Olaniyi,
On your Hub do you have any VPN modules installed to increase performance?
If not this may be recommended as that is a pretty large number of spokes
for a 3800.
I found a couple articles that were interesting.
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6
658/prod_presentation0900aecd80313ca3.pdf
http://www.velocityreviews.com/forums/t40999-c3845-dual-hub-dual-dmvpn-hub-t
o-spoke-limitations.html
It definitely leads to the thought that a 7200 should be able to handle at
least 350 connections per DMVPN tunnel but the 7200 is a higher performance
platform and that is also based on having a VAM-2 module installed. I think
a VPN Acceleration module may increase your performance but it would be good
to get in contact with Cisco to verify on the performance of the 3800 as a
hub in large scale deployments.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Olaniyi Sonubi
Sent: Monday, January 25, 2010 6:46 AM
To: groupstudy
Subject: Issue on NHRP Mapping
Hello all,
I am running DMVPN on my network with a 3800 router as the hub and about 170
spokes connecting to the hub. The NHRP mapping for some of the spoke sites
is usually not completed. From the spoke side it resolves well as shown int
the output of 'show ip nhrp'. But from the hub, the output of 'show ip nhrp'
for those sites is usually blank. Below is some of my configs
Tunnel at the hub
-----------------------------
interface Tunnel10
description HQ DMVPN tunnel to branches
bandwidth 2000000
ip address 10.204.10.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xyz
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip tcp adjust-mss 1360
ip summary-address eigrp 10 172.31.0.0 255.255.0.0 5
ip summary-address eigrp 10 172.29.0.0 255.255.0.0 5
ip summary-address eigrp 10 172.28.0.0 255.255.0.0 5
ip summary-address eigrp 10 172.22.0.0 255.255.0.0 5
tunnel source 10.10.10.10
tunnel mode gre multipoint
tunnel key 10
tunnel protection ipsec profile scpcprof
end
Tunnel at the spoke
-----------------------------
interface Tunnel10
description DMVPN tunnel
bandwidth 500
ip address 10.204.10.91 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xyz
ip nhrp map multicast 10.10.10.10
ip nhrp map 10.204.10.1 10.10.10.10
ip nhrp network-id 10
ip nhrp holdtime 60
ip nhrp nhs 10.204.10.1
ip nhrp registration timeout 30
ip tcp adjust-mss 1360
tunnel source 10.25.2.205
tunnel destination 10.10.10.10
tunnel key 10
tunnel protection ipsec profile scpcprof
end
Spoke
-----
Spoke_Router#sh ip nh
10.204.10.1/32 via 10.204.10.1, Tunnel10 created 00:00:52, never expire
Type: static, Flags: authoritative
NBMA address: 10.10.10.10
Hub
------
Hub_Router#sh ip nh 10.204.10.91
(Blank Output)
What could be the problem?
Thanks.
'Niyi
Blogs and organic groups at http://www.ccie.net
Received on Mon Jan 25 2010 - 07:49:36 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:42 ART