[c-nsp] Any experience with DMVPN on ASR1K?

Iwanski, Edward E EEIWANSKI at pier1.com
Sat Sep 15 22:02:41 EDT 2012


Nasir,

I can also give a +1 to the ASR1Ks for DMVPN.

We operate a dual-cloud infrastructure that used to be two pools of 7206VXR/VAM2+ hubs front ended by ACE load balancers to distribute approx 1100 spokes over each pool for a total of ~2200 DMVPN terminations.  We wanted for some time to move to the ASR infrastructure to simplify our environment as well as increase performance and capacity, but the ASR unfortunately lacked a key feature up until about Q2 of 2012 - per tunnel QoS.  After this was released and deemed stable we moved to two  ASR1Ks and could not be happier.  We easily operate 1100 spokes per ASR without any issues and performance is outstanding with all features on (NBAR, Per-Tunnel QoS, PBR, ACLs, etc).  We carefully tracked the development of DMVPN in regards to the ASR and discussed with some of the principal engineers @ Cisco on this.  I could not recommend it more highly for this purpose.

Our IGP is currently EIGRP which is rated at approximately 3000 spokes per ASR, but we are looking to move to BGP Dynamic Peer Groups as this allows us to scale well past that (I think the number was 5000-6000?  I will have to check on that) and is much more efficient.

Good luck,

Ed


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nasir Shaikh
Sent: Friday, September 14, 2012 1:28 PM
To: 'Andrew Clark'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Any experience with DMVPN on ASR1K?

Thanks Andrew!
With 1.5k per hub do you mean the number of spokes?
What IGP are you using in your DMVPN cloud?

thanks

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Andrew Clark
Sent: vrijdag 14 september 2012 18:26
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Any experience with DMVPN on ASR1K?

Yes.  I have a pair of ASR1001s in a dual-hub dual-cloud setup serving around 120 (and counting) 881s.  It should scale up to about 1.5k per hub, hopefully.
So far it works fine, assuming the code is solid.  There is a crashing bug in 151-3.S2, so my experience so far recommends at least 151-3.S3.
You may need to tweak your IPSEC anti-replay buffer size up from the default of 64 as well, if you have queuing (due to QoS, etc.) occurring.

Andrew Clark



>
> Message: 3
> Date: Fri, 14 Sep 2012 07:50:12 +0200
> From: "Nasir Shaikh" <nasir at nasirshaikh.com>
> To: <cisco-nsp at puck.nether.net>
> Subject: [c-nsp] Any experience with DMVPN on ASR1K?
> Message-ID: <C0EC838483EB4FAAAC1744BACC11539E at jedi35ba54c7c7>
> Content-Type: text/plain;       charset="us-ascii"
>
> Hi guys,
>
>
>
> We are planning to replace/upgrade our DMVPN hubs from 7206vxr npe-G2 
> with
> VAM2+ to ASR1Ks.
>
> Does anyone have any experience with running DMVPN on the ASRs?
>
>
>
> This is what we plan to order:
>
>
>
> Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/S
>
> Cisco ASR 1001 IOS XE UNIVERSAL
>
> Cisco ASR 1000 Advanced IP Services License
>
> IPSEC License for ASR1000 Series
>
> Cisco ASR1001 4GB DRAM
>
>
>
> Thanks
>
>
>
> Nasir
>
>
>
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list