[c-nsp] Two DMVPN spokes on a single 8xx
Benjamin Lovell
belovell at cisco.com
Sat Dec 4 06:52:34 EST 2010
Minor correction. Traffic will still be CEF switched but will be
software CEF switched not MLS CEF switched.
This is a limitation of the EARL 7 generation of forwarding engines.
GRE decap can only be done based on dest IP so you need a unique IP
endpoint for each tunnel. This is not a problem on any software
platform as there is no ASIC to be subject to this limitation.
For DMVPN w/ IPSEC you can use the same IP address for two mGRE
tunnels as long as you use the same crypto profile and the shared KW.
-Ben
On Dec 3, 2010, at 9:26 AM, Tomas Daniska wrote:
> Folks,
>
> for HW based platforms it's needed to have a dedicated source IP
> address for each tunnel in order to have the tunnels CEF switched in
> hardware, due to ASIC limitations, and not process-switched.
>
> Does anyone know if this applies to CPU based platforms as well,
> such as 87x/88x? I need to terminate two distinct VPNs using VRF
> lite, and definitely don't want the traffic end up being punted at
> the spokes. Sharing the same PPPoE dialer IP would simplify things,
> if it's supported. The setup is 2xDMVPN tunnel with GDOI protection.
>
>
>
> Thanks much
>
> --
>
> Tomas Daniska
> Senior CSE/BDM
>
> Soitron, a.s.
> Plynarenska 5, 829 75 Bratislava, Slovakia
> tel: +421 2 58224000, fax: +421 2 58224520
>
> The new IANA definition: IP Addresses Not Available
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list