cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
693
Views
0
Helpful
12
Replies
Beginner

DMVPN BGP and EIGRP

I am in the initial phase of researching DMVPN.  Currently we have a MPLS networking running BGP.  Each site has an internet connection at it as well that a site to site VPN is built on the router and talks back to an ASA when the MPLS fails. 

I want to implement DMVPN to do away with the site to site VPN's and the ASA.  I am going to want to run EIGRP on the routers for the DMVPN connection.  Are there any good whitepapers on having BGP as the primary path and using EIGRP over the DMVPN as a backup?  Or any guidance on a general config?

Thanks

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

So that is the main issue

So that is the main issue really.

With your DMVPN setup the routes will be EIGRP internal with an AD of 90 so your DC will by default prefer DMVPN over MPLS which is exactly what you don't want.

There are multiple ways around this such as summarising across DMPVN, redistributing connected at the branch sites into EIGRP so the DMVPN routes are external as well and then modifying metrics etc.

The other alternative which I have never done so it is for your information really is Cisco have what is called an IWAN solution where DMVPN is run everywhere ie even across the MPLS network.

This would solve your EIGRP internal vs external route issue but IWAN is a lot more than just that although you don't necessarily need to implement the whole solution at once.

Like I say just thought it worth mentioning and if you want more information on that I can point you to the design guide.

Jon

12 REPLIES 12
Hall of Fame Guru

Andy

Andy

Are you currently running EIGRP in your network ie. do you have sites where you have internal L3 devices that peer with the CE device and you redistribute any BGP routes from the MPLS network into EIGRP ?

Jon

Beginner

We have 120 sites just

We have 120 sites just running BGP no EIGRP.  At our data-center we are running EIGRP on the core switching and redistributing BGP into EIGRP.

Hall of Fame Guru

So in your DC the routes are

So in your DC the routes are showing as EIGRP external with an AD of 170 ?

Where is the DMVPN hub going to be, is it in the DC ?

If not presumably the DC will still be connecting to the DMVPN network ?

Jon

Beginner

Thanks for the quick response

Thanks for the quick response.

EIGRP routes have an admin distance of 170.

DMVPN hub will be in the DC.

Hall of Fame Guru

So that is the main issue

So that is the main issue really.

With your DMVPN setup the routes will be EIGRP internal with an AD of 90 so your DC will by default prefer DMVPN over MPLS which is exactly what you don't want.

There are multiple ways around this such as summarising across DMPVN, redistributing connected at the branch sites into EIGRP so the DMVPN routes are external as well and then modifying metrics etc.

The other alternative which I have never done so it is for your information really is Cisco have what is called an IWAN solution where DMVPN is run everywhere ie even across the MPLS network.

This would solve your EIGRP internal vs external route issue but IWAN is a lot more than just that although you don't necessarily need to implement the whole solution at once.

Like I say just thought it worth mentioning and if you want more information on that I can point you to the design guide.

Jon

Beginner

Jon,

Jon,

Quick question, could I just lower the admin distance to be below 90 on the redistribution of EIGRP at the DC?  If I do that would routes then prefer MPLS over the DMVPN tunnel?

Thanks.

Hall of Fame Guru

Andy

Andy

My initial reaction was no because I didn't think EIGRP used AD between it's own routes but I just tested it and it appears that you can do this.

Obviously AD is only local to the device so you can't pass it to other devices but if it only an internal L3 switch it may be a solution.

I say may because it is not possible to be specific as I don't know the full topology and what else you have so it would need testing.

Jon

Beginner

Jon,

Jon,


I actually just found this document. 

http://d2zmdbbm9feqrf.cloudfront.net/2015/usa/pdf/BRKCRS-2040.pdf

Check out page 23 and 24.  What are your thoughts on creating two EIGRP instances on the DMVPN router and redistributing into the core.  Then using the EIGRP delay commands?

Thanks

Highlighted
Hall of Fame Guru

I would prefer that to

I would prefer that to changing the AD to be honest.

Basically there are two options if you don't want to run DMVPN across MPLS as well -

1) change the internal routes to external routes across DMVPN and this could be done by the way you suggest or alternatively depending on the sites you could do a "redistribute connected" into EIGRP which would make them external but that depends on the topology in each site

or

2) if you can summarise each site across the DMVPN but send more specific routes via MPLS then the AD doesn't come into it but again that depends on the sites.

It may be easiest in your topology to use a second EIGRP process.

Like I say I would rather use one of the above myself than modify the AD.

Jon

Beginner

Thanks for the quick

Thanks for the quick responses and suggestions.  I appreciate all your help. 

Hall of Fame Guru

No problem.

No problem.

If you get round to testing and are having any issues just add to this thread.

Jon

Beginner

Jon,

Jon,

Finally got DMVPN implemented and everything is working as expected. My DMVPN router is running EIGRP 100 and 200 processes.  My core switch is running EIGRP 100.  On my DMVPN router I am redistributing 100 into 200 and 200 into 100.  My remote sites are routing exaclty how I want them to.  My remote sites are running BGP (eBGP) and EIGRP 200.  Everything is routing exactly how I want it route.  Remote sites prefer BPG and if there is a failure of the MPLS connection routes via DMVPN.

The next problem that I have is I have another hosted data-center that is MPLS only.  If there is a failure of BGP the this data-center does not know how to get to the DMVPN network.  

At my main data-center where the DMVPN router lives I am thinking I need to redistribute EIGRP 100 into my MPLS network.  I have a dedicated MPLS router at this data-center.  When you redistribute EIGRP into BPG does it show up as an external route?  If it doesn't I believe I will have asymmetrical routing. 

Thanks      

     

 

 

CreatePlease to create content
Content for Community-Ad