Single Hub, dual DMVPN cloud over 2 WAN links. At Spoke site, both WAN links connected to single router. The requirement is to route specific application(email, FTP) via secondary DMVPN cloud , and fail-over to primary DMVPN cloud if secondary fails.
This can be achieved by 2 option at spoke router:
1) Policy based Route, 2 application(Email,FTP) , use next-hop-ip HUB Secondary DMVPN Tunnel IP . To achieve fail-over, i would need to track availability of next-hop-ip via IP SLA, and apply in PBR route-map.
2) Tweak Routing Protocol(OSPF or EIGRP) cost to prefer both Server IP via Secondary DMVPN Tunnel.
Now the question is, i dont see any problem at spoke router, but at HUB. How do Hub router return the traffic via secondary DMVPN tunnel in both above Options ? Do I need to apply PBR in HUB, saying that if match Server Source IP, exit interface is Seconday DMVPN tunnel ? but how about fail-over to primary DMVPN ? Or if use Routing protocol, how to make sure traffic that came from secondary DMVPN tunnel should return via the same way? Could be possible to use route tagging?
Normal routing is not application aware. You can use PBR to route traffic based on the application, or you can use PfR.
With PfR, you can create class based on the application port number, and assign the type of traffic to a link-group. Within the link-group, you can config one link as primary and the other as backup. So in your case, you can have 2 classes, one for email and FTP, and assign one DMVPN tunnel as primary; rest for the other class, and assign the other DMVPN tunnel as primary.
Thanks. Btw im assuming you suggesting to use pfr in spoke router. But my question is how hub router return the traffic via the same path that it came from. Eg, in pfr i choose tunnel 2 for email class. How does hub router return the traffic via tunnel 2, while tunnel 1 is primary based on routing metric.
Yes, most of the PfR feature are used to control egress traffic; to make the flow symmetric, you can apply similar rule on the hub site as well. So, both hub and spoke will use tunnel 2 for email class.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...