Which three options are best practices for implementing a DMVPN? (Choose three.)
A.
Use IPsec in tunnel mode.
B.
Implement Dead Peer Detection to detect communication loss.
C.
Configure AES for encryption of transported data.
D.
Configure SHA-1 for encryption of transported data.
E.
Deploy IPsec hardware acceleration to minimize router memory overhead.
Configure QoS services only on the head-end router.
E.
Deploy IPsec hardware acceleration to minimize router memory overhead.
Configure QoS services only on the head-end router.
I will say BCE
A incorrect (transport mode preffered)
D incorrect (SHA for hash not encrypt)
0
0
I think he same, BCE is correct
0
0
Answer: A,B,C
Explanation:
Best Practices Summary for Hub-and-Spoke Deployment Model
This section describes the best practices for a dual DMVPN cloud topology with the hub-andspoke
deployment, supporting IP multicast (IPmc) traffic including routing protocols.
The following are general best practices:
•
Use IPsec in transport mode
•
Configure Triple DES (3DES) or AES for encryption of transported data (exports of
encryption algorithms to certain countries may be prohibited by law).
•
Implement Dead Peer Detection (DPD) on the spokes to detect loss of communication
between peers.
•
Deploy hardware-acceleration of IPsec to minimize router CPU overhead, to support traffic with
low latency and jitter requirements, and for the highest performance for cost.
•
Keep IPsec packet fragmentation to a minimum on the customer network by setting MTU size or
using Path MTU Discovery (PMTUD).
•
Use Digital Certificates/Public Key Infrastructure (PKI) for scalable tunnel authentication.
•
Configure a routing protocol (for example, EIGRP, BGP or OSPF) with route summarization for
dynamic routing.
•
Set up QoS service policies as appropriate on headend and branch router interfaces to help
alleviate interface congestion issues and to attempt to keep higher priority traffic from being
dropped during times of congestion.
Reference.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMVPN_1.html
0
0
Cisco document suggests Tunnel Mode – see Topic “Best Practices Summary for H
ub-and-Spoke Deployment Model” in URL below
http://docstore.mik.ua/univercd/cc/td/doc/solution/dmvpn_x.pdf
I also all these years thought Transport mode makes more sense for DMVPN. not sure if it is a typo error in this doc.
0
0
I would also say that E is incorrect because hardware accelerator will minimise CPU overhead, but not have anything to do with memory.
0
0
I have now 2 documents , one saying transport mode and the other tunnel mode, and both are Cisco DMVPN Design Guide !!!!
0
0
DMVPN = mGRE so endpoint IPs are routable, transport is now best practice.
Probably wasn’t when this document was written.
0
0