06-29-2015 01:52 AM - edited 03-05-2019 01:46 AM
Folks,
To being with we are using our routing environment using MPLS link and running BGP. As a backup we have implemented DMVPN tunnels which run over the internet. These DMVPN tunnels kick in only when the main MPLS link fails. Otherwise this backup Internet link is just standby and is not used.
I am planning to use this backup Internet link by passing some traffic over this and it would be best to send Internet traffic over this link. This is not a local Egress and the traffic would still tunnel to the Head Office.
If I use that by doing some BGP manipulations I am ending up in asymmetric routing at the Head Office.
What is the solution that the experts recommend?
One solution I am thinking of is NAT all the traffic going out of the tunnel to some different IP and prefer this IP over the DMVPN at the Head Office. i.e. tweak BGP to prefer this path. If that route seems feasible can that be achieved? I have pasted a sample configuration of my DMVPN from one for the Branch Office.
_____________________________________________________
interface Tunnel0
description ** Spoke-Regular GRE --> to Head Office **
bandwidth 2000
ip address 192.168.62.46 255.255.255.128
no ip redirects
ip mtu 1480
ip nhrp authentication DmvPNoverInet
ip nhrp map 192.168.62.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 100
ip nhrp holdtime 300
ip nhrp nhs 192.168.62.1
ip tcp adjust-mss 1360
tunnel source Serial1/0
tunnel destination 1.1.1.1
tunnel key 100
tunnel protection ipsec profile vpn-dmvpn
!
_________________________________________________
This is a tunnel configuration of the spoke DMVPN where I am planning to do some NATting.
Thanks,
N.
07-05-2015 02:20 AM
Hello.
To send "some traffic' over the tunnel you may use PBR or PFR.
07-05-2015 10:49 PM
What I going to do is prefer the 0/0 route over the DMVPM using BGP. Now, when the site takes this route and goes to the Head Office I want to NAT this traffic so that there is no asymmetric routing.
07-06-2015 01:27 AM
Hello.
Sure you may try running "NAT", but it would complicate connectivity troubleshooting (do not invent a bike).
As I mentioned, the best ways to forward "some" traffic via alternative path (unless it's covered by a prefix) are PBR and PFR.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide