Solved: anyway to tweak dmvpn spoke to spoke dynamic tunnel

Daniu Happy BGP · ‎01-28-2021

In my DMVPN network, assuming I have 2 spokes A and B both are advertising the same prefix 10.1.1.0/24. In case, if spoke C want to access 10.1.1.0/24, how will NHRP decide which spoke should it build dynamic tunnel with, A or B?

I assume NHRP will choose the spoke based on routing table. however, if hub choose spoke A as best path for prefix 10.1.1.0/24, if there anyway to fool NHRP to build dynamic tunnel with B if C want to access 10.1.1.0/24?

What I want to achieve here is when hub want to access 10.1.1.0/24, it choose spoke A, when other spoke want to access 10.1.1.0/24, it will build dynamic tunnel with spoke B to access it.

Giuseppe Larosa · ‎02-01-2021

Hello @Daniu Happy BGP ,

if Spoke A router is down its NHRP registration will expire on HUB/ NHS NHRP server and so PBR should revert to standard destination based routing and it should use Spoke B. But this should be tested as suggested by other colleagues.

You can use set ip next-hop SpokeA verify-availibilty in the route-map if supported to speed up convergence.

>> And in case, there are 2 routers for spoke A and 2 routers for spoke B how can PBR point to 2 routers?

Your scenario is becoming very complex at this point . I see two possible options :

a) as an approximate solution "half" subnets internal to HUB are pointed to Spoke A1 and "half " are pointed to Spoke A2 using appropriate ACLs this will provide a form of load sharing but no guarantees on effective load balancing.

b) if you have dual HUB and use GLBP for internal LANs you can have HUB1 to point to Spoke A1 and HUB2 to point to Spoke A2 again this is a form of load sharing

Hope to help

Giuseppe

View solution in original post

Georg Pauwen · ‎01-29-2021

Hello,

tough one. I am thinking you could do this with some sort of tunnel vrf and NAT combination. Is this a phase 3 DMPVPN ?

LikeMyFloydPink · ‎01-29-2021

Phase 3 and NHRP Redirect message, maybe?

NOTE: This is way over my pay-grade but I figured I'd jump in and try to hang on anyway.

Daniu Happy BGP · ‎01-31-2021

Actually its flexvpn, but just want to find out the way to tune the NHRP. Wondering is there any way to manipulate the nhrp redirect message.

balaji.bandi · ‎01-29-2021

Can you draw a small diagram how the exiting arrangment, and what is the tweak you looking, there may be some tweak we can suggest based on the information we get - based on what IGP you running here ?

( may be not possible - but thinking positiive something may come to people mind to advise better solution for you.)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Daniu Happy BGP · ‎01-31-2021

it is based on ebgp, with same AS on all the spokes. But bgp peering is only between hub and spoke.

Giuseppe Larosa · ‎01-29-2021

Hello @Daniu Happy BGP ,

given your requirements:

>> What I want to achieve here is when hub want to access 10.1.1.0/24, it choose spoke A, when other spoke want to access 10.1.1.0/24, it will build dynamic tunnel with spoke B to access it.

Spoke B must advertise subnet 10.1.1.0/24 with a better lower metric then Spoke A in the routing protocol that you use EIGRP or OSPF for example you can manipulate delay on Spoke A LAN interface to increase it from defaul value , for OSPF you can set an high ospf cost like 100 using ip ospf cost 100 on Spoke A LAN interface.

On hub router you can configure PBR for traffic destined to 10.1.1.0/24 to use=set next-hop SpokeA private IP address then NHRP should do the rest.

The route-map for PBR has to be applied on rx side on LAN interface(s) on hub router that are part of the DMVPN

note: you should test this.

Return traffic will be sent to HSRP active on common subnet 10.1.1.0/24.

Hope to help

Giuseppe

Daniu Happy BGP · ‎01-31-2021

Actually I also thought PBR. But PBR has limitations, like if spoke A is down, how the traffic can swing to spoke B?

And in case, there are 2 routers for spoke A and 2 routers for spoke B how can PBR point to 2 routers?

Giuseppe Larosa · ‎02-01-2021

Hello @Daniu Happy BGP ,

if Spoke A router is down its NHRP registration will expire on HUB/ NHS NHRP server and so PBR should revert to standard destination based routing and it should use Spoke B. But this should be tested as suggested by other colleagues.

You can use set ip next-hop SpokeA verify-availibilty in the route-map if supported to speed up convergence.

>> And in case, there are 2 routers for spoke A and 2 routers for spoke B how can PBR point to 2 routers?

Your scenario is becoming very complex at this point . I see two possible options :

a) as an approximate solution "half" subnets internal to HUB are pointed to Spoke A1 and "half " are pointed to Spoke A2 using appropriate ACLs this will provide a form of load sharing but no guarantees on effective load balancing.

b) if you have dual HUB and use GLBP for internal LANs you can have HUB1 to point to Spoke A1 and HUB2 to point to Spoke A2 again this is a form of load sharing

Hope to help

Giuseppe

MHM Cisco World · ‎01-29-2021

if the Hub redirect traffic from C toward A not B, then B always is hidden and never use.

normally we use this "same subnet" in Hub not in Spoke, where there are two Hub routers, and Spoke will select traffic through one router and other will be as backup.
for EIGRP we use delay.

Daniu Happy BGP · ‎01-31-2021

The real setup is in each place, we have 2 routers for redundancy. there is a very complex story behind of both A and B are advertising the same subnet. What I want to know is, whether there is the way to manually set what NHRP redirect message the hub can send.

Georg Pauwen · ‎02-01-2021

Hello,

I have a feeling that in order to get a working answer, we will need to lab this up. Post the full running configs of your hub(s) and spoke(s).

MHM Cisco World · ‎02-01-2021

..