Hi Keith,
I did read that very well explained document more than 3 times before
sending this message. However couldn't figure out what is the answer for
this questions. Might be petr is the person that have good answers for this
questions.
Cheers,
Jeremy
On Fri, Apr 9, 2010 at 2:35 PM, Keith Barker <kbarker_at_ine.com> wrote:
> Jeremy-
>
> Here is a very detailed, step by step walkthrough of the whole process:
>
> http://blog.ine.com/2008/08/02/dmvpn-explained/
>
> Details on latest enhancements are here:
>
> http://blog.ine.com/2008/12/23/dmvpn-phase-3/
>
>
> Regarding the cutover time for the spoke to spoke tunnels, there is
> absolutely a delay as IKE phase 1 and 2 are negotiated and built between the
> spokes. One option for minimizing this is to use DMVPN without the IPSec,
> and use a GET VPN overlay which removes the requirement for the spoke to
> spoke tunnel negotiation and still allows the benefits of IPSec. Example
> of the two combined, with full configs, are here:
>
> http://blog.ine.com/2009/09/30/bob-is-back-dmvpnget-vpn-assistance-needed/
>
> Best wishes,
>
> Keith H. Barker, CCIE #6783
> Instructor
> kbarker_at_ine.com
> Internetwork Expert, Inc.
> http://ine.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> On Apr 8, 2010, at 9:55 PM, jeremy co wrote:
>
> > Hi folks,
> >
> >
> > R2-------------R1(HUB)--------------------R3
> >
> > I faced a doubt on ipsec part of the dmvpn. I've got 3 questions:
> >
> > As the first packet from R2 has to go via hub since it doesn't now about
> > R3's NBMA address.In the mean while that it tries to resolve NMBA address
> > of R3 , still having glean adjacency , it sends packets through
> hub.(another
> > question here is how R2 knows that it should send the packet through hub
> > ???? since all of the routes coming from R1 to R2 have the next-hop of
> R3).
> >
> >
> > Second question is how the tunnel establishment works here? An ipsec
> tunnel
> > establishes between R2 and R1 for the first packet following with R1 to
> R3
> > ipsec tunnel and after R2 and R3 knows about each others NBMA addresses
> > ,they establish ipsec tunnel directly and R2-->R1 ,R1-->R3 ipsec tunnels
> > will die after a while ? or being up for update exchanges between hub and
> > spokes?
> >
> >
> >
> > What is the impact of dmvpn here on voice traffic? from tunnel
> > establishment point of view? Is the audible voice distortion caused by
> > switching from spoke-hub-spoke ipsec tunnels to spoke-spoke ipsec
> tunnels?
> >
> >
> >
> >
> >
> >
> > Cheers,
> >
> >
> > Jeremy
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 09 2010 - 15:51:48 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:56 ART