPN yet keep the "golden" app on MPLS - this policy is applied at both branch and hub BRs I have read this cisco wiki (it is rather good!!!!): http://docwiki.cisco.com/wiki/PfR:Solutions:EnterpriseDualVPN#PfR_performance_and_load_policy_test_case Where I get a bit lost is in the symmetry. Is it symmetrical? For example, if a branch MPLS link hits 81% outbound utilisation, then uses dynamic PBR to switch outbound traffic to VPN. Sorted! but what about the inbound? If that is hitting 81% also. What does PfR do? This is where I get a bit lost. For the inbound to branch, the hub must do something surely? Consider the MPLS capacity is 100M - the 8.1M to the branch is in policy so should keep forwarding via MPLS. How does it know that the branch is OOP? If it doesn't do that, you end up with assymetric traffic (branch outbound DMVPN, inbound MPLS). Am I missing something here? Any advice you can give us much appreciated. Thanks a million! Phil
... View more