Network & Systems Management Solutions Providers

Blog

19 Sep

By Chus Mingarro

Cisco's Dynamic Multipoint VPN (DMVPN) Deployment Challenges

Thousands of organizations have been able to slash costs using Cisco’s Dynamic Multipoint VPN (DMVPN).  This technology was introduced some time ago and is most used for enabling fully meshed communication for mobile workers, telecommuters and extranet users.

 

What is DMVPN?

DMVPN is a Cisco IOS ® Software-based security solution for building scalable enterprise VPNs that support distributed applications such as voice and video.  DMVPN is a combination of the following  technologies:

 

  1. Multipoint GRE (mGRE),
  2. Next-Hop Resolution Protocol (NHRP) ,
  3. Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP),
  4. Dynamic IPsec encryption
  5. Cisco Express Forwarding (CEF).

Download LiveAction Trial

 

DMVPN Major Wins:

  • Simplifies branch communication: On-demand full mesh connectivity with simple hub-and-spoke configuration
  • Versatility. Adding remote sites requires virtually no configuration. Cisco DMVPN can be deployed in zero-touch deployment models using Easy Secure Device Deployment for secure PKI-based device provisioning. Devices can be bootstrapped remotely, avoiding the need for extensive staging operations.
  • Improves business continuity - Cisco DMVPN enables routing-based resiliency, providing extremely rapid failover capabilities.

DMVPN Challenges?

Rolling out QoS for Voip & Video is challenging enough but traffic shaping over links that do not offer protection of policies is a daunting proposition, remembering all the while that the internet is not QoS aware!

 

Should we even consider the value of end to end QoS? Clark Zoeller, LiveAction Sales Engineer makes these points in his Blog “The Case for NOT Deploying End-to-End QoS” with a range of links available that each have differing and variable bandwidth its easy to understand why network engineers become frustrated managing QoS over these connections.

 

We can achieve success however by applying global policies at hub level, shaping the tunnel to individual spokes (parent/child policy) which allows us to differentiate data flows with the NHRP group selecting the spoke, shape & policy. Here is a great article highlighting this on Networking with Fish – DMVPN & Per-Tunnel QoS

 

Like everything else here at Prosperon we believe in Design, a well thought out Lab to Live implementation is key to success, considering these points:

  • Protecting your high priority traffic by means of DMVPN tunnels
  • Restrict casual internet traffic from affecting these tunnels
  • Remember that the maximum bandwidth between two points is that of the lowest connection between them

The challenge continues however because you are looking at hundreds of lines of configuration code from already existing policies at the datacentre as well as now at each hub, this is where a tool like Live Action can minimize this element of configuration pain using its powerful QoS control engine and rich visualization capabilities to configure, monitor, troubleshoot and validate DMVPN policies fast, so that DMVPN is more about ROI and less about challenges.

Download LiveAction Trial


LiveAction QoS Monitoring

18 Sept5 Day Administrator Course for SolarWinds

Training covers all core Orion products & SCP Exam…

20 Nov5 Day Administrator Course for SolarWinds

Training covers all core Orion products & SCP Exam…