cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
811
Views
0
Helpful
3
Replies

DMVPN - prevent spoke to spoke through HUB

jmattbullen
Level 1
Level 1

I have a phase 1 dmvpn setup with around 600 remote sites.  We run BGP over the hub and advertise a default route.  Is there any way other than an ACL on the hub to prevent spoke to spoke communication through the hub?  That ACL is getting quite large and my gut tells me there should be an easier way.

 

Thanks

3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

If you were using eigrp as the igp you could enable split-horizon prevent the spokes from knowing anything about each other
 

the spokes already don't know about each other.  but they get a default route so they send packets to the hub and the hub knows about the other network.

Hello

Basically you are wanting to do the opposite of what dmvpn is designed to to!

I am assuming your hub is dynamically multicasting and doesn't  have 600 static  nhrp.  mapping?

I was thinking a possibly use a bgp peer group and ip as path filter lists and apply It outbound prohibiting the spoke ASN's and advertising only local prefiixs and external routes..

 

 

 

 

 

res

paul

 

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco