https://106c4.wpc.azureedge.net/80106C4/Gallery-Prod/cdn/2015-02-24/prod20161101-microsoft-windowsazure-gallery/cisco.cisco-csr-tvnethub-template.1.0.1/Icons/Large.png

Cisco CSR 1000V DMVPN Transit VNET

Cisco Systems, Inc.
DMVPN all-CSR based Transit VNET

Cisco CSR 1000V DMVPN Transit VNET

Cisco Systems, Inc.

DMVPN all-CSR based Transit VNET

A transit VNET is a common strategy to connect multiple, geographically disperse vNETS and remote networks. It simplifies network management and minimizes the number of connections required to connect multiple VNETs and remote networks.

Microsoft Azure VNETs leverages Virtual Network (VNET) peering to establish communication between VNETs. Microsoft Azure Transit vNET, known as Gateway Transit, is a centralized vNET, connecting multiple spoke vNETs.

Cisco Transit vNET solution on Azure uses a pair of Cisco CSR1000v devices acting as DMVPN Hubs in active-active mode. The spoke VNETs also have a Cisco CSR1000v acting as DMVPN Spoke connecting to both the CSR1000v devices in the Hub vNET through routing overlays such as EIGRP and BGP. This solution does not require manual configuration and is fully automated. Once deployed, this solution automatically creates dynamic spoke-to-spoke IPsec tunnels in an on-demand fashion. This solution on Microsoft Azure is introduced on CSR100v starting with IOS-XE release 16.9.x

The Cisco Cloud Services Router (CSR) 1000v is a full-featured Cisco IOS XE virtual form factor router, enabling enterprise-class networking services in the Azure cloud. The following are some of the benefits of using this solution:

  • Higher IPSec throughput of Transit-VNET (two Cisco CSR1000v devices in Active-Active state) and increased IPSec scales (upto 1000 IPSec tunnels per CSR1000v)
  • Connect multiple vNETs spanning globally, across regions and subscriptions
  • Dynamic Spoke-to-Spoke IPsec tunnel reduces billing charges, as the traffic can now flow directly between one spoke vNET to another without having to traverse the Transit-Hub vNET
  • Seamlessly connect to MultiCloud & Hybrid Cloud topologies with DMVPN as an overlay
  • Ability to handle Overlapping IP-Address space in Spoke VNETs
  • End-to-End encryption is possible (From spoke-vNET to another spoke-vNET or to remote branch or on-premise locations)
  • Enhances the cloud with rich Cisco IOS XE feature set that includes, QoS, ZBFW, NAT, AVC, thereby increasing the end-to-end traffic and application visibility and control.