IWAN and Service Provider connection via Layer 2 instead of Layer 3

WILLIAM STEGMAN · ‎12-23-2015

I understand the value in running DMVPN across a Layer 3 MPLS service offered in the sense that DMVPN encrypts traffic between sites, and was looking for additional advantages. We have a layer 3 service from our WAN provider, CER and PER via eBGP, and of course once I run DMVPN across the provider's MPLS network, I don't need their L3 capabilities via eBGP. I just need a path to reach the remote spokes via a default route to the PER, which lead me to think maybe we could change the L3 service to an L2 service and save money. But at that point, it seems the design and function of DMVPN would be diminished. I would end up with branches that would know how to reach all other branches directly via the IGP that would now be running across the L2 WAN, so I suppose NHRP wouldn't be needed. I suppose with an IGP running in the MPLS cloud, I wouldn't need a static default route in the WAN VRF, but instead could simply rely on my IGP to find the remote spoke. Is that it, aside from NHRP not exactly fitting into the design, is L2 a viable service to run DMVPN over?

thank you

Philip D'Ath · ‎12-28-2015

If you don't need encryption and the L2 service was fully meshed (like VPLS) I wouldn't bother using DMVPN. Use something much simpler like EIGRP.

Even in your currently network - if you don't need encryption because it is a private MPLS network you consider consider using just EIGRP with OTP (over the top). Then you can drop DMVPN and EBPG.

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ip-routing/whitepaper_C11-730404.html