Migrating from Phase 1 DMVPN to Phase 2/3 network

Chris sent me an interesting question that I haven’t covered in any of my DMVPN webinars: “How would you migrate a part of a Phase-1 DMVPN network to a Phase-2 or Phase-3 network if you can only migrate one spoke site at a time? Can I just upgrade the spokes that need spoke-to-spoke connectivity?”

While it might be theoretically possible to have a mixed Phase-1/Phase-2 DMVPN tunnel (and I just might be able to get it to work in a lab), such a solution definitely violates the KISS principle.

I would prefer to create a second Phase-2/3 DMVPN tunnel on the hub router(s) and migrate spoke sites that need any-to-any connectivity to this new Phase-2/3 DMVPN tunnel. The new tunnel would be used in parallel with the old one, and you could keep both of them running in parallel, or shut and remove the old one after all the spokes have been migrated to Phase 2/3 DMVPN.

Unfortunately you can't migrate DMVPN spokes in flocks

Interestingly, the second tunnel does not diminish the network performance. In a Phase-1 DMVPN network all the traffic goes through the hub anyway, so it doesn't matter if you have one or more tunnels on the hub router – changing the tunnel interface while forwarding an IP packet does not impact the forwarding performance. Creating a new DMVPN tunnel on the hub router thus doesn't cause any change in performance or traffic flow.

Be careful if you're using Cat 6500 as the hub, in which case you have to use a trick or two to ensure tunnels have different transport IP addresses so you're not forced to use GRE keys.

You might need two tunnel transport IP addresses anyway if you don't use GRE keys in your existing setup.

More information

You’ll find (almost) all you need to know about DMVPN in the DMVPN Trilogy, which is (like all other webinars) also part of the yearly subscription.


Post a Comment

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.