cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
266
Views
0
Helpful
3
Replies

DMVPN related design question.

Folks,

To being with we are using our routing environment using MPLS link and running BGP. As a backup we have implemented DMVPN tunnels which run over the internet. These DMVPN tunnels kick in only when the main MPLS link fails. Otherwise this backup Internet link is just standby and is not used.

I am planning to use this backup Internet link by passing some traffic over this and it would be best to send Internet traffic over this link. This is not a local Egress and the traffic would still tunnel to the Head Office.

If I use that by doing some BGP manipulations I am ending up in asymmetric routing at the Head Office.

What is the solution that the experts recommend?

One solution I am thinking of is NAT all the traffic going out of the tunnel to some different IP and prefer this IP over the DMVPN at the Head Office. i.e. tweak BGP to prefer this path. If that route seems feasible can that be achieved? I have pasted a sample configuration of my DMVPN from one for the Branch Office.

_____________________________________________________

interface Tunnel0
 description ** Spoke-Regular GRE --> to Head Office **
 bandwidth 2000
 ip address 192.168.62.46 255.255.255.128
 no ip redirects
 ip mtu 1480
 ip nhrp authentication DmvPNoverInet
 ip nhrp map 192.168.62.1 1.1.1.1
 ip nhrp map multicast 1.1.1.1
 ip nhrp network-id 100
 ip nhrp holdtime 300
 ip nhrp nhs 192.168.62.1
 ip tcp adjust-mss 1360
 tunnel source Serial1/0
 tunnel destination 1.1.1.1
 tunnel key 100
 tunnel protection ipsec profile vpn-dmvpn
!

_________________________________________________

This is a tunnel configuration of the spoke DMVPN where I am planning to do some NATting.

 

Thanks,

N.

 

3 Replies 3

Hello.

To send "some traffic' over the tunnel you may use PBR or PFR.

What I going to do is prefer the 0/0 route over the DMVPM using BGP. Now, when the site takes this route and goes to the Head Office I want to NAT this traffic so that there is no asymmetric routing.

Hello.

Sure you may try running "NAT", but it would complicate connectivity troubleshooting (do not invent a bike).

As I mentioned, the best ways to forward "some" traffic via alternative path (unless it's covered by a prefix) are PBR and PFR.

Review Cisco Networking for a $25 gift card