DMVPN – The Config

So following on from my last post, I have come up with a topology to test a DMVPN Solution;

My Plan is to use setup DMVPN with R1 & R2 forming the “Hub” site, and R3 forming the “Spoke” site, R5 is just there to add an additional layer to the IGP I will be using (probably EIGRP, as I believe OSPF can have problems running over a DMVPN due to its link-state nature)

If you’re wondering where R4 is, its forming my “Internet” cloud.

I haven’t really included IP addressing on this diagram, but if you see 172.24.0.0/16 address in the config, I have used this range to simulate the public address space. with 10.0.0.0/8 representing the private address space.

This setup is what is technically called a dual cloud DMVPN setup, as there are two DMVPN tunnels going to each spoke, this provides redundancy should there be a failure of one of the routers at the hub.

There are two ways to direct traffic flows with this dual cloud setup, you could use your IGP to load balance across both tunnels, or you could set the metric of one of the tunnels so that one is prefered and one is secondary, I don’t really see much problem with either option, I guess its down to personal preference unless someone can suggest otherwise.

Read more of this post

Advertisements

VPN Technologies

At work we are looking at moving over to a new ISP, so will take the opportunity to deploy a new edge module to replace are current crumbling poorly designed mess (implemented before i started i might add!)

Part of this will be looking at alternative VPN solutions, at the moment we use a pair of ASA’s in the UK, and 1801 routers at our remote sites, they are running Site-to-Site IPsec Crypto Maps, with static routes pointing at the ASA’s.

My problem with this setup is the interesting traffic ACL’s, they always cause a headache, they never work right first time, and can be a pain to troubleshoot, and then there’s the NATting issues….

Read more of this post