Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1832
Views
5
Helpful
1
Replies

Benefits of Front Door DMVPN

nygenxny123
Level 1
Level 1

‎03-07-2017 02:20 PM - edited ‎03-05-2019 08:09 AM

We currently have a few DMVPN sites with no separate Vrf for default routes or internet traffic.

What we do  have is EIGRP running between the hub and spoke and only allowing internal networks to be advertised via EIGRP

and  a static default route going out the local interface.  My question is the following..........

Is there any benefit for me to changing this to a front door vrf at the spoke site?

From the looks of the routing table..internet traffic is being sent locally

router eigrp 100
passive-interface default
no passive-interface Tunnel11
no passive-interface Tunnel12
network 10.77.85.0 0.0.0.255
network 10.77.86.0 0.0.0.255
distribute-list route-map EIGRP-OUTBOUND out Tunnel11
distribute-list route-map EIGRP-OUTBOUND out Tunnel12

route-map EIGRP-OUTBOUND permit 10
match ip address prefix-list Local

ip prefix-list Local-Nets seq 5 permit 10.77.85.0/24
ip prefix-list Local-Nets seq 10 permit 10.77.86.0/24


ip route 0.0.0.0 0.0.0.0 80.80.x.x


Gateway of last resort is 80.80.xx.xxx to network 0.0.0.0

80.0.0.0/29 is subnetted, 1 subnets
C 80.80.x.x is directly connected, GigabitEthernet0/0


D EX 10.3.32.0/21 [170/2707712] via 172.31.11.129, 5d03h, Tunnel11
D EX 10.4.48.0/20 [170/2195712] via 172.31.11.33, 6d15h, Tunnel12
D EX 10.3.48.0/20 [170/2707712] via 172.31.11.129, 5d03h, Tunnel11
D EX 10.4.0.0/20 [170/2195712] via 172.31.11.33, 6d15h, Tunnel12
D EX 10.4.0.0/16 [170/2195712] via 172.31.11.33, 6d15h, Tunnel12
D EX 10.3.0.0/20 [170/2707712] via 172.31.11.129, 5d03h, Tunnel11
D EX 10.3.0.0/16 [170/2707712] via 172.31.11.29, 5d03h, Tunnel11

Labels:
0 Helpful
1 Reply 1

willwetherman
Spotlight
Spotlight

‎03-07-2017 03:11 PM

Hi,

 

The main advantage of using a front door VRF is so that you can partition your routing table so that you can learn a default route via the tunnel interface and also use a default route for the transport interface to reach the DMVPN hub and other spokes. 

If you need to route user internet traffic out via the local WAN interface as you are now then you dont need to implement front door VRFs. However, If your intention is to route user internet traffic out via your hub site then you will need to implement front door VRFs so that the default routes do not conflict.

Hope this helps 

Customers Also Viewed These Support Documents