I have been searching for a solution to this question for quite a while and I have not found what I need just yet. I have configured a dual cloud DMVPN that utilizes dual ISP connections at the hub and the spoke sites and it works fine, but the problem is one that I don't seem to see anyone talking about. With the dual cloud when one link in any location fails and that site fails over to the back DMVPN side, every site fails over to the backup side. I have this setup and tested, and no matter what site goes down (hub or spoke), every site fails over to the backup ISP side. This is not a great solution because most backup links are not bandwidth heavy enough to run like this when their primary links are still functioning. Every forum and design guide that I have read do not discuss this matter and say if there is a way to make each site's tunnel interfaces redundant to all other site's tunnel interfaces.
For instance if Fe0/0 is primary hub and Fe0/1 is secondary hub, and these are tunnel interfaces 0 and 1 respectively, and at the spoke site the design is the same (Fe0/0 primary, Fe0/1 secondary, tunnels 0 and 1 respectively) is there any way to have only the failing sites tunnel failover and talk to the primary of the hub. So if the spoke primary interface goes down, which means tunnel 0 goes down on the spoke, is there any way to make the secondary interface/tunnel communicate with the primary interface/tunnel of the hub? In simplest terms I don't want all of my sites to failover because one spoke site primary goes down, the hub secondary does not have enough bandwidth to run all of the spokes steadily, and if the primary at the hub is still up this becomes more frustrating.
If anyone has any ideas I would be very appreciative.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...