DMVPN Dual Hub Single Cloud

lagapidis · August 6, 2021, 6:42am

Hello Rahul

Thanks for pointing that out! I will let Rene know to make the changes…

Laz

ReneMolenaar · August 6, 2021, 7:54am

Thanks @Rahul_K I just fixed this.

Rene

Rahul_K · August 6, 2021, 4:39pm

Hello Rene, this line still has wrong Router Hostname. It should be Spoke2 and not Spoke1 since the configuration being done is for Spoke2.

ReneMolenaar · August 9, 2021, 2:18pm

Thanks again @Rahul_K . I fixed this one as well.

Rene

salmansaeed92 · March 25, 2022, 8:43pm

Hello Rene,
I have used your template for dual hub single but the issue is that when i do the trace my spoke site goes to hub 1 then hub 2 then hub 1 again and then to local network. on Hub 2 i configured nhs and nhrp so that hub 2 is considered as a client of hub 1. How can i solve this issue. Any idea

lagapidis · March 29, 2022, 5:15am

Hello Salman

If you take a look at the routing table of your spoke, you will find that you have two equal cost paths to both hubs. You should see something similar to this:

Spoke1#show ip route ospf

      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/1002] via 172.16.1.2, 00:01:50, Tunnel0
                 [110/1002] via 172.16.1.1, 00:05:01, Tunnel0
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/1001] via 172.16.1.4, 00:04:51, Tunnel0
O IA  10.10.10.0/24 [110/1001] via 172.16.1.2, 00:01:50, Tunnel0
                     [110/1001] via 172.16.1.1, 00:05:01, Tunnel0

Note that 1.1.1.1 has two equal-cost paths via 172.16.1.1 and 176.16.1.2, the two hubs. When this occurs, you will find that OSPF will attempt to load balance traffic between equal-cost routes, and it will do this by alternating between the two available routes. This is why you see the behavior you are describing.

Now there are a couple of solutions that you can use to resolve this: use a distribute-list or use summarization. Neither is ideal as stated and explained in the lesson.

As stated at the very end of the lesson:

As we have seen, adding a second hub using a single cloud is very easy to configure but routing can be challenging. Since we use a single multipoint GRE interface, it’s difficult to prefer one hub router over another. Because of this, it’s unlikely to see this setup in production.

It is always preferable to use the dual hub dual cloud solution if you want to introduce redundancy at the hub.

I hope this has been helpful!

Laz

gogosb · October 17, 2022, 11:20am

Hi,
I have to configure 3 HUBS. In this case I think only the 1st HUB has to be configured on 2nd and 3rd. But will OSPF work if HUB1 stops? Do I need to configure both the H1 and H2 on H3? And H1, H2 to each other?

lagapidis · October 20, 2022, 5:09am

Hello Barnabas

Yes, it is possible to have three or more hubs in a DMVPN configuration. You simply have to create a third hub in the same way you created the first and second hubs, and then on the spokes make sure to add an additional NHRP map command. You can find more information on how to do this in the following two Cisco community posts:

I hope this has been helpful!

Laz

gogosb · October 26, 2022, 7:28am

Hi,
In my case two Hubs in one site and they are connected on LAN with EIGRP routing so I think I don’t have to create DMVPN tunnel between them, but the 3rd Hub is on another site. In this case I think I must create two static tunnels from the 3rd Hub to the first two, must not I?

lagapidis · October 29, 2022, 5:45am

Hello Barnabas

If you are configuring a single cloud scenario, then yes, you will need there to be a link between the primary hub and both secondary hubs. The two secondary hubs act as “clients” of the primary hub and require a connection. However, you only need to create a link between each secondary hub and the primary hub.

Now if you’re implementing the dual cloud scenario, you won’t need to explicitly create a tunnel between the hubs like you do in the previous scenario, because in this case, the secondary hubs are not clients of the primary hub. Each hub is configured independently.

I hope this has been helpful!

Laz

azmuddincisco · July 25, 2024, 3:02am

Hello Rene/Laz,
I am referring to the below diagram for my question. The topology has one DMVPN cloud with two Hubs: DC-CORE-1 and DC-CORE-2. However, the MPLS connection is being used as the primary connection here, but Site 2 does not have any MPLS circuit. Instead site 2 has two internet connections. In this setup, MPLS is preferred to be the primary circuit whenever available. No ECMP is not expected in this setup and full symmetric routing is desired. What would be the best approach to design this in terms of routing protocols. In another words, what routing protocols should be used here? Please provide me a high level configuration example if possible.

Thanks a lot.

lagapidis · July 30, 2024, 10:02am

Hello Azm

First, you should ensure that your underlying DMVPN dual hub single cloud setup is correctly configured. In your scenario, you have redundant links at the spokes, and since we are using a single mGRE tunnel, you must create a single tunnel interface on each spoke that uses a loopback interface as the source tunnel.

Once that is done, in order to ensure the proper redundancy, you will have to ensure that the loopack address is reachable via the routing protocol you use. From there on, you simply have to employ a routing protocol that will correctly route traffic as you desire. OSPF may not be the best choice because of the fact that you want to prefer the MPLS networks over the Internet. As demonstrated in the lesson itself, it’s difficult to use OSPF to prefer one hub over another.

EIGRP may be a better option as it gives you more flexibility in preferring one hub or path over another. Ultimately, the best way f examining the behavior of such a topology is to test it out in a lab scenario. If you do so, keep us posted as to your progress…

I hope this has been helpful!

Laz