RE: DMVPN question

From: Thomas Renzy (threnzy) (threnzy@cisco.com)
Date: Thu Jan 15 2009 - 01:39:21 ARST

• Next message: Jonathan Greenwood II: "Re: MST configuration"
• Previous message: Jason Madsen: "Re: MST configuration"
• Maybe in reply to: Fake Name: "DMVPN question"
• Next in thread: Wes Stevens: "Re: DMVPN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Some other benefits of DMVPN phase 3 include

- NHRP shortcut switching with CEF (Reduces time for spokes to start
communicating)
- Merging of separate Phase 2 networks to form a larger, hierarchical
DMVPN network (so spokes can communicate directly without the need to go
through 2 different hubs)
- For folks running OSPF, you can now configure point-to-multipoint
networks rather than broadcast networks on your interface.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660
/ps6808/prod_white_paper0900aecd8055c34e_ps6658_Products_White_Paper.htm
l

Of course, there are some platforms that don't support Phase 3 yet. But
a lot of companies seem to be running Phase 2 with a very large number
of spokes without issue.

Thomas

Thomas Renzy
Network Consulting Engineer
Cisco Systems
Office: (408)526-8248
Mobile: (650)248-1099
E-mail: threnzy@cisco.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Roman Rodichev
Sent: Wednesday, January 14, 2009 5:53 PM
To: 'Wes Stevens'; 'Fake Name'
Cc: 'Cisco certification'
Subject: RE: DMVPN question

Hey Wes, actually DMVPN phase 3 can scale well for 3000-4000 sites and
beyond (especially with a hierarchical/regional design and/or multiple
hubs behind SLB with IPSEC offloaded). I personally worked on couple of
implementations of around 1500 sites and it works great! Route
summarization is the key. Without route summarization, it's hard to
scale EIGRP. The beauty of EIGRP route summarization with Phase 3 is
that you can summarize something like 10/8 from hub to all spokes, and
spoke-to-spoke communication still works!

Also, "eigrp stub" can help on remote sites. The problem with eigrp stub
is that ALL sites must have it configured. This is a common
misconception.
Configuring eigrp stub on a few DMVPN spokes, doesn't make them stubs.
Dual-attached spokes can also be EIGRP stubs as long as you use
"leak-map".

And I'm sure you know that DMVPN is meant for spoke-to-spoke
communication.

Phase 3 is the key. Phase 2 sucks.

Roman Rodichev
5xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider)
Instructor, Content Developer ieMentor Corporation
http://www.iementor.com
Y!M: roman7927

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Wes Stevens
Sent: Wednesday, January 14, 2009 7:12 PM
To: Roman Rodichev; Fake Name
Cc: Cisco certification
Subject: Re: DMVPN question

How far do you think this will scale? Not enough for most networks. It
is nice to not have the routing points on the PE routers but it does not
scale.
Also you lose the sudo any to any that an l3vpn provides. If you are
going to do voice this is very useful for CAC. If you overlay the dmvpn
you are back to hub and spoke and CAC gets real tricky.

----- Original Message ----
From: Roman Rodichev <roman@iementor.com>
To: Fake Name <fname84@gmail.com>
Cc: Cisco certification <ccielab@groupstudy.com>
Sent: Tuesday, January 13, 2009 12:06:11 PM
Subject: Re: DMVPN question

I'd recommend setting up dmvpn without protection on top of mpls. Run
the same routing protocol (eigrp preferred) on the mpls dmvpn and on the
Internet dmvpn. Rely on delay metric. Use phase 3. MPLS provider will be
only responsible to route pe-ce /30s. You control routing.

On Jan 13, 2009, at 9:59 AM, "Fake Name" <fname84@gmail.com> wrote:

> If I want to use dmvpn to be a backup for the already existing mpls
network
> where each location has a connection to the internet and mpls
> connections
to
> eachother what is the best practice? Would it be configuring dmvpn
> and using the same routing protocol instance between everything and
> playing
with
> the metrics to make sure traffic is going over the mpls network and
> not
the
> dmvpn when its up and when it does down to use the dmvpn backup? Or
> would it be using another routing protocol for the dmvpn network with
> a higher administrative distance so that routes dont go in the table
> till the mpls network is down?
>
> Please offer some advice on best practices?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jonathan Greenwood II: "Re: MST configuration"
• Previous message: Jason Madsen: "Re: MST configuration"
• Maybe in reply to: Fake Name: "DMVPN question"
• Next in thread: Wes Stevens: "Re: DMVPN question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:38 ARST