Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

Single HUB with dual ISP DMVPN design

Hi All,

Tried to find the clear explanation for this for last couple of days but coudn't. So please help as I'm new to DMVPNs

Currently we have a single DMVPN cloude between 1 hub and 2 spokes.  Hub has only one uplink (ADSL)  and each Spoke has single uplink as well. We are hoping to install a 3G module ( with a 2nd ISP ) only on the hub and use the 3G uplink as the back up, so that the spokes can link up with the HUB via its 3G interface when the primary ADSL goes down.

DMVPN-HUB-SPOKE.jpg

So my question is, what is the best way to approach this ? I've seen lot of articles on DUAL-HUB/DUAL-ISP  but haven't seen much with this setup. Please point me in to the right direction. Also if you can provide me with some examples that'll be much appreciated.

Thanks in advance.

Everyone's tags (3)
1 REPLY
Bronze

Single HUB with dual ISP DMVPN design

Answers to my own question:

1) The best case scenario, Two physical routers at the HUB site, Two DMVPN clouds, one terminating on each hub

2) If you can't put two routers in the HUB site, you have two options:

     I)  Introduce a VRF (VRF-ISP2) and configure the second ISP uplink to be in the VRF, configure second DMVPN           HUB tunnel interface          in the GLobal Routing Table (GRT) and configure this tunnels "transport traffic" to           originate from within the VRF ( aka, put the command, tunnel vrf VRF-ISP2 ). Configure SPOKEs to have two           tunnels one terminated on the primary interface (public IP) and the otherone on the ISP2 interface.. ( you should           have a static default gateway route within the VRF pointing its nexthop IP of the ISP2). This alone should get you           going, you will see two routes for all internal subnets via two DMVPN paths...  Tweek the Delays if you want           single route to appear on the routing table and the otherone to be a feasible successor incase of EIGRP..

           But if you want your HUB sites' internet access to be redundant as well, this needs more trickery, I have tried           many things in the past but the best setup I have configured so far is to have GRE tunnel between GRT and VRF,           and to have a second default gateway with higher metric poining this GRE tunnel on the Global routing table.. of           cource you will have to configure NAT'ing on GRT and VRF both. and also a static route in the VRF pointing the           GRE tunnel for the HUB sites' internal subnet so it knows where to send return traffic.

      II) The other way to do this to have two VRFs on the HUB, one for the ISP1 and one for ISP2, run mBGP and           export/import routes between VRFs using route targets..  So what would you have on your Global routing table..           Nothing.. .  Inside your VRF-ISP1 will have all primary routes + some imported secondary routes from the           Other VRF which can be used as backup routes..  But this method is only convenient if you are building the           topology from the scratch and NOT adding the second Link on an operational router.. you don't want to take the           rist of tring to migrate all interfaces/tunnels from GRT to VRF remotely and lock yourself out... ..  also this is a           bit more involved as far as BGP and VRF goes.. If you leave the comapny and a new person takes over.. they will           curse you so much hehe..  This is kind of valid for the option 1 as well..

867
Views
8
Helpful
1
Replies
CreatePlease login to create content