This product bulletin highlights features in Cisco IOS® Software Release 12.2(18)SXE and includes the following sections:
1. Cisco IOS Software Release 12.2S introduction
2. Cisco IOS Packaging in Release 12.2(18)SXE
3. Release 12.2(18)SXE Hardware and Feature Highlights
1. CISCO IOS SOFTWARE RELEASE 12.2S INTRODUCTION
Cisco IOS Software Release 12.2S is designed for Enterprise campus and Service Provider edge networks that require world-class IP and Multiprotocol Label Switching (MPLS) services. The Cisco Catalyst® Switches and high-end routers in Release 12.2S provide secure, converged network services in the most demanding Enterprise and Service Provider environments, from the wiring closet and data center to the WAN aggregation edge.
The infrastructure innovation and technology leadership in Cisco IOS 12.2S enable advanced Ethernet LAN switching, Metro Ethernet, and Broadband Aggregation services through enhancements in High Availability, Security, MPLS, VPNs, and IP Routing and Services.
Derived from Release 12.2(14)S, 12.2SX provides Release 12.2S functionality features and hardware support for the Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router.
In addition to Release 12.2(18)SXE, Releases 12.2(18)SXD, 12.2(17d)SXB, 12.2(17b)SXA, 12.2(17a)SX, and 12.2(14)SX are available from Cisco.com. For detailed information about the features and hardware supported in each of these releases, please visit:
1.1 Release 12.2SX Ordering Information, Feature Sets, and Image Names
Refer to the "Feature Sets" section of the Release 12.2SX release notes for information about Release 12.2SX orderable product numbers, feature sets, and image names.
Cisco IOS Software is the world's leading network infrastructure software, delivering a seamless integration of technology innovation, business-critical services, and hardware support. Currently operating on over ten million active systems, ranging from the small home office router to the core systems of the world's largest service provider networks, Cisco IOS Software is the most widely leveraged network infrastructure software in the world.
Today's users need more flexible and consistent software packaging to address their complex network environments. Cisco is expanding its new Cisco IOS Packaging to Cisco switches via Cisco IOS Software Release 12.2S, creating a new foundation for Cisco IOS Software features and functionality.
For an overview of Cisco IOS Packaging for Cisco switches, including its availability and the associated Cisco IOS Software Release migration strategy, please visit: http://www.cisco.com/go/packaging/
3. RELEASE 12.2(18)SXE HARDWARE AND FEATURE HIGHLIGHTS
Cisco IOS Software Release 12.2(18)SXE, the latest customer release of Release 12.2S, adds support for powerful new hardware and more than 100 new features for the Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router.
3.1 Release 12.2(18)SXD Hardware and Feature Highlights
Table 1 and the following sections highlight some of the key hardware and software features available in Release 12.2(18)SXE.
Note: Unless noted otherwise, the following highlighted features were first supported in Release 12.2SX as of Release 12.2(18)SXE. Subsequent releases of Release 12.2SX will also support the highlighted features, and might include additional hardware support for the following highlighted features.
Cisco Feature Navigator, which requires an account on Cisco.com, dynamically updates the list of supported hardware as new hardware support is added for the features in the releases of Release 12.2SX. Cisco Feature Navigator can provide a cumulative list of all new and existing features supported in Release 12.2(18)SXE, including hardware and software image support.
Table 1. Release 12.2(18)SXE Hardware and Feature Highlights
Hardware Support
Cisco IOS Security
Cisco IOS Infrastructure
IP Addressing and Services
• Cisco Services SPA Carrier-400
• Cisco IPsec VPN SPA
• WebVPN Service Module
• Cisco 7604 Router
• Cisco 7600 Series SPA Interface Processor 400
• Cisco 7600 Series SPA Interface Processor 200
• WS-C6504-E
• 2700 Watt AC Power Supply for the Cisco 7606
• 2700 Watt DC Power Supply for the Cisco 7606
• 2700 Watt AC Power Supply for the Cisco 7604
• 2700 Watt AC Power Supply for the Cisco 7604
• Cisco 1-Port OC-12c/STM-4c ATM Shared Port Adaptor
• Cisco 2-Port OC-3c/STM-1c ATM Shared Port Adapter
• Cisco 4-Port OC-3c/STM-1c ATM Shared Port Adapter
• Cisco 1-Port OC-12c/STM-4c POS Shared Port Adapter
• Cisco 2-Port OC-3c/STM-1c POS Shared Port Adapter
• Cisco 4-Port OC-3c/STM-1c POS Shared Port Adapter
• Cisco 2-Port Clear Channel T3/E3 Shared Port Adapter
• Cisco 4-Port Clear Channel T3/E3 Shared Port Adapter
• Cisco 2-Port Channelized T3 (DS0) Shared Port Adapter
• Cisco 4-Port Channelized T3 (DS0) Shared Port Adapter
• Cisco 8-Port Channelized T1/E1 Shared Port Adapter
• 1-Port Fast Ethernet Port Adapter
• 2-Port Fast Ethernet Port Adapter
• 1-Port Packet over SONET OC3c/STM1 Port Adapter
• Dynamic Multipoint VPN
• VPN Routing and Forwarding-Aware Dynamic Multipoint VPN
• IPv4 Multicast over Point-to-Point Generic Routing Encapsulation
• Multicast over Virtual Routing and Forwarding Lite
• Cisco IOS Source Specific Multicast Mapping
• IPv6 Protocol Independent Multicast-Sparse Mode
• IPv6 Source Specific Multicast
• Multicast Listener Discovery v1 and v2
• IPv6 Multicast Explicit Host Tracking
• Source Specific Multicast Mapping for Multicast Listener Discovery version 1
• IPv6 Multicast Boot Strap Router Support
• Bidirectional Forwarding Detection
• BGP Multipath Load Sharing for Both External BGP and Internal BGP in a Multiprotocol Label Switching VPN
• BGP Support for TTL Security Check
• EIGRP Multiprotocol Label Switching VPN PE-CE Site of Origin
• IS-IS Support for Priority-Driven IP Prefix RIB Installation
• OSPF Link State Database Overload Protection
3.2 Hardware Support
Cisco Services SPA Carrier-400 (SSC-400)
The Cisco Services SPA Carrier-400 (SSC-400) helps enable high-performance IPsec VPN services for secure transport of mission-critical data across the network. It provides enterprises and service providers tremendous flexibility and density as they scale their network infrastructure and expand secure, remote services to branch offices and offsite users. The SSC-400 has 2 sub slots for the IPsec VPN SPA, providing a total throughput of 5 Gbps of IPsec encryption acceleration per chassis slot.
Figure 1. Cisco Services SPA Carrier-400
Benefits
• Modularity-Up to two Cisco IPsec VPN SPAs per SSC-400, creating investment protection and offers flexibility across Cisco 7600 Series Router and Cisco Catalyst 6500 Series Switches.
• Scalability-Up to 5 SSC-400 and 10 IPsec VPN SPAs in a Cisco 7600 Series Router or Cisco Catalyst 6500 chassis, offering high-density, high-performance IPsec VPN services while maintaining attractive footprint and tremendous scalability.
Hardware
• Routers-Cisco 7600 Series
• Switches-Cisco Catalyst 6500 Series
Considerations
Requires Cisco IOS Software Release 12.2(18)SXE2 or later.
The Cisco IPsec VPN SPA delivers scalable and cost-effective VPN performance for Cisco Catalyst 6500 Series Switches and the Cisco 7600 Series Router. Using the Cisco 7600 Series Router or Cisco Catalyst 6500 Series Services SPA Carrier-400 (Cisco Services SPA Carrier-400), each slot of the Cisco Catalyst 6500 or Cisco 7600 Series Router can support up to two IPsec VPN SPAs. The Cisco IPsec VPN SPA delivers next-generation AES encryption standards as well as increased performance of up to 2.5 Gbps IPsec encryption acceleration.
Figure 2. Cisco IPsec VPN SPA
Benefits
• Next-generation Encryption Technology-In addition to supporting Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES), the Cisco IPsec VPN SPA supports Advanced Encryption Standard (AES), including all key sizes (128-, 192-, and 256-bit keys). Designed to be the next-generation encryption technology, AES offers the ultimate in IPsec VPN security and interoperability.
• High-speed VPN Performance-High-speed VPN performance provides up to 2.5 Gbps of AES and 3DES IPsec throughput with large packets and 1.6 Gbps with Internet mix (IMIX) traffic.
• Scalability-Up to 10 Cisco IPsec VPN SPAs can be installed in a system to provide up to 25 Gbps of total throughput, enabling wire-speed secured transport for native 10-Gigabit Ethernet interfaces.
• Comprehensive VPN Features-The Cisco IPsec VPN SPA provides hardware acceleration for both IPsec and generic routing encapsulation (GRE), comprehensive support of site-to-site IPsec, remote-access IPsec, and certificate authority/public key infrastructure (CA/PKI).
• VPN Resiliency and High Availability-Routing over IPsec tunnels, dead-peer detection (DPD), Hot Standby Router Protocol (HSRP) plus reverse route injection (RRI), and intra-chassis and inter-chassis stateful failover for both IPsec and GRE provide superior VPN resiliency and high availability.
Hardware
• Routers-Cisco 7600 Series
• Switches-Cisco Catalyst 6500 Series
Considerations
Requires Cisco IOS Software Release 12.2(18)SXE2 or later.
The Cisco® WebVPN Services Module is a high-speed, integrated Secure Sockets Layer (SSL) VPN Services Module for Cisco Catalyst® 6500 Series switch and Cisco 7600 Series Router to meet the need for ubiquitous connectivity and increased bandwidth requirements. WebVPN delivers cost-effective SSL VPN performance on the Cisco Catalyst 6500 Series and is suitable for various deployments with its unsurpassed scalability and performance. Up to four modules can be supported in a single chassis to support up to 32,000 simultaneous SSL VPN users and 128,000 connections. The scalability and unique virtualization capabilities of the Cisco WebVPN Services Module make it an ideal solution for managed service providers, and simplify the policy creation and enforcement requirements in large enterprises with diverse user populations.
Figure 3. WebVPN Service Module
Benefits
• Scalability-A single module is capable of supporting up to 8000 simultaneous users and up to 32,000 concurrent connections. Up to four modules can be supported in a single chassis to support up to 32,000 simultaneous SSL VPN users and 128,000 connections.
• Virtualization and VRF Awareness-Virtualization technology is a way to pool resources while masking the physical attributes and boundaries of the resources from the resource users. Up to 128 virtual routing and forwarding (VRF)-aware virtual contexts are supported per module.
• Advanced Endpoint Security-A primary component of the Cisco WebVPN Services Module, Cisco Secure Desktop offers preconnection security posture assessment and a consistent and reliable means of eliminating all traces of sensitive data.
Hardware
• Routers-Cisco 7600 Series
• Switches-Cisco Catalyst 6500 Series
Considerations
Requires Cisco IOS Software Release 12.2(18)SXE2 or later.
The Cisco 7604 Router is one of the smallest redundant routers to offer nx10GE performance with services. The Cisco 7604 Router, a four slot chassis, delivers performance in a compact five-rack unit (5 RU) form factor. It can be configured with a single supervisor engine and up to three line cards or for High Availability and redundancy, with dual supervisor engines and up to two line cards. The Cisco 7604 Router also supports redundant AC or DC power supplies for increased availability.
Ideal for Enterprise WAN aggregation or service provider environments, the Cisco 7604 offers one of the industry's leading array of interfaces (DS0 to OC-48/STM-16, FE, GE, 10GE) and services modules such as IPsec, Firewall, SSL VPN, IDS, and DDOS Protection. The Cisco 7604 also supports the Enhanced FlexWAN module, which offers Port Adapter investment protection for users looking to migrate their Cisco 7200 or 7500 Series.
This flexible router is ideal for addressing high-performance applications such as:
• High-end CPE
• Enterprise WAN Aggregation
• Lease Line
• IP/MPLS Provider Edge
• Metro Ethernet
Cisco 7604 Router Chassis Features:
• Five RU (8.75-inch) compact chassis, up to 9 chassis per 7-foot rack
• Four slots (2 Supervisor slots and 2 interface slots or 1 Supervisor slot with 3 interface slots)
• 1+1 route processor protection capability
• 1+1 power supply protection option, AC or DC
• Network Equipment Building Systems (NEBS) Level 3 compliance (post FCS)
• Single-side connection management for interface and power terminations
The Cisco 7600 Series SPA Interface Processor 400 (7600-SIP-400) Module enables high-performance, intelligent WAN and metropolitan-area network (MAN) services. Enterprises and service providers can leverage a wide variety of Cisco Shared Port Adapters (SPAs) for flexible, mixable WAN aggregation and connectivity options, and can benefit from the increased scalability, performance, and rich Quality of Service (QoS) features offered by the 7600-SIP-400 Module.
The 7600-SIP-400 Module accepts up to four shared port adapters commonly used with the Cisco 7304, Cisco 7600, Cisco 12000, and CRS-1 Series Routers as well as the Cisco Catalyst 6500 Series Switch. In addition, it offers increased performance and memory compared to the existing Optical Services Modules and FlexWAN modules. This innovative architecture is designed to deliver numerous media options and enable scalable, distributed, intelligent network services for current and next generation of applications.
7600-SIP-400 initially supports the following SPAs:
• SPA-2XOC3-POS-2-port OC-3c/STM-1 POS SPA
• SPA-4XOC3-POS-4-port OC-3c/STM-1 POS SPA
• SPA-1XOC12-POS-1-port OC-12c/STM-4 POS SPA
• SPA-2XOC3-ATM-2-port OC-3c/STM-1 ATM SPA
• SPA-4XOC3-ATM-4-port OC-3c/STM-1 ATM SPA
• SPA-1XOC12-ATM-1-port OC-12c/STM-4 ATM SPA
Figure 5. Cisco 7600 Series SPA Interface Processor-400
The Cisco 7600 SPA Interface Processor-200 (7600-SIP-200) Module enables high-performance, intelligent WAN services. Enterprises and service providers can take advantage of the many flavors of the Shared Port Adapters for their WAN aggregation and connectivity options, as well as the increased scalability, performance, and rich features offered by the 7600-SIP-200. Additionally, the 7600-SIP-200 provides feature parity with the Enhanced FlexWAN while offering twice the performance and increased scalability.
The 7600-SIP-200 Module accepts up to four shared port adapters commonly used with the Cisco 7304, Cisco 7600, Cisco 12000, and CRS-1 Series Routers as well as the Cisco Catalyst 6500 Series Switch. In addition, it offers increased performance and memory compared to the existing FlexWAN and Enhanced FlexWAN modules. This innovative architecture is designed to deliver numerous media options and enable scalable, distributed, intelligent network services for current and next generation of applications.
The rich QoS and low-speed WAN aggregation features of the 7600-SIP-200 enable users to:
• Classify and mark packets for QoS treatment within the network
• Guarantee bandwidth to business-critical applications
• Limit bandwidth to non-critical applications
• Avoid network congestion by dropping select low-priority packets
• Smooth out bursts and avoid packet discard in the network
• Compressed Real-Time Protocol (cRTP) to maximize bandwidth utilization
• Link fragmentation and interleaving (dLFI) to minimize jitter
• Multi-Link Point to Point Protocol (MLPPP), Multi-Link Frame Relay Protocol (MLFR), ATM VC Bundle, Frame Relay VC Bundle to bundle multiple low speed links
7600-SIP-200 initially supports the following SPAs:
• SPA-2XOC3-POS-2-port OC-3c/STM-1 POS SPA
• SPA-4XOC3-POS-4-port OC-3c/STM-1 POS SPA
• SPA-2XOC3-ATM-2-port OC-3c/STM-1 ATM SPA
• SPA-4XOC3-ATM-4-port OC-3c/STM-1 ATM SPA
• SPA-CH8TE1-8-port T1/E1 SPA, to DS0 SPA
• SPA-2XT3/E3-2-port T3/E3 SPA
• SPA-4XT3/E3-4-port T3/E3 SPA
• SPA-2XCT3/DS0-2-port CT3 SPA, to T1/E1 SPA
• SPA-4XCT3/DS0-4-port CT3 SPA, to T1/E1 SPA
Figure 6. Cisco 7600 Series SPA Interface Processor-200
The WS-C6504-E is a Cisco Catalyst 6500 Series 4-slot chassis with a redundant power supply option. It delivers up to 600W per slot, with a variable speed fan.
The PWR-2700-AC power supply provides 1319W at 110V and 2669W at 220V in the CISCO7606 chassis.
2700 Watt DC Power Supply for the Cisco 7606
The PWR-2700-DC power supply provides 1319W when connected with 1 DC-input and 2669W when connected with 2 DC-input in the CISCO7606 chassis.
2700 Watt AC Power Supply for the Cisco 7604
PWR-2700-AC/4 power supply provides 1319W at 110V and 2669W at 220V in CISCO7604 and WS-C6504-E chassis.
2700 Watt AC Power Supply for the Cisco 7604
PWR-2700-DC/4 power supply provides 1319W when connected with 1 DC-input and 2669W when connected with 2 DC-input in CISCO7604 or WS-C6504-E chasses.
Cisco 1-Port OC-12c/STM-4c ATM Shared Port Adaptor
Supported on Cisco 7600 Series SPA Interface Processor-400 in Release 12.2(18)SXE.
Cisco 2-Port OC-3c/STM-1c ATM Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-400 and Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 4-Port OC-3c/STM-1c ATM Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-400 and Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 1-Port OC-12c/STM-4c POS Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-400 in Release 12.2(18)SXE.
Cisco 2-Port OC-3c/STM-1c POS Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-400 and Cisco Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 4-Port OC-3c/STM-1c POS Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-400 and Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 2-Port Clear Channel T3/E3 Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 4-Port Clear Channel T3/E3 Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 2-Port Channelized T3 (DS0) Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 4-Port Channelized T3 (DS0) Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
Cisco 8-Port Channelized T1/E1 Shared Port Adapter
Supported on Cisco 7600 Series SPA Interface Processor-200 in Release 12.2(18)SXE.
1-Port Fast Ethernet Port Adapter
Adds support for 1-port Fast Ethernet Port Adapter (PA-FE-TX and PA-FE-FX) to the Enhanced FlexWAN Module.
2-Port Fast Ethernet Port Adapter
Adds support for 2-port Fast Ethernet Port Adapter (PA-2FE) to the Enhanced FlexWAN Module.
1-Port Packet over SONET OC3c/STM1 Port Adapter
Adds support for the 1-port OC3c/STM1 Port Adapter (PA-POS-1OC3) to the Enhanced FlexWAN and FlexWAN modules.
3.3 Cisco IOS Security
Dynamic Multipoint VPN
Dynamic Multipoint VPN (DMVPN) combines multipoint Generic Routing Encapsulation (mGRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP) routing to provide users a streamlined method of configuring large hub-to-spoke IPsec VPNs and enables dynamic discovery of tunnel endpoints. DMVPN eliminates the requirement for defining static crypto maps for site-to-site VPNs.
This feature relies on the following two Cisco technologies:
• NHRP: a client and server protocol where the hub is the server and the spokes are the clients. The hub maintains an NHRP database of the public interface addresses of the each spoke. Each spoke registers its real address when it boots and queries the NHRP database for real addresses of the destination spokes in order to build direct tunnels.
• mGRE Tunnel Interface: allows a single GRE interface to support multiple IPsec tunnels and simplifies the size and complexity of the configuration.
The topology shown in Figure 4 and the corresponding bullets explain how this feature works.
Figure 7. DMVPN
• Each spoke has a permanent IPsec tunnel to the hub, not to the other spokes within the network. Each spoke registers as clients of the NHRP server.
• When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the real (outside) address of the destination (target) spoke.
• After the originating spoke learns the peer address of the target spoke, it can initiate a dynamic IPsec tunnel to the target spoke.
• The spoke-to-spoke tunnel is built over the multipoint GRE interface.
• The spoke-to-spoke links are established on demand whenever there is traffic between the spokes. Thereafter, packets are able to bypass the hub and use the spoke-to-spoke tunnel.
Benefits
• Hub Router Configuration Reduction
– Currently, for each spoke router, there is a separate block of configuration lines on the hub router that define the crypto map characteristics, the crypto access list, and the GRE tunnel interface. This feature allows users to configure a single multipoint GRE tunnel interface, a single IPsec profile, and no crypto access lists on the hub router to handle all spoke routers. Thus, the size of the configuration on the hub router remains constant even if spoke routers are added to the network.
• Automatic IPsec Encryption Initiation
– GRE has the peer source and destination address configured or resolved with NHRP. Thus, this feature allows IPsec to be immediately triggered for the point-to-point GRE tunneling or when the GRE peer address is resolved via NHRP for the multipoint GRE tunnel.
• Support for Dynamically Addressed Spoke Routers
– When using point-to-point GRE and IPsec hub-and-spoke VPN networks, the physical interface IP address of the spoke routers must be known when configuring the hub router because IP address must be configured as the GRE tunnel destination address. This feature allows spoke routers to have dynamic physical interface IP addresses (common for cable and DSL connections). When the spoke router comes online, it will send registration packets to the hub router: Within these registration packets is the current physical interface IP address of this spoke.
• Simplifies the burden of headend management and thus reduces the total cost of ownership.
VPN Routing and Forwarding-Aware Dynamic Multipoint VPN
VPN Routing and Forwarding (VRF) Instance Integrated Dynamic Multipoint VPN (DMVPN) enables users to map site-to-site DMVPN IPsec sessions into Multiprotocol Label Switching (MPLS) VPNs. This allows service providers to extend their existing MPLS VPN service by mapping off-net sites (typically a branch office) to their respective VPNs. IPsec sessions are terminated on the DMVPN PE device and traffic is placed in VRFs for MPLS VPN connectivity. Specifically, work was done to extend the Next Hop Routing Protocol (NHRP) to look into the VRF Tables while building the database of spoke addresses in the hub.
Figure 8. VRF Aware DMVPN
Benefits
• DMVPNs can be used to extend the MPLS networks deployed by service providers to leverage the ease of configuration of hub and spokes, support for dynamically addressed CPEs and zero touch provisioning for adding new spokes into a DMVPN.
• DMVPN architecture can unite many spokes into a single multipoint GRE interface, removing the need for a distinct physical/logical interface for each spoke in a native IPsec installation.
It is not uncommon to situate a remote DMVPN spoke behind a NAT box, where a Port Address Translation (PAT) is enabled. When the DMVPN spokes need to send a packet to a destination (private) subnet behind another spoke, they query the Next Hop Resolution Protocol (NHRP) server for the real (outside) address of the destination spoke. The DMVPN hub maintains a NHRP database of the tunnel endpoints and the physical address of the spokes.
Figure 6 illustrates that it is typical for spokes in a DMVPN cloud to be given the same physical address by the NAT boxes sitting in front of them. As the spokes often times have no control over the addresses provided to them by the ISP, DMVPN was enhanced to work for spokes behind a NAT Box.
Figure 9. NAT Transparency Aware DMVPN
Benefits
Provides deployment flexibility when spoke routers are behind NAT boxes.
Dynamic Multipoint VPN (DMVPN) Spoke-to-Spoke Functionality allows dynamic on-demand direct spoke-to-spoke tunnels to be created between two DMVPN spoke CPEs without traversing the hub. This feature enables production-ready spoke-to-spoke functionality in single- and multi-hub environments in a DMVPN network. It also incorporates increased spoke-to-spoke resiliency and redundancy in multi-hub configurations.
Figure 10. DMVPN Spoke-to-Spoke Functionality
Benefits
• Direct spoke-to-spoke tunnels
– This functionality allows direct spoke-to-spoke tunnel creation betwee
