cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1744
Views
25
Helpful
12
Replies

anyway to tweak dmvpn spoke to spoke dynamic tunnel

Daniu Happy BGP
Level 1
Level 1

In my DMVPN network, assuming I have 2 spokes A and B both are advertising the same prefix 10.1.1.0/24. In case, if spoke C want to access 10.1.1.0/24, how will NHRP decide which spoke should it build dynamic tunnel with, A or B?

 

I assume NHRP will choose the spoke based on routing table. however, if hub choose spoke A as best path for prefix 10.1.1.0/24, if there anyway to fool NHRP to build dynamic tunnel with B if C want to access 10.1.1.0/24?

 

What I want to achieve here is when hub want to access 10.1.1.0/24, it choose spoke A, when other spoke want to access 10.1.1.0/24, it will build dynamic tunnel with spoke B to access it.

1 Accepted Solution

Accepted Solutions

Hello @Daniu Happy BGP ,

if Spoke A router is down its NHRP registration will expire on HUB/ NHS  NHRP server and so PBR should revert to standard destination based routing and it should use Spoke B. But this should be tested as suggested by other colleagues.

You can use set ip next-hop SpokeA verify-availibilty in the route-map if supported to speed up convergence.

 

>> And in case, there are 2 routers for spoke A and 2 routers for spoke B how can PBR point to 2 routers?

Your scenario is becoming very complex at this point .  I see two possible options :

a) as an approximate solution    "half" subnets internal to HUB are pointed to Spoke A1 and "half " are pointed to Spoke A2 using appropriate ACLs this will provide a form of load sharing but no guarantees on effective load balancing.

 

b) if you have dual HUB and use GLBP for internal LANs you can have HUB1 to point to Spoke A1 and HUB2 to point to Spoke A2 again this is a form of load sharing

 

Hope to help

Giuseppe

 

View solution in original post

12 Replies 12

Hello,

 

tough one. I am thinking you could do this with some sort of tunnel vrf and NAT combination. Is this a phase 3 DMPVPN ?

Phase 3 and NHRP Redirect message, maybe?  

 

 

 

NOTE:  This is way over my pay-grade but I figured I'd jump in and try to hang on anyway.

Actually its flexvpn, but just want to find out the way to tune the NHRP. Wondering is there any way to manipulate the nhrp redirect message.

balaji.bandi
Hall of Fame
Hall of Fame

Can you draw a small diagram how the exiting arrangment, and what is the tweak you looking, there may be some tweak we can suggest based on the information we get - based on what IGP you running here ?

 

( may be not possible - but thinking positiive something may come to people mind to advise better solution for you.)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

it is based on ebgp, with same AS on all the spokes. But bgp peering is only between hub and spoke.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @Daniu Happy BGP ,

given your requirements:

>> What I want to achieve here is when hub want to access 10.1.1.0/24, it choose spoke A, when other spoke want to access 10.1.1.0/24, it will build dynamic tunnel with spoke B to access it.

 

Spoke B must advertise subnet 10.1.1.0/24 with a better lower metric then Spoke A in the routing protocol that you use EIGRP or OSPF for example you can manipulate delay on Spoke A LAN interface to increase it from defaul value , for OSPF you can set an high ospf cost like 100 using ip ospf cost 100 on Spoke A LAN interface.

 

On hub router you can configure PBR for traffic destined to 10.1.1.0/24 to use=set  next-hop SpokeA private IP address then NHRP should do the rest.

The route-map for PBR has to be applied on rx side on LAN  interface(s) on hub router that are part of the DMVPN

note: you should test this.

 

Return traffic will be sent to HSRP active on common subnet 10.1.1.0/24.

 

Hope to help

Giuseppe

 

 

Actually I also thought PBR. But PBR has limitations, like if spoke A is down, how the traffic can swing to spoke B?

 

And in case, there are 2 routers for spoke A and 2 routers for spoke B how can PBR point to 2 routers?

Hello @Daniu Happy BGP ,

if Spoke A router is down its NHRP registration will expire on HUB/ NHS  NHRP server and so PBR should revert to standard destination based routing and it should use Spoke B. But this should be tested as suggested by other colleagues.

You can use set ip next-hop SpokeA verify-availibilty in the route-map if supported to speed up convergence.

 

>> And in case, there are 2 routers for spoke A and 2 routers for spoke B how can PBR point to 2 routers?

Your scenario is becoming very complex at this point .  I see two possible options :

a) as an approximate solution    "half" subnets internal to HUB are pointed to Spoke A1 and "half " are pointed to Spoke A2 using appropriate ACLs this will provide a form of load sharing but no guarantees on effective load balancing.

 

b) if you have dual HUB and use GLBP for internal LANs you can have HUB1 to point to Spoke A1 and HUB2 to point to Spoke A2 again this is a form of load sharing

 

Hope to help

Giuseppe

 

186001.jpg


if the Hub redirect traffic from C toward A not B, then B always is hidden and never use.

normally we use this "same subnet" in Hub not in Spoke, where there are two Hub routers, and Spoke will select traffic through one router and other will be as backup.
for EIGRP we use delay. 

The real setup is in each place, we have 2 routers for redundancy. there is a very complex story behind of both A and B are advertising the same subnet. What I want to know is, whether there is the way to manually set what NHRP redirect message the hub can send.

Hello,

 

I have a feeling that in order to get a working answer, we will need to lab this up. Post the full running configs of your hub(s) and spoke(s).

..

Review Cisco Networking for a $25 gift card