Link to home
Start Free TrialLog in
Avatar of rsp_it
rsp_it

asked on

Cisco PFRv3 Work with Point to Point GRE Tunnels?

Pros,

This year I have a project to set up Cisco PFR technology to optimize company's network. The company has 6 offices (A to F) all over the world which connects to each other by IPSec over GRE tunnels over the internet.

Unlike some traditional PFR scenarios, we don't have a hub-spoke deployment. Instead, the 6 offices are fully meshed with each other. Each office has 1-2 VPN routers and each VPN router linked with two different ISPs. Any two offices are connected over encrypted point to point GRE tunnels.

My questions is: am I able to configure PFRv3 based on this point to point GRE tunnels deployment rather than changing the whole infrastructure to DMVPN/multi-point GRE tunnels? Is it supported by some Cisco user guide?

What we want to achieve is to always use the low latency/packet loss GRE tunnel as the active network connection between the two offices/countries. The current network topology is too complicated so we want to minimize the changes. Configurations samples of one office are as below:

[ Cisco ISR4431 ]

interface Tunnel22
  ip address 192.168.240.77 255.255.255.252
 tunnel source x.x.x.x
 tunnel destination x.x.x.x
 tunnel protection ipsec profile corporate-ipsec
!
interface Tunnel23
 ip address 192.168.240.101 255.255.255.252
 ip tcp adjust-mss 1300
 tunnel source x.x.x.x
 tunnel destination x.x.x.x
 tunnel protection ipsec profile corporate-ipsec
!
interface GigabitEthernet0/0/0
 ip address x.x.x.x 255.255.255.240
!
interface GigabitEthernet0/0/1
 ip address x.x.x.x 255.255.255.240


It would be appreciated if someone could point me to the right direction. Thank you.

Patrick
Avatar of SIM50
SIM50
Flag of United States of America image

The way I see it is you already have overlay configured with static tunnels. DMVPN would have done this automatically for you.
As for PfR, it selects the interface based on the throughput, link cost, load and etc. You would also need to configure routing protocol over tunnels if not done yet.
Avatar of rsp_it
rsp_it

ASKER

Hi SIM50,

Thanks for your quick response. Yes I know DMVPN would make it simplier. But based on the exsiting configurations, am I able to do PFRv3? Now the GRE tunnels are under point to point mode. I just can't find any instructions that I can refer to to move on.

Yes we are using BGP as routing protocol over tunnels and it works fine.

Thank you,
Patrick
No, its not possible to use PfR with point2point GRE tunnels because domain <domain_name> path <path_name> interface command has a meaning of referencing specific ISP and not direction. So if you have a central hub, you have lots of p2p tunnels there and you will not be able to use this command on all of them or the command will not work as expected. Besides, your spokes may have direct p2p tunnels, which is considered a violation of PfR Architecture since inter-spoke traffic must leave the same interface which is used to reach HubMC.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.