Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMVPN Phase 3 dual cloud Spoke-to-Spoke communication

Hello,

I'd like to confirm/verify if Phase 3 allows Spokes in different DMVPN domains to communicate directly or is traffic from Spoke-DMVPN-A routed across the Hubs to Spoke-DMVPN-B? Any authoritative documentation on CCO on this specific scenario is greatly appreciated.

Thanks.

-Mike

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Mike, I might be off, not

Mike, 

I might be off, not working with VPNs for a year now, but here goes. 

It really depends on what is a domain for you. Remember that NHRP network ID is locally significant.

Ultimately same network ID allows NHRP resolution requests to jump between different tunnels. 

If network ID is different then the "domain" is different and NHRP should not flow between. 

For the rest it's all based on routing, it's just a question of making conscious design choices before deploying and a bit of testing. 

M.

3 REPLIES
Cisco Employee

Mike, I might be off, not

Mike, 

I might be off, not working with VPNs for a year now, but here goes. 

It really depends on what is a domain for you. Remember that NHRP network ID is locally significant.

Ultimately same network ID allows NHRP resolution requests to jump between different tunnels. 

If network ID is different then the "domain" is different and NHRP should not flow between. 

For the rest it's all based on routing, it's just a question of making conscious design choices before deploying and a bit of testing. 

M.

New Member

Hi Marcin,Thank you for the

Hi Marcin,

Thank you for the clarification. I'm just making sure Phase 3 has nothing to do with the ID.

-Mike

Cisco Employee

Mike, I would be careful

Mike, 

I would be careful though about the end goal of a design is. 

The separation is there for a reason (on ID level), DMVPN phase 3 design is meant to be multipoint design with redundancy built around routing (at least in the most typical scenario). 

Do not try to over-complicate the design, unless you test it thoroughly first. 

M.

128
Views
0
Helpful
3
Replies