Re: DMVPN question

From: Wes Stevens (wrsteve33-gsccie@yahoo.com)
Date: Thu Jan 15 2009 - 00:41:18 ARST

• Next message: Thomas Renzy (threnzy): "RE: DMVPN question"
• Previous message: Raghav Bhargava: "MST configuration"
• Maybe in reply to: Fake Name: "DMVPN question"
• Next in thread: Thomas Renzy (threnzy): "RE: DMVPN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

One other problem at least in my network is our addressing has evolved over the years and is complicated by multiple mergers. It is a mess and hard to summarize. Others may be in better shape here. We were running eigrp before through an atm core and were starting to get into trouble even though we summarized as well as we could. BGP through the core and eigrp at the site/campus level has fixed this. You have to pay attention to the redistribution especially at sites that are dual connected, but it scales well.

Using stub on the dmvpn spoke routers only works if you don't have routing layers below which in a large number of our sites we do.

I have become a bit of a BGP bigot through this process :)

----- Original Message ----
From: Roman Rodichev <roman@iementor.com>
To: Wes Stevens <wrsteve33-gsccie@yahoo.com>; Fake Name <fname84@gmail.com>
Cc: Cisco certification <ccielab@groupstudy.com>
Sent: Wednesday, January 14, 2009 7:52:56 PM
Subject: RE: DMVPN question

Hey Wes, actually DMVPN phase 3 can scale well for 3000-4000 sites and
beyond (especially with a hierarchical/regional design and/or multiple hubs
behind SLB with IPSEC offloaded). I personally worked on couple of
implementations of around 1500 sites and it works great! Route summarization
is the key. Without route summarization, it's hard to scale EIGRP. The
beauty of EIGRP route summarization with Phase 3 is that you can summarize
something like 10/8 from hub to all spokes, and spoke-to-spoke communication
still works!

Also, "eigrp stub" can help on remote sites. The problem with eigrp stub is
that ALL sites must have it configured. This is a common misconception.
Configuring eigrp stub on a few DMVPN spokes, doesn't make them stubs.
Dual-attached spokes can also be EIGRP stubs as long as you use "leak-map".

And I'm sure you know that DMVPN is meant for spoke-to-spoke communication.

Phase 3 is the key. Phase 2 sucks.

Roman Rodichev
5xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider)
Instructor, Content Developer
ieMentor Corporation http://www.iementor.com
Y!M: roman7927

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Wes
Stevens
Sent: Wednesday, January 14, 2009 7:12 PM
To: Roman Rodichev; Fake Name
Cc: Cisco certification
Subject: Re: DMVPN question

How far do you think this will scale? Not enough for most networks. It is
nice to not have the routing points on the PE routers but it does not scale.
Also you lose the sudo any to any that an l3vpn provides. If you are going
to do voice this is very useful for CAC. If you overlay the dmvpn you are
back to hub and spoke and CAC gets real tricky.

----- Original Message ----
From: Roman Rodichev <roman@iementor.com>
To: Fake Name <fname84@gmail.com>
Cc: Cisco certification <ccielab@groupstudy.com>
Sent: Tuesday, January 13, 2009 12:06:11 PM
Subject: Re: DMVPN question

I'd recommend setting up dmvpn without protection on top of mpls. Run the
same routing protocol (eigrp preferred) on the mpls dmvpn and on the
Internet dmvpn. Rely on delay metric. Use phase 3. MPLS provider will be
only responsible to route pe-ce /30s. You control routing.

On Jan 13, 2009, at 9:59 AM, "Fake Name" <fname84@gmail.com> wrote:

> If I want to use dmvpn to be a backup for the already existing mpls
network
> where each location has a connection to the internet and mpls connections
to
> eachother what is the best practice? Would it be configuring dmvpn and
> using the same routing protocol instance between everything and playing
with
> the metrics to make sure traffic is going over the mpls network and not
the
> dmvpn when its up and when it does down to use the dmvpn backup? Or would
> it be using another routing protocol for the dmvpn network with a higher
> administrative distance so that routes dont go in the table till the mpls
> network is down?
>
> Please offer some advice on best practices?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Thomas Renzy (threnzy): "RE: DMVPN question"
• Previous message: Raghav Bhargava: "MST configuration"
• Maybe in reply to: Fake Name: "DMVPN question"
• Next in thread: Thomas Renzy (threnzy): "RE: DMVPN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:38 ARST