DMVPN versus MPLS

Hello world

An interesting question for the community.

If a router is configured with a DMVPN (or simply a VPN) tunnel and at the same time has an ethernet MPLS even remote desktop connection which route is a priority and why?

Thank you

Tom

Hello

the link I provided above described the idea how this is possible, if you are looking for the MPLS cloud and cloud DMVPN using EIGRP, then I suggest you do the following

in each router configure two EIGRP (AS) autonomous systems to be used on MPLS and the other to be used on DMVPN and follow the recommendations below

-to advertise networks in each AS EIGRP that should be available through (assuming that the same networks will be announced on both)

-do not redistribute between these two EIGRP AS

-use EIGRP offset-list of roads through the DMVPN tunnel interface make which the metric is higher and less preferred see below link to eigrp offset-list configuration

http://www.Cisco.com/en/us/Tech/tk365/technologies_tech_note09186a00800c2d96.shtml#modifycompositemetric

-You can use other methods other than delay llike ofset-list

for the other config design and recommendations please refer to the example of design in the previous post

If have any question just after her here

HTH

pls note the useful messages

Tags: Cisco Security

Similar Questions

  • DMVPN BGP and EIGRP

    I am in the initial phase of research DMVPN.  We currently have an MPLS network running BGP.  Each site has Internet at home as well as a VPN site-to-site is built on the router and talks to an ASA when the SPLM fails.

    I want to implement DMVPN to do away with the site to site VPN and ASA.  I'm going to run EIGRP on routers to connect DMVPN.  Are there any good whitepapers on BGP as the main path and by EIGRP on the DMVPN as a backup?  Or no focus on a general config?

    Thank you

    It's really the main issue.

    With your configuration DMVPN roads will be internal EIGRP of an advertisement of 90, so your default DC prefer DMVPN on MPLS, which is exactly what you don't want.

    There are several ways around this as summarizing through DMPVN, redistribution connected on the sites of the branch in EIGRP so roads DMVPN are external as well and then changing measures etc.

    The other alternative I have ever done so it's for your information is really Cisco have what is called a solution IWAN where DMVPN is performed everywhere that is, even through the MPLS network.

    That would solve your problem of external routes internal EIGRP but IWAN vs is much more than just that, even if you do not need necessarily to implement the entire solution at a time.

    I just thought that it should be mentioned, and if you want more information on this I can direct you to the design guide.

    Jon

  • MPLS BGP route push DMVPN rays

    I have an MPLS with BGP. I have sites that are not connected directly to the SPLM, also, but need a VPN s2s hub sites that are connected to the SPLM and in this way they access resources MPLS. I need to communicate the changes to itinerary for the SPLM when the DMVPN fails on another hub.

    Currently, this is my config:

    Datacenter (MPLS only)

     interface GigabitEthernet0/1 description MPLS ip address 192.168.0.34 255.255.255.252 interface Vlan2 ip address 192.168.96.2 255.255.255.0 router bgp 65511 bgp log-neighbor-changes network 192.168.96.0 neighbor 192.168.0.33 remote-as 65510

    Hub site 1 (MPLS + internet)

     interface Tunnel200 ip address 10.99.99.1 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication auth ip nhrp map multicast dynamic ip nhrp network-id 12345 ip nhrp holdtime 600 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 200 tunnel protection ipsec profile dmvpn interface GigabitEthernet0/1 description MPLS ip address 192.168.1.2 255.255.255.0 secondary ip address 192.168.0.2 255.255.255.252 router bgp 65001 bgp log-neighbor-changes network 192.168.1.0 network 192.168.21.0 !10.99 clients are DMVPN spokes neighbor 10.99.99.3 remote-as 99010 neighbor 10.99.99.3 route-reflector-client neighbor 10.99.99.21 remote-as 99001 neighbor 10.99.99.21 route-reflector-client !as 65000 is the MPLS PE neighbor 192.168.0.1 remote-as 65000

    Hub 2 site, has the same configuration, except for the local ip address and the router BGP ID.

    Spoke site:

     interface Tunnel200 ip address 10.99.99.3 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication auth ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1 ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2 ip nhrp network-id 12345 ip nhrp holdtime 600 ip nhrp nhs 10.99.99.1 priority 1 ip nhrp nhs 10.99.99.16 priority 5 ip nhrp nhs fallback 60 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 200 tunnel protection ipsec profile dmvpn interface GigabitEthernet0/1 description Internal ip address 192.168.3.1 255.255.255.192 router bgp 99010 bgp log-neighbor-changes network 192.168.3.0 neighbor 10.99.99.1 remote-as 65001 neighbor 10.99.99.16 remote-as 65013

    This site speaks

     #sh ip route B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01

    which is the network of HUBS, but the rest of the MPLS roads are not "learned".

    What Miss me?

    Thank you!

    192.168.21.0 is another spoke, sorry for Terseco not that. Same configuration as the op 192.168.3.0. So I make a record of the domain controller and it will the first hub and not backup

    The difference is that your hubs are advertising the subnet 192.168.21.0/24 IE. you have configured it as a statement of network under your BGP configuration on the hubs and not the rays where this subnet is actually which brings me to my next point.

    The hub will switch to backup when I mannualy closed the internet interface, but not the entire router. This could be a problem?

    Yes because the Hub 1 site still has its MPLS connection until 192.168.21.0/24 advertising to the domain controller is.

    If this subnet was announced by speak it that it belonged and not the hubs then it should be announced only by hub site 2 because the Hub 1 site is more would receive it on the site talks about.

    So why are advertising a route speaks on hubs instead of reception by spoke them and transmit to the MPLS network?

    Edit - for this subnet to advertise you must have a route in the IP routing for her table.  How are getting you this route in the routing table, it with a route static and if yes, what is the exact route you entered?

    Jon

  • DMVPN or GETVPN

    Team - we have a client that runs GET VPN over MPLS link to DC to rays.  They are heading for a refresh of the network.    We thought in suggesting IWAN to them.  DMVPN is one of the 4 pillars of IWAN.  Can ask the customer to go to DMVPN instead of GetVPN.  Or should we do it any other way.  Against, please highlight.

    Thank you

    bijbalaktn,

    When you say 'updating of the network', which implies? We will always use MPLS as our transportation network?

    GETVPN or DMVPN is a solution in an MPLS network. Two benefits of GETVPN include a little less overhead of encapsulation (as it is just the ESP without GRE encapsulation) and the lack of accountability for an overlay routing protocol. That said, when comparing DMVPN and GETVPN, most of the people are much more comfortable with DMVPN which is an advantage in and of itself. In addition, if you are considering a solution IWAN DMVPN is a requirement by the CVD IWAN.

    In short, a solution should work and it's really up to you; personally, I'm a big fan of both. If you are uncomfortable with GETVPN and it worked for you, it may be better to stay with that. However, DMVPN is expected to function properly for you as well.

    HTH,

    Frank

  • On DMVPNs selective IPSec encryption

    Hello

    I have a DMVPN with two rays on a MPLS-L3-IPVPN network. IPSec over GRE profiles using crypto. Works very well. Now, he only need to encrypt all traffic except EF DSCP. Tried with the help of ACB defining IP-Next Hop for EF-packages and just normal dug routing for all other types of traffic.

    My question is, I know cryptographic cards that use ACLs can selectively encrypt traffic through the IPSec/GRE tunnels. Cryptographic profiles don't seem to have this feature. Is there another way to do this?

    A snip Config by couple spoke it as below.

    ===============

    interface GigabitEthernet0/0.1
    DESC LAN i / f
    IP 10.10.10.1 255.255.255.0
    political intellectual property map route ACB

    interface Tunnel100
    IP 172.16.254.13 255.255.254.0
    no ip redirection
    property intellectual PNDH card 172.16.254.1 103.106.169.10
    map of PNDH IP multicast 103.106.169.10
    PNDH network IP-1 id
    property intellectual PNDH nhs 172.16.254.1
    property intellectual shortened PNDH
    KeepAlive 10 3
    source of tunnel GigabitEthernet0/1.401
    multipoint gre tunnel mode
    key 1 tunnel
    Profile of tunnel DMVPN-Crypto ipsec protection
    end

    GIE Router 1
    no car
    NET 172.16.254.0 0.0.1.255
    EIGRP log-neighbor-warnings
    EIGRP log-neighbor-changes
    ! - router id
    NET 10.10.10.0 0.0.0.255

    ACB allowed 10 route map
    ACB match ip address
    IP 11.2.100.2 jump according to the value
    !
    ACB allowed 20 route map

    ACB extended IP access list
    permit icmp host 10.10.10.5 host 15.1.1.1 dscp ef
    allow icmp host 10.10.10.5 host 15.1.1.1 dscp 41
    deny ip any any newspaper

    ===============

    Note: the routing table contains only a default route learned via EIGRP. Thus, if the ACB 10 past, policy would transmit to the Next-hop (PE). Or would otherwise use 0/0 and route thro' the tunnel.

    Thanks in advance!

    See you soon
    Aravind

    With DMVPN, no.  You will need to return to the use of just cryptographic cards, only using access lists to control what is and is not encrypted.

    If the "EF" traffic was dedicated VoIP subnets so you would have more options, you can choose everything just don't not to route these subnets above the Tunnel.

  • DMVPN Solution for 50 Branches...

    Hi all

    We have about 40 branches and a Central data center.
    each office is connected with the domain controller and all internet traffic passed and filtered between DC and the Central firewall.
    We have VoiP, with a Central in DC call manager.
    our data are in DC, except some of the offices that have their own file server.
    RDP is also continue to use.

    Now, one day, we have a MPLS network linking all of our offices.

    I do a search about to implement a DMVPN for all, or as a second solution to some of our offices (the small one).
    How can you recommend or kind one or the other solution?

    as I read, the voice traffic is the most critical and the most difficult to manage with the ISP and DMVPN Solution.

    I would really apriciate your opinion.

    Kind regards
    Thomas.

    PS
    I chose cause DMVPN we have in the near future to have a backup of our DC in a second office, only for some of the critics of the data and services.
    That's why I think to use the DMVPN with 2 Hubs

    Yes you can run it on the Internet.  Yes, you may have questions of VoIP.

    A solution that we used in the past is double internet connections.  You dedicate one VoIP and one for everything else.  Always much cheaper than MPLS.

    You can also use Pfr (routing performance) to select the circuit to use based on the latency and jitter, and the type of traffic.

    http://docwiki.Cisco.com/wiki/PfR3:solutions:Iwan

  • DMVPN getvpn or DVTI

    Hello

    in fact I situation as mentioned further and I am confused about design and implement what VPN topology, I choose DMVPN, GETVPN or DVTI

    I have 4 branch and 1 main site, branches have 2 connectivity to HQ a via INTERNET one another through MPLS, so I want to have Fail-over on the links and also secure two-way tunnel

    Best regards

    John Mayer

    GETVPN is not supposed to be used on the internet. If this isn't the solution.

    With this small amount of sites I set up static VTI on MPLS and use DVTIs on the internet if the branches have dynamic IPs. If the branches also have the static IP, I re also these links with the stuffy VTI.

    DMVPN could also be used in this scenario, but the protocol overhead is not necessary in this small scale scenario.

  • Scalability DMVPN

    I have three routers Hub that I am wanting to compare DMVPN scalabiltiy functions (3825 versus 3945 and 3845).  I have trouble finding enough information anywhere on Cisco's Web site that can help me.  I know it must be there somewhere and I'm not in the right place.  But I read and read and read on DMVPN designs and I'm not finding anything.  This turns into a time killer.  Could someone please help me determine what are the limitations of these three routers DMVPN?

    Thank you

    Chris

    Chris,

    We rarely test anything less than 7200 for hubs. I can give you theoretical numbers internally, I found.

    I strongly suggest you contact your account team for more precise info or SSE. News here are some estimates.

    Note that the major factor to scalability is the ability to maintain the multiple routing adjacencies.

    BGP must evolve better.

    3825 - even up to 200 peer

    3845. up to 300-400 depending on config/amount of the charge.

    3945 500-750 (without going into high CPU, but can stretch far beyond)

    On the flow, it will be even harder to give you a good estimate, so much more that probably we wouldn't able to much your real traffic without trials and depend on HW config.

    Marcin

  • DMVPN and VRF Lite

    Someone at - it an example of use of several networks DMVPN and VRF (no MPLS) interfaces

    I have a requirment to use a common link to transmit three talking about networks isolated to the Hub as encrypted data. It could be VTI doesn't bother me, but I can't use MPLS.

    Thank you

    Hello

    "back in the day", I made this config:

    of http://isamology.blogspot.com/2010/01/IPSec-and-vrfs-so-who-faire-vrf.html

    But normally, I guess you've seen this:
    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6660/prod_white_paper0900aecd8034be03_ps6658_Products_White_Paper.html

    Same principles apply to the VRF lite little matter DMVPN/VTI/GREoIPsec configuration.

    tunnel vrf VRF door =

    IP vrf forwarding = inside the VRF

    Now, if you add the cheat of Nico (for isakmp profiles) sheet especially if necessary, you should be all set.

    https://supportforums.Cisco.com/docs/doc-13524

    Marcin

  • Decision on DMVPN and L2L simple IPsec tunnels

    I have a project where I need to make a decision on which solution to implement... environment is as follows...

    • 4 branches.
    • Each branch has 2 subnets; one for DATA and another for VOICE
    • 2 ISPS in each (an Internet access provider and a provider of MPLS)
    • Branch #1 isn't necessarily the HUB office that all database servers and files are there are
    • Branch #2 is actually where the phone equipment
    • Other 2 branches are just branches speaks (may not need never DATA interconnectivy, but they do need interconnection VOICE when they call since we spoke directly to the other)
    • MPLS is currently used for telephone traffic.
    • ISP provider link is used for site to site tunnels that traverse the internet, and it is the primary path for DATA. Means that all branch DATA subnets use the tunnels from site to site as main road to join the #1 branch where all files and databases are located.
    • I'd like to have redundancy in case the network MPLS down for all traffic VOICE switch to L2L tunnels.

    My #1 Option

    Because it isn't really a star to the need, I don't really know if I want to apply DMVPN, although I read great things about it. In addition, another reason, I would have perhaps against DMVPN is the 'delay' involved, at least during initialization, communications having spoke-to-spoke. There is always a broken package when a department wants to initiate communication with one another.

    My #2 Option

    My other choice is just deploy L2L IPSec tunnels between all 4 branches. It's certainly much easier to install than DMVPN although DMVPN can without routing protocols that I think I'll need. But with these Plains L2L IPSec tunnels, I can also add the GRE tunnels and the routing of traffic protocols it as well as all multicast traffic. In addition, I can easily install simple IP SLA that will keep all tunnels upwards forever.

    Can someone please help to choose one over the other is? or if I'm just okay with the realization of the #2 option

    Thanks in advance

    Hi ciscobigcat

    Yes, OSPF will send periodic packets 'Hello' and they will maintain the tunnels at all times.

    The numbers that you see (143 and 1001) are the "cost" of the track, so OSPF (Simplified) will calculate what different paths there are to a destination and assign each of them a 'cost' (by assigning a cost to each segment of the path, for example GigabitEthernet is "lower cost" Fastethernet and then adding the costs of all segments).

    Then it will take the path to the lowest cost (143 in your case, in normal operation) and insert this in the routing table.

    So since traffic is already going the right way, I don't know if you still need any tweaking? Personally, I would not add a second routing protocol because, generally, makes things more complicated.

    QoS, it is important to use "prior qos rank".

    See for example

    http://www.Cisco.com/en/us/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/IPSecQoS.html

    http://www.Cisco.com/en/us/Tech/tk543/tk757/technologies_tech_note09186a00800b3d15.shtml

    HTH

    Herbert

  • DMVPN Question ISAKMP Security Association

    Hi all

    I have implemented a full mesh base DMVPN, similar to the int of config used life package

    http://packetlife.net/blog/2008/Jul/23/dynamic-multipoint-VPN-DMVPN/ tutorial.

    I have a Hub and two rays. Everything seems to be ok functioing. I've included the config below for tunnels.

    My Question is, when I do an isakmp crypto see the its, for example 2A talked, I have three ISAKMP SA with three different addresses of CBC...

    How is that possible when I only have the tunnels to two other devices, the hub and rays 1? and why a foreign source address appears as an association of ISAKMP security on this router?

    status of DST CBC State conn-id slot

    172.16.1.2 172.16.2.2 QM_IDLE 1 0 ACTIVE

    172.16.2.2 172.16.3.2 QM_IDLE 3 0 ACTIVE

    172.16.2.2 172.16.1.2 QM_IDLE 2 0 ACTIVE

    A similar result on the hub

    status of DST CBC State conn-id slot

    172.16.2.2 172.16.1.2 QM_IDLE 2 0 ACTIVE

    172.16.1.2 172.16.2.2 QM_IDLE 1 0 ACTIVE

    172.16.1.2 172.16.3.2 QM_IDLE 3 0 ACTIVE

    Still 1 spoke only a 2

    172.16.1.2 172.16.3.2 QM_IDLE 1 0 ACTIVE

    172.16.2.2 172.16.3.2 QM_IDLE 2 0 ACTIVE

    Crypto config for all:

    crypto isakmp policy 10 authentication pre-share crypto isakmp key P4ssw0rd address 172.16.0.0 255.255.0.0 ! crypto ipsec transform-set MyTransformSet esp-aes esp-sha-hmac ! crypto ipsec profile MyProfile set transform-set MyTransformSet ! interface Tunnel0 tunnel protection ipsec profile MyProfile

    Config of Tunnel hub

    interface Tunnel0

    10.0.100.1 IP address 255.255.255.0

    dynamic multicast of IP PNDH map

    PNDH network IP-1 id

    tunnel source fa0/0

    multipoint gre tunnel mode

    Spoke 1 Tunnel Config

    !

    interface FastEthernet0/0

    address 172.16.3.2 IP 255.255.255.0

    automatic duplex

    automatic speed

    !

    interface Tunnel0

    10.0.100.2 IP address 255.255.255.0

    no ip redirection

    map of PNDH IP 10.0.100.1 172.16.1.2

    map of PNDH IP multicast 172.16.1.2

    PNDH network IP-1 id

    property intellectual PNDH nhs 10.0.100.1

    source of tunnel FastEthernet0/0

    multipoint gre tunnel mode

    Profile of tunnel MyProfile ipsec protection

    Spoke 2 Config of Tunnel

    !

    interface FastEthernet0/0

    IP 172.16.2.2 255.255.255.0

    automatic duplex

    automatic speed

    !

    interface Tunnel0

    IP 10.0.100.3 255.255.255.0

    no ip redirection

    map of PNDH IP 10.0.100.1 172.16.1.2

    map of PNDH IP multicast 172.16.1.2

    PNDH network IP-1 id

    property intellectual PNDH nhs 10.0.100.1

    source of tunnel FastEthernet0/0

    multipoint gre tunnel mode

    Profile of tunnel MyProfile ipsec protection

    SRC and DST IP addresses indicate that was author and answering machine. They do not represent information outlet (in the traditional sense of the term).

    You could get in double sessions of the two scenarios IKE, are the most common.

    (1) the negotiation started at both ends "simultaneously".

    (2) renegotiation of IKE.

    What is strange to me, is that you seem to have initiated session and responsed by the hub.

    What I would do, is to add:

    -ip server only PNDH (on the hub, it is not a provided ASR)

    -DPD (on all devices).

    Assures us that this hub initiates not anything in the PNDH and useless/deceased sessions are torn down eventually.

  • MPLS transport

    I'm really confused where MPLS is located in the network stack

    We have Frame Relay on T1s and migrate to MPLS and MPLS service will be delivered over Frame Relay.

    I do not understand this because I keep reading about how MPLS has all but usurped Frame Relay. Why is he sold us with Frame Relay as the L2 Protocol?

    MPLS would be deleviered without Frame Relay? Can he take completely instead of a L2 Protocol or should it spend on framework, HDLC, PPP, or something like that?

    This becomes even more confused with pseudowires where you can actually carry HDLC over MPLS! What does MPLS in the first place?

    Sorry if this question is difficult to follow please let me know if you need me to clarify anything - it's difficult to write a question about something that is so confusing to me.

    I do not recommend that you actually do Ethernet over T1. I just pointed out that it is possible.

    Still, there is no MPLS between "What" and the EP, so even if you had Ethernet, it would not be MPLS over Ethernet.

    Concerning

  • DMVPN (NAT?) solution with rais as subnets

    Hi all

    I have a large number of remote networks that are prevalent all over the world. Currently, they are all individual island with no connectivity to anywhere else.

    What I would do is connect all back to Headquarters on the internet so I can access it remotely. The internet service that I receive from all the sites will be different and unknown for example some directly on the internet, some behind NAT.

    So I think that the solution to this is DMVPN.

    But my problem is that all of the remote locations have the same internal subnet. So, how can I make sure that they are all connected and remote devices are all available at the same time?

    I wonder if I can configure NAT on the router may talk so that each device has a static nat with the Natted IP is unique. I labbed this place GNS3 and it seems to work. However the problem is that there are hundreds of devices on each site, which means a large number of NAT entries.

    I was wondering is it possible to make a fair full 1:1 Nat specifies a network to network. For example, something like 192.168.20.0/24 NAT to 10.0.1.0/24, so try to access the 192.168.20.5 in fact, it connects to 10.0.1.5

    Has anyone never has something like this work?

    Y at - it a good solution?

    Thank you, Simon

    It is possible, but (assuming they already use NAT for Internet access) you'll need to define things very carefully to avoid interference with what they have.

    Do a complete translation of subnet is easy and is a good word:

    IP nat inside source static 10.0.0.0 network 192.168.0.0/24

    The problem is that this will replace all existing for this subnet NAT, condition and the existing NAT configuration.

    Can you provide an example of how the current NAT is set up for one of these sites?

  • Problems with mpls ldp label control.

    Hello!

    I have a strange problem with the ldp mpls label command. Cisco's Web site says this command was introducedn in IOS version 12.2 (33) CBC

    But as you can see I can't type this command...  I use GNS3.

    Thank you

    Hello

    [If this is not there this is is not supported in this version its nothing to do with GNS3 as complete pictures there not stripped like the IOUs of Linux, many commands have been removed between the progress of the v12 to v15 was huge change] you can check and compare images with this tool and what commands they support and what they have changed too

    http://Tools.Cisco.com/ITDIT/CFN/JSP/index.jsp

  • Slow flow on MPLS VPN WAN

    Anyone have any ideas why a portion of the traffic is slow as it passes through a VPN MPLS WAN. My FTP copies are fast but copy all windows or windows file transfers are slow. Copies of windows are about three times slower as the FTP transfers. Can be optimized on routers or switches?

    Hello

    Thus, all transfers are done with CIFS are slow and other then CIFS are ok?

    All transfers are between XP/7 and servers (before 2008)?

    Please take a look at http://bit.ly/rkh9IM

    CIFS (or SMB) prior to the 2008 version is slow by definition as it can not cope with very good latency. Other protocols such as HTTP and FTP run much smoother.

    When you run Server 2008 (or better) combination with Windows Vista (or better) should solve some of your problems as it can using SMBv2.

    What actual speed is your order on the MPLS and what is the maximum transfer reached between server and workstation?

    Best regards, G.

Maybe you are looking for

  • I am trying to recover my old favorites (and, hopefully, history) from my old computer to transfer to my new computer.

    I got the hard drive from my old computer and am trying to transfer my old files to it, but I'm not sure where to find the old bookmarks files. It would be wonderful if you could also help to recover the history - I was in the habit of keeping a larg

  • Cannot update BIOS for my Qosmio G30 - 162

    I have Toshiba Qosmio g30-162 and I have graphics problem. I tried a lot of things.I found on the internet about repair program. I wanted to update my BIOS, but I can't.I downloaded the BIOS ver 3.90 from Toshiba Web site and when I try to update me

  • simulation of 3D printer

    Hello I have some problems cut a 3d .stl file because I use tables or such order to use the Z axis for stratification. The thing is I am a rookie on Labview and my mission was to simulate a 3d printer, including control of all 3 axes... and the head

  • Where can I get the installation CD for Windows XP Professional?

    Original title: thankGODalways have key for windows XP proffisional need to install the XP CD thankGODalways have allowed the key for the installation of windows XP Professional need XP professional CD Adnan

  • Old clichés auto removal

    We have Veeam do backups of VMS, which generates snapshots of volume on our SAN. The question is, even if 'delete the oldest snapshot' is checked in the instant policy volume and "borrow space according to needs" is not checked, finally instant space