Setting Up Dual Hub DMVPNs: Redundancy Made Easy with Modern Cisco IOS

Dual Hub DMVPN: Complete Configuration & Optimization Guide

📚 Table of Contents

• Introduction
• Why Dual Hub DMVPN
• Deployment Models
• Single DMVPN
• Dual DMVPN
• Routing Protocols
• IOS Enhancements
• CLI Examples
• Key Takeaways
• Related Articles

📖 Introduction

Dynamic Multipoint Virtual Private Network (DMVPN) is a scalable VPN solution that allows secure communication over public networks. When combined with a dual hub architecture, it provides high availability and redundancy.

💡 Core Concept: DMVPN uses GRE + IPsec + NHRP to dynamically build tunnels.

🚀 Why Dual Hub DMVPN?

• High Availability
• Fault Tolerance
• Load Sharing
• Reduced Downtime

🔽 Expand: Real-world Scenario

If Hub1 fails, spokes automatically reroute traffic to Hub2, ensuring uninterrupted service.

🧩 Deployment Models

1. Single DMVPN Cloud

• One tunnel interface
• Two hubs (dual NHS)
• Simple design

2. Dual DMVPN Cloud

• Two tunnel interfaces
• Separate routing domains
• Advanced traffic control

📡 Single DMVPN Configuration

In this model, all routers belong to the same DMVPN cloud.

Configuration Code

interface Tunnel0
 ip address 192.168.1.2 255.255.255.0
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile IPSEC_PROFILE
 ip nhrp map 192.168.1.1 HUB1_PUBLIC_IP
 ip nhrp map 192.168.1.3 HUB2_PUBLIC_IP
 ip nhrp network-id 1
 ip nhrp nhs 192.168.1.1
 ip nhrp nhs 192.168.1.3

🔽 Expand Explanation

NHRP maps logical tunnel IPs to physical IPs. Dual NHS ensures redundancy.

🔁 Dual DMVPN Configuration

Each spoke connects to two hubs using separate tunnels.

interface Tunnel0
 ip address 192.168.1.2 255.255.255.0
 tunnel source GigabitEthernet0/0
 tunnel key 100
 ip nhrp nhs 192.168.1.1

interface Tunnel1
 ip address 192.168.2.2 255.255.255.0
 tunnel source GigabitEthernet0/1
 tunnel key 200
 ip nhrp nhs 192.168.2.1

🔽 Expand Benefits

Provides granular control and allows traffic engineering using routing metrics.

📊 Routing Protocols

EIGRP

• Easy metric manipulation
• Fast convergence

OSPF

• More complex
• Requires tuning

🔽 Expand Deep Comparison

EIGRP allows delay/bandwidth tuning, while OSPF uses cost-based routing requiring more manual adjustments.

⚙️ Cisco IOS 15.9 Enhancements

• Improved NHRP convergence
• DMVPN Phase 3 optimization
• Enhanced IPsec encryption
• Advanced logging tools

💡 Insight: Phase 3 enables direct spoke-to-spoke communication.

💻 CLI Output Examples

Show DMVPN Status

show dmvpn

Legend: Attrb --> S - Static, D - Dynamic
Tunnel0, NHRP Details
Type:Spoke, NHRP Peers:2
Peer NBMA Addr: 10.1.1.1
Peer NBMA Addr: 10.1.1.2

Debug Output

*Mar 1 12:00:01: NHRP: Resolution request sent
*Mar 1 12:00:02: NHRP: Resolution reply received

🔽 Expand CLI Explanation

Shows tunnel peers and NHRP resolution process.

🎯 Key Takeaways

• Dual Hub DMVPN ensures redundancy
• Single cloud = simple, less control
• Dual cloud = complex, more control
• EIGRP preferred for flexibility
• IOS 15.9 improves performance significantly

📘 Conclusion

Dual hub DMVPN designs provide scalable, resilient, and efficient networking solutions. Choosing between single and dual DMVPN depends on complexity vs control requirements.