Apologies if my understanding of this isn't great.

Curently I have to modify the ospf costs of the GRE interfaces at both sites to ensure a particular tunnel is used for traffic in both directions. If I only modify the costs at one site, return traffic ends up coming down a different tunnel.

By keeping multiple GRE interfaces at the secondary site, I will inded still be able to control which specific tunnel is used via OSPF costs.

When it comes to return traffic from the Primary site, I would then give the GRE interface of the main router a higher cost to ensure all traffic goes via this router. However, there will be 2 DMVPN tunnels established at this point, so how can I control which tunnel is used for this, the return traffic? These 2 dynamic tunnels will be of equal cost by default, I would imagine.

Thanks

With DMVPN you can still adjust the OSPF metrics by changing the bandwidth statement on the tunnel interface.

On which ever tunnel you would like to make the preferred return path set the bandwidth to be higher using the bandwidth command, or you could simple lower the cost on the interface using the “ip ospf cost statement”.

I see two options:

On the routers of the secondary site

1- Set a different OSPF cost on the LAN interface of each router if the subnet is part of OSPF domain (network statement)

2- Redistribute your LAN on the two routers with two E2 metrics

HTH

Laurent.

HI,

Thanks for this. Just to make suye I've understood you correctly, if I go for option 1, I would modify the costs of the tunnel interfaces AND the physical ethernet interfaces at the Secondary site. This would mean I wouldn't need to make any OSPF cost changes at the primary site and this would also influence return traffic. Is this corect?

Thanks

Thank you for all your help with this

Hi,

If it's ok I'd like to pick your brain once again. If I was to change the above setup, so I only placed a single 1812 router at the secondary site, how can I acheive this with just one router?

I've looked at this example:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml

I would want both WAN connections to be in use all the time as I would need all the GRE tunnels to be up.

Thanks

I am guessing, if I setup everything as per the Cisco guide and then setup:

- the ipsec sa details and gre tunnel details

- static routes for the backup GRE tunnels to go via the backup WAN

This should allow me to use a single router?

Thanks

Hi,

If I understand you correctly, you want to to load-balance your traffic across both tunnels which are stick to a different WAN interface right ?

If it's the case then you just have to create two different tunnels each one using a different WAN interface as the source address. As you said to stick a tunnel to a WAN link, configure /32 routes to join the IPSec peers:

int tunnel 1

tunnel source fast0/1

tunnel destination 1.1.1.1

!

int tunnel 2

tunnel source fast0/2

tunnel destination 2.2.2.2

!

ip route 1.1.1.1 255.255.255.255

ip route 2.2.2.2 255.255.255.255

With this design, if you loose a WAN link, the OSPF adj in the tunnel sticks to this interface will get down and you will re-route the traffic to other tunnel

You could also decide to re-route the tunnel itself over the 2nd WAN link instead. In this case, you need to add floating routes:

ip route 1.1.1.1 255.255.255.255 250

ip route 2.2.2.2 255.255.255.255 250

It allows you to keep using the two links of your primary site even if you lost one link on your secondary site.

HTH

Laurent.

Once again, thank you for your help with this.