Went on an customer “ride-along” with Advanced Services this week. Customer’s requirement was that the DMVPN headend have 2 physical interfaces for High Availability. These 2 interfaces need to be the same subnet because they are going into 2 firewalls: one active/one standby. So now what?
Tom Kunath (Advanced Services) thought “Well…. what about using backup interface command?” Hmmmm that does seem to be the perfect tool in the Cisco CLI toolbox for this very situation.
Let’s go play in the lab. We will play with
- Having a Primary and Backup Interface under a DMVPN tunnel
- Cause Failure – record loss
- Verify DMVPN Per-Tunnel QoS works
So for those of you who are not yet familiar with DMVPN Per-Tunnel QoS you might want to do a little bit of reading first. 🙂
Playing in the Lab: DMVPN and Per-Tunnel QoS
Fun in the Lab: Troubleshooting DMVPN Per-Tunnel QoS
So now let’s try it and see how per-tunnel QoS will work with it.
Class-Maps and Policy-Maps
NOTE: Snuck these configs from the QoS Chapter of the upcoming CiscoPress IWAN book a super dear friend of mine (David Prall) is co-authoring.
Apply to Tunnels
Okay…. so far so good. Now let’s run some traffic. I’ll send EF and AF41.
Send Traffic
Kay… so far so good. I also have both being sent at the same bps from the traffic generator so I wanted to check this also.
Time to Fail Primary Link!
Before I congest and see if the applied PerTunnel QoS can also drop. Let’s make sure that if I go to the big core router (Hotel15) and I shut the primary interface over there, that the DMVPN Per-Tunnel QoS still works.
Max loss on a stream was 1,848 frames. Each stream was sending 200 frames per second.
Hence the time to get to recovery was ~9.2 seconds. Customer was okay with that given that it is a solution to their issue and they are hoping their Active Firewall doesn’t go down often.
Now to see if the per-Tunnel QoS is still working. Yup. Looking good according to the show command. But let’s congest EF to really see if it is working.
With Backup Interface as Active, Congest EF
Okay… going to set the EF traffic to send at a rate of 2 Mbps. Which should easily do the trick.
Looking good.
With Backup Interface as Active, & Congesting EF — No Shut Primary on Core Router
Okay… THAT was FUN!
Categories: DMVPN, Fun in the Lab
> Snuck these configs from the QoS Chapter of the upcoming CiscoPress IWAN book a super dear friend of mine (David Prall) is co-authoring.
This one?
https://www.amazon.com/gp/product/1587144638/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1
You purchased this item on July 12, 2016… hee hee
And I’m going to be studying this article closely tonight 🙂
Yup. That one. I’m a technical reviewer on it. Pretty much ANYTHING David Prall or Jean-Marc writes or teaches is something I want to read or attend. 🙂
David Prall or Jean-Marc write or teach ANYTHING and I’m all over it. They totally rock!