cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1765
Views
0
Helpful
12
Replies

DMVPN BGP and EIGRP

Andy Guley
Level 1
Level 1

I am in the initial phase of researching DMVPN.  Currently we have a MPLS networking running BGP.  Each site has an internet connection at it as well that a site to site VPN is built on the router and talks back to an ASA when the MPLS fails. 

I want to implement DMVPN to do away with the site to site VPN's and the ASA.  I am going to want to run EIGRP on the routers for the DMVPN connection.  Are there any good whitepapers on having BGP as the primary path and using EIGRP over the DMVPN as a backup?  Or any guidance on a general config?

Thanks

1 Accepted Solution

Accepted Solutions

So that is the main issue really.

With your DMVPN setup the routes will be EIGRP internal with an AD of 90 so your DC will by default prefer DMVPN over MPLS which is exactly what you don't want.

There are multiple ways around this such as summarising across DMPVN, redistributing connected at the branch sites into EIGRP so the DMVPN routes are external as well and then modifying metrics etc.

The other alternative which I have never done so it is for your information really is Cisco have what is called an IWAN solution where DMVPN is run everywhere ie even across the MPLS network.

This would solve your EIGRP internal vs external route issue but IWAN is a lot more than just that although you don't necessarily need to implement the whole solution at once.

Like I say just thought it worth mentioning and if you want more information on that I can point you to the design guide.

Jon

View solution in original post

12 Replies 12

Jon Marshall
Hall of Fame
Hall of Fame

Andy

Are you currently running EIGRP in your network ie. do you have sites where you have internal L3 devices that peer with the CE device and you redistribute any BGP routes from the MPLS network into EIGRP ?

Jon

We have 120 sites just running BGP no EIGRP.  At our data-center we are running EIGRP on the core switching and redistributing BGP into EIGRP.

So in your DC the routes are showing as EIGRP external with an AD of 170 ?

Where is the DMVPN hub going to be, is it in the DC ?

If not presumably the DC will still be connecting to the DMVPN network ?

Jon

Thanks for the quick response.

EIGRP routes have an admin distance of 170.

DMVPN hub will be in the DC.

So that is the main issue really.

With your DMVPN setup the routes will be EIGRP internal with an AD of 90 so your DC will by default prefer DMVPN over MPLS which is exactly what you don't want.

There are multiple ways around this such as summarising across DMPVN, redistributing connected at the branch sites into EIGRP so the DMVPN routes are external as well and then modifying metrics etc.

The other alternative which I have never done so it is for your information really is Cisco have what is called an IWAN solution where DMVPN is run everywhere ie even across the MPLS network.

This would solve your EIGRP internal vs external route issue but IWAN is a lot more than just that although you don't necessarily need to implement the whole solution at once.

Like I say just thought it worth mentioning and if you want more information on that I can point you to the design guide.

Jon

Jon,

Quick question, could I just lower the admin distance to be below 90 on the redistribution of EIGRP at the DC?  If I do that would routes then prefer MPLS over the DMVPN tunnel?

Thanks.

Andy

My initial reaction was no because I didn't think EIGRP used AD between it's own routes but I just tested it and it appears that you can do this.

Obviously AD is only local to the device so you can't pass it to other devices but if it only an internal L3 switch it may be a solution.

I say may because it is not possible to be specific as I don't know the full topology and what else you have so it would need testing.

Jon

Jon,


I actually just found this document. 

http://d2zmdbbm9feqrf.cloudfront.net/2015/usa/pdf/BRKCRS-2040.pdf

Check out page 23 and 24.  What are your thoughts on creating two EIGRP instances on the DMVPN router and redistributing into the core.  Then using the EIGRP delay commands?

Thanks

I would prefer that to changing the AD to be honest.

Basically there are two options if you don't want to run DMVPN across MPLS as well -

1) change the internal routes to external routes across DMVPN and this could be done by the way you suggest or alternatively depending on the sites you could do a "redistribute connected" into EIGRP which would make them external but that depends on the topology in each site

or

2) if you can summarise each site across the DMVPN but send more specific routes via MPLS then the AD doesn't come into it but again that depends on the sites.

It may be easiest in your topology to use a second EIGRP process.

Like I say I would rather use one of the above myself than modify the AD.

Jon

Thanks for the quick responses and suggestions.  I appreciate all your help. 

No problem.

If you get round to testing and are having any issues just add to this thread.

Jon

Jon,

Finally got DMVPN implemented and everything is working as expected. My DMVPN router is running EIGRP 100 and 200 processes.  My core switch is running EIGRP 100.  On my DMVPN router I am redistributing 100 into 200 and 200 into 100.  My remote sites are routing exaclty how I want them to.  My remote sites are running BGP (eBGP) and EIGRP 200.  Everything is routing exactly how I want it route.  Remote sites prefer BPG and if there is a failure of the MPLS connection routes via DMVPN.

The next problem that I have is I have another hosted data-center that is MPLS only.  If there is a failure of BGP the this data-center does not know how to get to the DMVPN network.  

At my main data-center where the DMVPN router lives I am thinking I need to redistribute EIGRP 100 into my MPLS network.  I have a dedicated MPLS router at this data-center.  When you redistribute EIGRP into BPG does it show up as an external route?  If it doesn't I believe I will have asymmetrical routing. 

Thanks      

     

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: