Connecting 20+ sites using VPN

lolholkki · ‎01-24-2014

--------------------------------------------------------------------------------------------------------

-----------------------------UPDATED BELOW ORIGINAL TEXT-------------------------

--------------------------------------------------------------------------------------------------------

~~Hello everyone~~

~~I got tasked at work to design a vpn network with atleast 20 sites. Some of the requirements that i am not sure of how to configure.~~

~~Has to support multicast~~
~~Transport of broadcast packets over multicast enabled networks~~
~~Sites has to be able to communicate with each other~~

I was thinking of a DMVPN solution for this since they want me to configure all the routers before sending them to the other sites. I have configured DMVPN's in the past but in that topology there were no requirements of broadcast and multicast traffic.

~~So my questions for you guys is..~~

~~Do you think using Dmvpn's is the best solution? Does it even work?~~
~~If not Dmvpn's, any ideas to share on how you would of designed it?~~

Any input is appreciated.

-------------------------------------------------------------------------------------------------------------------------------

Hello everyone

Long time has passed since i started this thread, still having issues with this :P But the situation is a bit different now, actually have a somewhat of

a configuration that is....in progress. Would really appreciate it if someone could take a look at my configurations and see what is wrong. Multicast

works if i connect it this way Sending_computer-->Spoke-->Hub-->computer. This means if i connect the receiver directly to the HUB multicast/broadcast works through the tunnel.

The final topology will look like this Sending_Computer->Spoke1-->HUB-->Spoke2-->Receiving_Computer. In other words the sender is connected to a Spoke, multicast should go through the HUB and reach the receiver who also is connected to a spoke.

I hope my explanation is good enough for you guys to understand, the public ip of the HUB is 10.10.10.10.

I have attached the configurations.

Can anyone see something that is misconfigured ?

JohnTylerPearce · ‎01-24-2014

Well, obviously Multicast/Broadcast traffic will not flow over an IPSec connection, so you will have to do IPSec over GRE. In your situation, I would run DMVPN, and or MPLS L3 VPN.

If you do DMVPN, I would do a dual hub scenario.

lolholkki · ‎01-24-2014

So there is no way of setting up a full mesh dmvpn and somehow forward broadcasts/multicasts?

JohnTylerPearce · ‎01-24-2014

Well by definition DMVPN will forward multicast/broadcast, since it's runs off of GRE as well as IPSec.

If you have GNS3 or a test lab, you should be able to test it out.

lolholkki · ‎01-24-2014

I will need to test this before yes, probably in gns3. The sites will also be on different subnets, wont this stop broadcasts as it is in several different broadcast domains?

JohnTylerPearce · ‎01-24-2014

If the sites are going to be in different subnets (good choice), then that will stop broadcasts by default. You can still ru multicast with PIM Sparse or Dense mode. Is there a reason for each site to receive each others broadcast?

lolholkki · ‎01-24-2014

Yes broadcasts and multicasts must be able to be sent and received by all sites. Some systems on each site will be broadcasting information that needs to reach all other sites.