Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
farerabbit
farerabbit
Community Member
‎10-16-2013 02:34 AM
‎10-16-2013 02:34 AM

Problem with DMVPN redundant tunneling topology

Hi, guys! I'm experiencing problems with NHRP in redundunt DMVPN topology. I'll try to describe the issue:

We have three routers: 1 hub and 2 spokes

Hub have two links to different ISPs, spokes have one link. I created two tunnel interfaces on hub and tied them sequently to interfaces refered to ISP1 and ISP2. The same interfaces were created on spokes. On each of tunnel interface I configured MGRE and NHRP with (I think this is correct ) different tunnel keys and nhrp network ids. Also on hub router I configured IP SLA and tracking between sought interfaces. So I have two DMVPN networks on primary tunnel interface and on redandant. But when I shutdown primary interface, after tracking choosing the redandant route, ip nhrp table becoms empty, and I can't ping any spoke tunnel interface, phisical ip interfaces are reacheble, but tunnel interfaces are not. So the scheme with IP SLA tracking between to DMVPN networks does not work.

     I've tried to find the description of this siuation in SRND or CCNP Security guides, but found schems using two hub routers - not one. I need

fault-tolerant DMVPN spoke-to-spoke scheme (on two ISP) on ONE router. So what am I doing wrong, or is it possiple to reach using IP SLA principally or not?

Config of hub and spoke routers in attache.

15369188-Cisco2821-3-config-6.zip
15369204-2821-1-confg.zip
0 Helpful
Reply
2 REPLIES
Richard Burts
Hall of Fame Super Gold Richard Burts Hall of Fame Super Gold
Hall of Fame Super Gold
‎10-16-2013 04:54 AM
‎10-16-2013 04:54 AM

Problem with DMVPN redundant tunneling topology

I am not authoritative on this but I believe that it does not work to have two tunnels from a spoke router to the same hub router. It works fine for a spoke router to have two tunnels to two hubs for redundancy. And it works fine for a hub to have two tunnel interfaces if you want to spread load between interfaces. But I think that it does not work for the same hub to have two tunnels to the same spoke. I believe that the issue is that the spoke establishes a neighbor relationship with the hub on one tunnel just fine. But when it attempts to negotiate the neighbor relationship on the second tunnel it discovers that it already has a neighbor relationship and it does not come up on the second tunnel. If you want redundancy I believe that you need two hub routers.

HTH

Rick

0 Helpful
Reply
Vasilii Mikhailovskii
Vasilii Mikhailovskii Gold
Gold
‎10-16-2013 10:07 AM
‎10-16-2013 10:07 AM

Re: Problem with DMVPN redundant tunneling topology

Hello,Timofey.

I used to configure redundant tunnels (in simular casese) using VRFs.

You could put one ISP into single VRF. This will allow both tunnels to run simultaneously, but won't allow you to use this second ISP for NAT (end-user access).

0 Helpful
Reply
Latest Documents
PFRv3 channel state questions
Created by Vasilii Mikhailovskii on 04-23-2018 05:06 AM
0
0
0
0
This document gives several answers on frequently asked questions for PFRv3 channel state behavior. Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st... view more
VPN and static NAT problem
Created by Jacopo Belcredi on 04-23-2018 04:07 AM
0
0
0
0
Symptoms The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921). The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN. I couldn't connect to the hos... view more
Cisco ESW-520-24P Switch Configuration
Created by Kevin DeMott on 04-19-2018 01:49 PM
0
0
0
0
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers.  When we try to change the wiring and configuration, we run in to connectivity issues.  Attached is a des... view more
All Documents
147
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
Glimpse of "EIGRP name mode configuration"
Created by ashirkar on 10-01-2013 02:06 AM
7
79
7
79
What happens, when router receives packet?
Created by ashirkar on 10-18-2012 03:19 AM
31
49
31
49
BLOG (No Title)
Created by Akula Jyoti Lakshmi on 08-09-2011 09:13 PM
15
43
15
43
All Blogs