If this is not a good option then what will i do? define 350 peers for each and every router in 350 branches??? define 350 line acl?

In DMVPN all remote branches will registerd with same physical interface interface of hub router, but in this topology i dont have a same single interface for all routers.

Ok are all the spokes through the same provider. Then you can setup tunnels through a logical interface. doesnt have to be a physical interface.

And I still stand by what i said, for any-to-any connection, IPSec itself is bad (forget DMVPN) because it is cumbersome.

Please check my attach file, i already do this.

Why IPSec is bad?? due to overhead?

This is doable. I agree and has been done. But IPSec is a point-to-point protocol more suitable for hub and spoke scenarios. DMVPN is an enhancement to allow for some traffic to flow between spokes thanks to mGRE and NHRP. However, when the requirement is huge with significant traffic between spokes, even Cisco doesnt recommend DMVPN for reasons best known to them. Cisco suggests 80-20 split (80 to hub and 20 to spokes). Ideally, the best full mesh vpn which is what u need i think is an MPLS-VPN.

Apart from this using DMVPN will increase your overhead , adding both IPsec and GRE headers to your IP packet which isnt good as well.

Let me know if it helps. I would be great if somebody else had other thoughts.

We are using DXX/E1 circuits so bandwidth is not an issue, but i am looking into CET because it has less overhead then IPSec

I disagree. DMVPN is fully scalable beyond 350 sites with appropriate hardware 7206vxr npeg1, with sam2 hw accelerator card, etc.

You can make the multipoint dmvpn network, point to point between hub and spokes only (no spoke to spoke tunnels) by keeping the default eigrp split horizon limitation in place (or similar rules for your routing protocol) on the hub's tunnel interface. You can also make the mgre into standard gre if you want point to point, by dynamic tunnels.

with a solid internet service provider (qwest, mci) you can easily get some good qos working as well. both of those networks even on their internet backbones have very low jitter, and excellent ping times.. you can use qos pre-classify on the tunnel interfaces, and a service policy on the external interfaces to handle your egress queueing strategy, etc.

Yes right it can scale to 375 tunnels with EIGRP which is not quite far from 350 i would say if i turned on other features. My contention wasnt with the hardware it was more to do with the feature itself deisgned primarily for p2p communication with a bit of leverage for spoke-2-spoke. It isnt a solution for a full mesh VPN.

This is a very useful link. May just help you.

http://www.cisco.com/application/pdf/en/us/guest/products/ps6658/c1161/cdccont_0900aecd80313ca3.pdf

http://www.cisco.com/en/US/products/ps6658/products_ios_protocol_option_home.html