YOU ARE DOWNLOADING DOCUMENT

Please tick the box to continue:

Transcript
Page 1: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

LAR

GE

SCA

LE D

YNA

MIC

M

ULT

IPO

INT

VPN

NO

VEM

BER

200

4

Page 2: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04IN

TRO

DU

CTI

ON

222©

200

4, C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.P

rese

ntat

ion_

ID

Page 3: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Dyn

amic

Mul

tipoi

nt V

PN F

acts

•D

ynam

ic M

ultip

oint

VPN

(DM

VPN

) can

wor

k w

ith

stat

ic ro

utes

but

sho

ws

its p

ower

with

rout

ing

prot

ocol

s•

The

rout

ing

prot

ocol

con

sum

es a

lot o

f CPU

with

so

man

y ne

ighb

ors

•R

esou

rce

cons

umpt

ion

incr

ease

s w

ith th

e nu

mbe

r of

tunn

els

Page 4: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

IPse

c fa

cts

•IP

sec

max

imum

thro

ughp

ut is

bet

ter w

ith la

rge

pack

ets

•O

n m

ediu

m a

nd lo

w p

latfo

rms,

CPU

is im

pact

ed b

y la

rge

SAD

B•

Cis

co re

com

men

ds th

at u

sers

kee

p a

DM

VPN

hub

with

in

reas

onab

le li

mits

•C

onsu

lt yo

ur A

ccou

nt T

eam

abo

ut p

latfo

rm d

etai

ls

Mbp

s

Pack

et s

ize

64 byte

s14

00by

tes

Page 5: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Exam

ple

–C

isco

720

0 Se

ries/

VAM

2

•Th

e C

isco

720

0 Se

ries

Rou

ter i

s a

popu

lar p

latfo

rm

for D

MVP

N•

It ca

n ac

cept

a m

axim

um o

f375

tunn

els

with

out

part

icul

ar a

ttent

ion

(EIG

RP)

•In

that

cas

e, th

e m

ax th

roug

hput

wou

ld b

e42

,000

pps

for 6

4 by

tes

pack

ets

22,0

00 p

psfo

r 140

0 by

tes

pack

ets

Page 6: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Scal

ing

the

Cis

co 7

200

Serie

s/VA

M2

Furt

her

•If

a se

cond

mG

RE

inte

rfac

e is

set

up

on th

e C

isco

72

00 S

erie

s R

oute

r, it

can

acce

pt a

max

imum

of3

50

tunn

els

per i

nter

face

(700

tota

l)•

In th

at c

ase

the

max

thro

ughp

ut is

:40

,000

pps

for 6

4 by

tes

pack

ets

22,0

00 p

psfo

r 140

0 by

tes

pack

ets

•A

third

inte

rfac

e do

es n

otim

prov

e th

ings

Page 7: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Is T

his

Low

?

•Ye

s an

d no

•Th

e th

eore

tical

max

imum

num

ber o

f tun

nels

(Cis

co 7

200

Serie

s / V

AM

2) is

5,0

00 s

o D

MVP

N lo

oks

bad

•Th

e th

eore

tical

max

spe

ed is

250

Mbp

s so

DM

VPN

look

s th

e sa

me

•25

0Mbp

s/70

0 =

350K

bps

per s

poke

•N

ot v

ery

usef

ul b

elow

that

thro

ughp

ut a

nyw

ay

Page 8: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Rem

arks

•Th

is p

rese

ntat

ion

desc

ribes

cur

rent

per

form

ance

•Pe

rfor

man

ces

chan

ge e

very

day

and

pro

toco

ls

evol

ve•

Che

ck w

ith y

our a

ccou

nt te

am to

eva

luat

e th

e be

st

DM

VPN

pla

tform

for y

our n

eeds

•It

is p

ossi

ble

to s

cale

DM

VPN

ver

y hi

ghJu

st w

ait f

or th

e ne

xt c

hapt

er

Page 9: Large Scale DMVPN

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Sum

mar

y on

DM

VPN

Fitn

ess

•If

man

y sp

okes

with

ver

y lo

w IP

sec

thro

ughp

ut, D

MVP

N m

ay

not b

e a

good

fit

•D

MVP

N s

tart

sto

bec

ome

usef

ul a

t the

edg

e be

twee

n re

mot

e-ac

cess

and

lan-

to-la

n•

DM

VPN

wor

ks b

est f

or s

poke

s th

at n

eed

stat

istic

ally

con

stan

t eq

ual a

cces

s to

cen

tral

reso

urce

sSm

all o

ffice

s, b

ranc

h of

fices

, hot

-spo

ts, a

dmin

istr

atio

ns, s

choo

ls

•M

any

exis

ting

rem

ote-

acce

ss o

r LA

N to

LA

N s

olut

ions

sho

uld

actu

ally

be

DM

VPN

like

net

wor

ks•

DM

VPN

sho

ws

a ne

twor

k w

ith in

tegr

ated

secu

rity

Page 10: Large Scale DMVPN

10©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

APP

LIC

ATI

ON

TO

LA

RG

E SC

ALE

IP

SEC

101010©

200

4, C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.P

rese

ntat

ion_

ID

Page 11: Large Scale DMVPN

11©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Prob

lem

des

crip

tion

•N

eed

to d

eplo

y a

larg

e D

MVP

N n

etw

ork

Any

num

ber 7

00+

; ten

s of

thou

sand

s al

low

edM

ore

than

just

bas

ic c

onne

ctiv

ity n

eede

d

•Li

mite

d to

hub

and

spo

ke•

Spok

e to

spo

ke v

ia th

e hu

b is

allo

wed

Page 12: Large Scale DMVPN

12©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Req

uire

men

ts

•C

onst

rain

tsLA

N to

LA

N

Dyn

amic

IP a

ddre

sses

•So

lutio

n m

ust:

Be

easy

to m

anag

e (d

eplo

ymen

t and

mon

itorin

g)

Rec

over

by

itsel

f

Scal

e to

thou

sand

s of

spo

kes

Allo

w C

isco

rich

feat

ures

(ie:

Cis

co IO

S®In

trus

ion

Prev

entio

n Sy

stem

(IPS

), C

isco

IOS

Fire

wal

l)

Page 13: Large Scale DMVPN

13©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Ove

rall

Solu

tion

SLB

bal

ance

s co

nnec

tions

Ow

ns v

irtua

l IP

addr

ess

Spok

es (8

3x)

DM

VPN

bas

edPr

ovid

e Q

oSA

nd F

irew

allin

g

HQ

Edge

of H

Q

Clu

ster

of D

MVP

N h

ubs

Agg

rega

tes

user

tunn

els

Clu

ster

can

be

hete

roge

neou

s

GR

E/IP

sec

tunn

els

IGP

+ N

HR

P

No

spec

ial s

oftw

are

need

ed o

n PC

IP p

hone

s w

ork

out o

f the

box

Page 14: Large Scale DMVPN

14©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

The

Load

Bal

ance

r In

Gen

eral

•Lo

ad B

alan

cer o

wns

a V

irtua

l IP

Add

ress

(VIP

)•

Whe

n IK

E or

ESP

pac

kets

are

targ

eted

at t

he V

IP, t

he L

B

choo

ses

a hu

b•

The

hub

choi

ce is

pol

icy

(pre

dict

or)b

ased

:W

eigh

ted

roun

d-ro

bin

Leas

t-con

nect

ions

•O

nce

a de

cisi

on is

mad

e fo

r a “

tunn

el”,

all

subs

eque

nt

pack

ets

go to

the

sam

e hu

b (s

ticky

ness

)•

Onc

e a

deci

sion

is m

ade

for I

KE,

the

sam

e is

mad

e fo

r ESP

(b

uddy

ing)

Page 15: Large Scale DMVPN

15©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Hig

h Le

vel D

escr

iptio

n

•Sp

okes

thin

k th

ere

is a

sin

gle

hub

•Th

ey h

ave

an N

HR

P m

ap p

oint

ing

to th

e Lo

ad B

alan

cer’s

Vi

rtua

l IP

Add

ress

•Th

e Lo

ad B

alan

cer i

s co

nfig

ured

in fo

rwar

ding

mod

e (n

o N

AT)

•A

ll th

e hu

bs h

ave

the

sam

e co

nfig

urat

ion

Sam

e Tu

nnel

inte

rfac

e ad

dres

s

Sam

e Lo

opba

ckad

dres

s (=

VIP

)

Page 16: Large Scale DMVPN

16©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Topo

logy

with

Add

ress

es

Spok

e A

192.

168.

1.1/

2419

2.16

8.2.

1/24

Load

Bal

ance

rVI

P: 1

72.1

7.0.

1(n

o tu

nnel

)

Spok

e B

Phys

ical

: (dy

nam

ic)1

72.1

6.1.

1Tu

nnel

0: 1

0.0.

0.11

Phys

ical

: (dy

nam

ic)1

72.1

6.2.

1Tu

nnel

0: 1

0.0.

0.12

192.

168.

128.

1/25

Loop

back

: 172

.17.

0.1

Tunn

el0:

10.

0.0.

1/16

10.1

.0.0

/24

.1.2

.3

10.1

.1.0

/24.1

.3.2

Loop

back

: 172

.17.

0.1

Tunn

el0:

10.

0.0.

1/16

Page 17: Large Scale DMVPN

17©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Spok

e C

onfig

urat

ion

•Th

e sp

oke

conf

igur

atio

n is

the

sam

e as

with

a

sing

le h

ub•

It ha

s an

NH

RP

map

ip

nhrp

map 10.0.0.1 172.17.0.1

Page 18: Large Scale DMVPN

18©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Load

Bal

ance

r

•W

e w

ill s

tudy

Cis

co IO

S So

ftwar

e SL

BR

uns

on m

ostC

isco

IOS

Softw

are

plat

form

s, in

clud

ing

the

Cis

co C

atal

yst®

6500

Ser

ies

Switc

hO

pt fo

r Rel

ease

s 12

.2S

or 1

2.1E

•C

SM 3

.1 o

r abo

ve s

houl

d w

ork

too

but w

e do

not

ne

ed m

ost o

f its

feat

ures

(use

less

)•

Load

bal

anci

ng m

ust b

e ab

le to

do

Laye

r 3 a

nd 4

load

bal

anci

ngU

pper

laye

rs a

re u

sele

ss (e

ncry

pted

)

Page 19: Large Scale DMVPN

19©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Cis

co IO

S So

ftwar

e SL

B p

erfo

rman

ces

•C

isco

IOS

Softw

are

SLB

on

a C

isco

Cat

alys

t 650

0 Se

ries

Switc

h (M

SFC

-2)

Can

man

age

1M c

onne

ctio

ns w

/ 128

MB

RA

M

Can

cre

ate

20,0

00 c

onne

ctio

ns p

er s

econ

d

Switc

hes

pack

ets

at 1

0Gbp

s (6

4 by

tes)

•C

isco

IOS

Softw

are

SLB

on

a C

isco

720

0 Se

ries

Rou

ter (

NPE

-40

0) Can

cre

ate

5,00

0 co

nnec

tions

per

sec

ond

Switc

hes

pack

ets

at ½

the

Cis

co E

xpre

ss F

orw

ardi

ng ra

te

(dep

endi

ng o

n ot

her f

eatu

res)

•Sh

ould

not

be

a bo

ttlen

eck

Page 20: Large Scale DMVPN

20©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Cis

co IO

S So

ftwar

e SL

B c

lust

er d

efin

ition

ipslbprobe PINGREAL ping

faildetect2

ipslbserverfarmHUBS

failactionpurge

probe PINGREAL

! predictor round-robin

real 10.1.0.2

weight 4

inservice

real 10.1.0.3

weight 4

inservice

Wei

ghte

d ro

und-

robi

nTh

is is

the

defa

ult

If al

l the

hub

s ar

e eq

uiva

lent

, th

e w

eigh

t is

the

sam

e

Page 21: Large Scale DMVPN

21©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Cis

co IO

S So

ftwar

e SL

B V

IP d

efin

ition

ipslbvserverESPSLB

virtual 172.17.0.1 esp

serverfarmHUBS

sticky 60 group 1

idle 30

inservice

ipslbvserverIKESLB

virtual 172.17.0.1 udpisakmp

serverfarmHUBS

sticky 60 group 1

idle 30

inservice

Sam

e fa

rmB

uddy

ing

Page 22: Large Scale DMVPN

22©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Mon

itorin

g an

d m

anag

ing

SLB-7200#sh ipslb

connections

vserver

protclient real state nat

-------------------------------------------------------------------------------

IKESLB UDP 64.103.8.8:500 10.1.0.2

ESTAB none

ESPSLB ESP 217.136.116.189:0 10.1.0.2

ESTAB none

IKESLB UDP 213.224.65.3:500 10.1.0.2

ESTAB none

ESPSLB ESP 80.200.49.217:0 10.1.0.2

ESTAB none

ESPSLB ESP 217.136.132.202:0 10.1.0.3

ESTAB none

SLB-7200#clear ipslbconnections ?

firewallfarm

Clear connections for a firewallfarm

serverfarm

Clear connections for a specific serverfarm

vserver

Clear connections for a specific virtual server

<cr>

SLB-7200#sh ipslb

reals

real farm name weight state conns

-------------------------------------------------------------------

10.1.0.2 HUBS 4 OPERATIONAL 4

10.1.0.3 HUBS 4 OPERATIONAL 1

Page 23: Large Scale DMVPN

23©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Hub

Tun

nel c

onfig

urat

ion

interface Tunnel0

bandwidth 10000

ip

address 10.0.0.1 255.255.0.0

no ip

redirects

ip

mtu1350

ip

nhrp

map multicast dynamic

ip

nhrp

network-id 1

ip

nhrp

holdtime

3600

no ip

split-horizon

no ip

mroute-cache

tunnel source Loopback0

tunnel mode gre

multipoint

tunnel key 1

tunnel protection ipsec

profile tp

end

interface Loopback0

ip

address 172.17.0.1 255.255.255.255

end

interface FastEthernet0/0

ip

address 10.1.0.{2,3} 255.255.255.0

interface FastEthernet0/1

ip

address 10.2.0.{2,3} 255.255.255.0

Mus

t be

sam

e on

all

Mas

k al

low

s 2^

16-2

nod

esMus

t be

sam

e on

all

Mas

k is

/32

Page 24: Large Scale DMVPN

24©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Rou

ting

prot

ocol

s

HQ

Spea

ks E

IGR

P 2

Red

istr

ibut

e EI

GR

P 2

into

B

GP

(sum

mar

y)R

edis

trib

ute

float

ing

stat

ic (N

ull0

) int

o EI

GR

P2R

edis

trib

ute

EIG

RP

1 in

to B

GP

(with

filte

ring)

Red

istr

ibut

e B

GP(

sum

mar

ized

)in

to E

IGR

P 1

Spok

es a

re E

IGR

P 1

stub

sTh

ey s

peak

to h

ubs

thru

GR

E/IP

sec

tunn

el

Page 25: Large Scale DMVPN

25©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Hub

Rou

ting

prot

ocol

con

figur

atio

n

router eigrp1

redistribute bgp1 metric 1 0 255 20 1400

network 10.0.0.0 0.0.255.255

default-metric 64 2000 255 1 1400

no auto-summary

router bgp1

bgprouter-id 10.2.0.{2,3}

bgplog-neighbor-changes

neighbor 10.0.0.1 remote-as 1

address-family ipv4

redistribute eigrp1 route-map <IGPREDIST>

neighbor 10.2.0.1 activate

neighbor 10.2.0.1 next-hop-self

no auto-summary

no synchronization

bgpredistribute-internal

exit-address-family

Page 26: Large Scale DMVPN

26©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Edge

rout

er B

GP

conf

igur

atio

n

router bgp1

no synchronization

bgplog-neighbor-changes

aggregate-address 10.0.0.0 255.0.0.0 summary-only

aggregate-address 192.168.0.0 255.255.0.0 summary-only

redistribute eigrp2

neighbor HUB peer-group

neighbor HUB remote-as 1

neighbor HUB next-hop-self

neighbor 10.0.0.2 peer-group HUB

neighbor 10.0.0.3 peer-group HUB

no auto-summary

Page 27: Large Scale DMVPN

27©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Edge

rout

er E

IGR

P co

nfig

urat

ion

•EI

GR

P 2

attr

acts

spo

ke s

ubne

ts to

the

edge

rout

er

•Fl

oatin

g st

atic

rout

e to

Nul

l0 d

isca

rds

pack

ets

to u

ncon

nect

ed

spok

es

iproute 192.168.0.0 255.255.255.127 Null0 254

router eigrp2

redistribute static

network 192.168.1.0 0.0.0.128

no auto-summary

no eigrplog-neighbor-changes

Page 28: Large Scale DMVPN

28©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Pack

et F

low

Cor

pora

te

PC1

PC2

1

2

3

4

5

6

7

Page 29: Large Scale DMVPN

29©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Res

ult

•Tu

nnel

s re

conn

ect a

utom

atic

ally

•W

orki

ng s

essi

ons

are

not l

ost

•Q

oSal

loca

tes

band

wid

th to

voi

ce

•A

ll ot

her f

eatu

res

are

avai

labl

e•

No

need

to to

uch

the

hubs

whi

le a

ddin

g a

spok

e•

New

hub

s ca

n be

add

ed/re

mov

ed o

n th

e fly

•Si

mpl

e to

dep

loy

•Le

vera

ges

mon

itorin

g in

fras

truc

ture

(int

erfa

ces,

CD

P)

Page 30: Large Scale DMVPN

30©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Supp

ort

•Ea

ch fe

atur

e ha

s pl

enty

of n

erd

knob

s fo

r tun

ing

•Ea

ch fe

atur

e ha

s ad

vanc

ed d

ebug

ging

cap

abili

ties

•Ea

ch fe

atur

e ca

n be

trou

bles

hot i

ndep

ende

ntly

Page 31: Large Scale DMVPN

31©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

IGP

choi

ces

•B

GP

betw

een

Hub

s an

d Ed

ge is

goo

d du

e to

nu

mbe

r of p

refix

es a

nd fl

exib

ility

•Sc

alin

g th

e IG

P be

twee

n hu

bs a

nd s

poke

s is

the

hard

est p

art

•A

dis

tanc

e ve

ctor

is re

com

men

ded

•EI

GR

P sh

ows

best

resu

lts s

o fa

r but

OD

R is

und

er

test

(lig

htw

eigh

t)

Page 32: Large Scale DMVPN

32©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Posi

tioni

ng

•Th

e m

ain

adva

ntag

es o

f the

sol

utio

n ar

e:Vi

rtua

lly li

mitl

ess

scal

ing

Can

be

depl

oyed

in z

ero

touc

h w

ith IS

C a

nd In

telli

gent

Eng

ine

Aut

omat

ic lo

ad m

anag

emen

t

Load

bal

anci

ng A

ND

resi

lienc

e

Mul

tiply

per

form

ance

s by

num

ber o

f hub

s (c

reat

ion

rate

, spe

ed,

max

SA

’s)

No

fork

lift w

hen

upgr

adin

g

Res

ilien

ce in

N+1

Page 33: Large Scale DMVPN

33©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Impr

ovem

ents

•It

is p

ossi

ble

to c

olla

pse

the

Load

bal

ance

r and

the

edge

rout

er (h

ubs

in lo

llipo

p)•

If th

e lo

ad b

alan

cer i

s a

Cis

co C

atal

yst 6

500

Serie

s Sw

itch,

this

is e

ven

reco

mm

ende

d as

Lay

er 3

sw

itchi

ngw

ill a

ccel

erat

e sp

oke

to s

poke

traf

fic

Page 34: Large Scale DMVPN

34©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04

Rou

ting

Prot

ocol

s

HQ

Spea

ks E

IGR

P 2

Red

istr

ibut

e EI

GR

P 2

into

B

GP

(sum

mar

y)R

edis

trib

ute

float

ing

stat

ic (N

ull0

) int

o EI

GR

P2R

edis

trib

ute

EIG

RP

1 in

to B

GP

(with

filte

ring)

Red

istr

ibut

e B

GP(

sum

mar

ized

)in

to E

IGR

P 1

Spok

es a

re E

IGR

P 1

stub

sTh

ey s

peak

to h

ubs

thru

GR

E/IP

sec

tunn

el

Page 35: Large Scale DMVPN

35©

200

4 C

isco

Sys

tem

s, In

c. A

ll rig

hts

rese

rved

.La

rge

Sca

le D

MV

PN

, 11

/04


Related Documents