DMVPN brings with it tremendous simplicity whilst providing a scalable and secure connectivity solutions. The configuration of the hub is compact and elegant, while the spokes feature mostly uniform and even more concise commands. An IGP such as OSPF of EIGRP, with the latter being more popular, can be easily configured to overlay a network on top of the NBMA mGRE fabric that DMVPN is built on.
While configuring and experimenting with various versions of DMVPN, I ran into a very interesting issue that is really the crux of this blog entry. Spoke-to-spoke connectivity was no problem but I was not able to ping the networks behind the hub, or ping spoke networks from the hub.
The issue was rooted in the control-plane policing policy applied at the hub. The ICMP rate was limited to 1 packet per second (pps). This apparently is not enough when tunnel interfaces come into the picture as is the case here with DMVPN. Increasing the ICMP threshold to 10 or more packets per second and specifying "burst" value fixed this issue.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment