Hi everyone,
I am reaching out to get your opinion on my below config, What i want to achieve is that a spoke having two vrf and two tunnels pointing to two different hubs, two eigrp instances with different AS numbers. Spoke will have two differnet ISP connections, two different LAN interfaces. I want to seggregate traffic. I am using ASR 1000x series router for this purpose. So below is the config and some key points.
- DMVPN config is fine as tunnels are already up and working but on different spoke routers and i want to move them to one router so only focus here is VRF config
- I have free interfaces on ASR 1000 so i am not going to create trunk and sub interfaces
- I can create two VRF's to seperate traffic from each other or I can create one VRF and that will isolate traffic anyway from another ISP and dynamic routing etc ?
- I am not adding any VRF config on the hub side and that should be ok ?
- ISP interfaces are also not added to VRF and that should be ok ?
- Added tunnel interfaces to VRF but not sure about using the command “tunnel vrf “ on the tunnel.
ip vrf RED
ip vrf BLUE
interface GigabitEthernet0/0/1
ip vrf forwarding RED
ip address 10.225.254.8 255.255.255.240
interface GigabitEthernet0/0/2
ip vrf forwarding BLUE
ip address 172.23.0.68 255.255.255.240
ip route vrf RED 0.0.0.0 0.0.0.0 x.x.x.x
ip route vrf BLUE 0.0.0.0 0.0.0.0 x.x.x.x
router eigrp 120
distribute-list prefix LocalRangesToAdvertiseOverDMVPN out Tunnel1
distribute-list route-map IgnoreABCRoutesOriginallyFromXYZ out GigabitEthernet0/0/2
network 172.18.1.0 0.0.0.255
network 172.18.2.0 0.0.0.255
network 172.23.0.64 0.0.0.15
address-family ipv4 vrf BLUE
router eigrp testabc
address-family ipv4 unicast autonomous-system 220
address-family ipv4 vrf RED
af-interface default
passive-interface
exit-af-interface
af-interface Tunnel1
no passive-interface
exit-af-interface
af-interface GigabitEthernet0/0/0
no passive-interface
exit-af-interface
topology base
distribute-list LocalRangesToAdvertiseOverDMVPN out Tunnel2
redistribute static
offset-list MakeThesePreferableThroughSQLTunnel out 10000 Tunnel2
exit-af-topology
network 10.24.136.0 0.0.0.255
eigrp router-id x.x.x.x
exit-address-family
interface Tunnel1
description Data Tunnel
ip vrf forwarding BLUE
bandwidth 1000
ip address x.x.x.x 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxx
ip nhrp map multicast x.x.x.x
ip nhrp map x.x.x.x x.x.x.x
ip nhrp network-id 83
ip nhrp nhs x.x.x.x
ip tcp adjust-mss 1360
delay 500
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 83
tunnel protection ipsec profile CoverTunnels
end
interface Tunnel2
description User tunnel
ip vrf forwarding red
bandwidth 600000
ip address 10.24.137.10 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxx
ip nhrp network-id 85
ip nhrp nhs x.x.x.x nbma x.x.x.x multicast
ip nhrp redirect
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 85
tunnel protection ipsec profile CoverTunnels
hold-queue 4096 in
hold-queue 4096 out
end