Regarding area 0 continuity, I did small test where I turned off OSPF on the HUB2 router.
So in this case only HUB1 was working, so something which can also happen due to the router failure.
But with only 1 DMVPN hub working it also didn't solve the issue.

Deactivation of a hub, wasn't something I suggested, as it should NOT partition area 0 as long as you have any other router like your area 6 example.

Even if you did partition your area 0, the way you're configured, I'm unsure you would create a problem.

Just for laughs, in a problem area, like one represented by area 2 in your diagram (i.e. two VPN routers), you might try creating secondary area 0 addresses on your VPN routers, on the same interfaces working with the branch area L3 switch (latter not to be given a similar secondary).  This would be somewhat like your area 6 example, but with two branch routers rather that one.

I've still not yet (haven't had the time) to fully analyze the additional information you've provided.  So far, haven't seen a obvious reason why you're having this problem. (To really analyze this, might need to dig into the LSA database.)

One of our great(est) contributors, @Peter Paluch, I believe, is very knowledgeable about many routing protocols, including OSPF.  If he has the time, perhaps he'll join us.

Simplified topology:

So the areas like area 2 doesn't work, areas like this with number 6 seems to be working. The last varation like area 15 is not checked yet.

Config for HUB1 router:
router ospf 10
router-id 10.100.0.1
priority 100
auto-cost reference-bandwidth 100000
nsf
area 0 authentication
area 1 authentication message-digest
redistribute static metric-type 1 subnets
redistribute bgp 65210 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel101
network 10.100.0.1 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.101.100.0 0.0.0.255 area 1
default-information originate metric 180 metric-type 1

interface Tunnel101
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf priority 100
ip ospf bfd
ip ospf 10 area 0

interface GigabitEthernet0/0/0
ip ospf message-digest-key 1 md5 xxxxxxxxxxxxxx
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 100
ip ospf bfd
ip ospf 10 area 1

----------------------
WORKING SCENARIO
----------------------

SPOKE RTR:
router-id 10.100.0.16
auto-cost reference-bandwidth 100000
nsf
area 0 authentication
area 7 authentication
redistribute static metric-type 1 subnets
redistribute bgp 65228 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel101
no passive-interface Tunnel201
network 10.100.0.16 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.100.2.0 0.0.0.255 area 0
network 10.107.100.0 0.0.0.255 area 7

interface Tunnel101
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0

interface Tunnel201
ip ospf authentication key-chain WAN2-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0
ip ospf cost 10000

interface GigabitEthernet0/0/0
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 50
ip ospf bfd
ip ospf 10 area 7


show ip ospf nieghbor:
Neighbor ID Pri State Dead Time Address Interface
10.100.0.2 90 FULL/DR 00:00:35 10.100.2.1 Tunnel201
10.100.0.1 100 FULL/DR 00:00:39 10.100.1.1 Tunnel101
10.107.100.4 1 FULL/BDR 00:00:13 10.107.100.4 GigabitEthernet0/0/0

show ip ospf int brief:
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo1 10 0 10.100.0.16/32 1 LOOP 0/0
Tu201 10 0 10.100.2.8/24 10000 BDR 1/1
Tu101 10 0 10.100.1.8/24 3333 BDR 1/1
Gi0/0/0 10 7 10.107.100.2/24 100 DR 1/1


MULTILAYER SWITCH:
router ospf 10
router-id 10.107.100.4
auto-cost reference-bandwidth 100000
nsf
area 7 authentication
passive-interface default
no passive-interface Vlan100
network 10.107.0.0 0.0.255.255 area 7
network 192.168.208.0 0.0.0.255 area 7
network 192.168.228.0 0.0.0.255 area 7

interface Vlan100
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf bfd
ip ospf 10 area 7


show ip ospf nieghbor:
Neighbor ID Pri State Dead Time Address Interface
10.100.0.16 50 FULL/DR 00:00:11 10.107.100.2 Vlan100

show ip ospf int brief:
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Vl228 10 7 192.168.228.5/24 100 DR 0/0
Vl208 10 7 192.168.208.1/24 100 DR 0/0
Vl100 10 7 10.107.100.4/24 100 BDR 1/1


----------------------
NOT WORKING SCENARIO
----------------------

SPOKE RTR1:
router ospf 10
router-id 10.100.0.22
auto-cost reference-bandwidth 100000
nsf
area 0 authentication
area 10 authentication
redistribute bgp 65224 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel101
network 10.100.0.22 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.110.100.0 0.0.0.255 area 10

interface Tunnel101
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0

interface GigabitEthernet0/0/0
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 100
ip ospf bfd
ip ospf 10 area 10


show ip ospf nieghbor:
Neighbor ID Pri State Dead Time Address Interface
10.100.0.1 100 FULL/DR 00:00:32 10.100.1.1 Tunnel101
10.100.0.23 50 FULL/BDR 00:00:12 10.110.100.3 GigabitEthernet0/0/0
10.110.100.4 1 FULL/DROTHER 00:00:12 10.110.100.4 GigabitEthernet0/0/0


show ip ospf int brief:
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo1 10 0 10.100.0.22/32 1 LOOP 0/0
Tu101 10 0 10.100.1.11/24 10000 BDR 1/1
Gi0/0/0 10 10 10.110.100.2/24 100 DR 2/2

SPOKE RTR2:
router ospf 10
router-id 10.100.0.23
auto-cost reference-bandwidth 100000
nsf
area 0 authentication
area 10 authentication
redistribute bgp 65224 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel201
network 10.100.0.23 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.110.100.0 0.0.0.255 area 10

interface Tunnel201
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0
ip ospf cost 10000

interface GigabitEthernet0/0/0
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 50
ip ospf bfd
ip ospf 10 area 10
ip ospf cost 10000


show ip ospf nieghbor:
Neighbor ID Pri State Dead Time Address Interface
10.100.0.2 90 FULL/DR 00:00:38 10.100.2.1 Tunnel201
10.100.0.22 100 FULL/DR 00:00:10 10.110.100.2 GigabitEthernet0/0/0
10.110.100.4 1 FULL/DROTHER 00:00:11 10.110.100.4 GigabitEthernet0/0/0


show ip ospf int brief:
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo1 10 0 10.100.0.23/32 1 LOOP 0/0
Tu201 10 0 10.100.2.11/24 10000 BDR 1/1
Gi0/0/0 10 10 10.110.100.3/24 10000 BDR 2/2


MULTILAYER SWITCH:
router ospf 10
router-id 10.110.100.4
auto-cost reference-bandwidth 100000
nsf
area 10 authentication
passive-interface default
no passive-interface Vlan100
network 10.110.0.0 0.0.255.255 area 10
network 192.168.224.0 0.0.0.255 area 10

interface Vlan100
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf bfd
ip ospf 10 area 10


show ip ospf nieghbor:
Neighbor ID Pri State Dead Time Address Interface
10.100.0.22 100 FULL/DR 00:00:11 10.110.100.2 Vlan100
10.100.0.23 50 FULL/BDR 00:00:11 10.110.100.3 Vlan100


show ip ospf int brief:
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Vl224 10 10 192.168.224.1/24 100 DR 0/0
Vl100 10 10 10.110.100.4/24 100 DROTH 2/2

Regarding few more questions:

- RID should be unique for each router and multilayer switch using OSPF.
- I hope that areas are configured correctly. Each hub and spoke router has tunnel interface in area 0 while LAN interface in specific and unique area. Multilayer switches are only in normal areas (without area 0), but they are connected to these routers which have connection with area 0.
- in case of other protocols, yes there is BGP, but it's used only for private IP address scope which is redistributed to the OSPF. What is more, there is a EIGRP which I would like to replace with OSPF because later I would like to also use dynamic routing on on Cisco devices which are not talking via EIGRP. But in situation where I turn off EIGRP in one scenario OSPF works ok, but in other scenario communication is lost as not all routes are installed in routing table.

To be honest I'm starting to wonder, if in this case if branch has 2 spoke routers, then maybe connection both spokes with both hubs will not solve the issue. However in case of EIGRP the current scenario works fine, so I'm wondering why......

Freind you config ospf priority 100 in hub

That good only clear ip ospf process in not work sites and check again. 

Laugh, I just hit reply on my last posting, got an invalid authentication, or some such, refreshed paged, and saw David's posting hitting some of the very issues I was going to bring up, like the high auto reference cost especially along with using manual costs of 10K.

I was going to also ask about EXACTLY what has been appearing, or not, in route tables, along with what looked incorrect about the OSPF database.

BTW, David, "The max metric of an OSPF link is 65535. So it wont install in the RIB if it hits the max metric.", in the past, I recall (?), when I've actually bumped into hitting the max cost for multiple paths, all such were considered equal and were installed.  (I also recall using an IOS version that when you exceeded the number of max OSPF ECMP routes, it would incorrectly compute what should be installed [in my case, though, IOS had been fixed].)

Anyway, I just set up a very small PT environment, with a topology of one spoke area only having one router, and another spoke having two routers.  Did not muck with costs and/or auto bandwidth costing, but, of course, sh ip route and show ip os database look "different" from each of the spoke L3 switches.  Hence, probably worthwhile to fully understand EXACTLY what you believe OSPF is doing incorrectly.

Don't know if it's of any use, but I've attached the PT file.

Very interesting. Ill take a look at the PT file later (if this hasn't been solved as I am curious).

Also just to clarify the max metric was per link. So you could have 2 links each with a cost of 50000 and it would still be ok. In total it would be 100000 but each link was still below the maximum and still valid and installed in the RIB. 

Interesting if you hit max metric and still installed anyway but to be fair if they are all the same number even if it is max metric its still an ECMP, maybe a bug or "feature" haha. But still good to know it "can" happen maybe in certain situations.

Specifically looking for 65535 where the TOS metric is 10 in this example:

May be a mute point after what you mentioned though.

But with a summary address since it inter-area. I think like you said we may need full configs to properly tshoot better in this scenario.

BTW

Clarification:

A better description of this issue/situation, might be found here .  

As an example, I just configured PT with 4 routers in series, with first having cost of 40,000 and second having cost of 65,535 (max), and from first,

sh ip route:

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/0
O 192.168.2.0/24 [110/105535] via 192.168.1.2, 00:00:09, GigabitEthernet0/0/0
O 192.168.3.0/24 [110/105536] via 192.168.1.2, 00:00:09, GigabitEthernet0/0/0

I.e. maximum link/interface cost I could set was 64K, but OSPF did sum the 40K and 65K (and default last link cost of 1) link costs.

Peter thanks for joining!!!

Regarding your question whether the two hubs have a tunnel adjacency, believe the answer is no, as each hub only has one DMVPN, each different subnets.

So, I believe your point #1 isn't a "direct" issue, alone. (If I'm mistaken, please correct me.)

As far as I can tell, so far, the only thing that precludes area (zero) partitioning is spokes with single VPN router (IMO far from ideal [i.e. ditto your point #2]).

Joseph,

I am glad to be around : ) Thank you for having me!

Oh, if every DMVPN hub has its own independent Tunnel interface then this is quite a weird design... I missed that. In that case, it is even more relevant to ask what makes the area 0 contiguous in this case. In theory, the area 0 is currently kept contiguous through the spoke router in area 6 but I'm not sure how much detail has been simplified away. We definitely need @qualxarnu to shed more detail on this. Most certainly, keeping the area 0 contiguous through spoke routers is a major no-no. There needs to be another topology put in place to make the area 0 contiguous - even as simple as a dedicated physical link between the two DMVPN hubs. But there must be something added if it's not in place already.

Best regards,
Peter

Hi Peter, Hi Guys,

I'm sorry for my silence. I'm recently busy with some project.
Anyway so far I would like to thank you for all those questions and thoughts, because it's starts to lead me to some conclution which I was suspecting but I was not copletely sure.
So small comment from my side, the environment on which I would like to run the OSPF, it's a company environment and it's something which needs a lot of improvements and which I try to do recently.
For now I had to turn off the OSPF, as it's the production network and I will be able to do some test during the weekend.
So I cannot send you right now all these SHOWs for OSPF, but I can give you some configuration and answer some questions.
Based on what you ALL wrote so far I thing that maybe all spoke routers should have DMVPN tunnel to both HUBs. This is what I thought once it turned out that location with only one spoke, which has tunnels to both hubs, works fine.
However I was not sure, because currently working EIGRP somehow works correctly on this topology.
Second thing is maybe a DMVPN phase, because if I'm ot wrong, currently configured phase is 2 and I thing phase 3 would be better to have in this case.
Ok, so I will first anser some questions and then I will paste some parts of configuration.

1. I've set the network type for broadcast and I saw that both hubs became DRs for own DMVPN cloud.
Previously I did some shows and here is for example router from area where there is only on router connected to both hubs:

show ip ospf nieghbor:
Neighbor ID Pri State Dead Time Address Interface
10.100.0.2 90 FULL/DR 00:00:35 10.100.2.1 Tunnel201
10.100.0.1 100 FULL/DR 00:00:39 10.100.1.1 Tunnel101
10.107.100.4 1 FULL/BDR 00:00:13 10.107.100.4 GigabitEthernet0/0/0

10.100.0.1 is a hub1 while 10.100.0.2 is hub2

. Both have different subnet for tunel interfaces.

In case of area 0, it's set only on DMVPN routers and only on the Tunnel interfaces. The LAN interfaces are configured in a normal area where each site has own, unique number of the area.

The DMVPN hubs have FULL adjency with spokes in own DMVPN cloud. So if for example there is a site with two spokes, then one spoke is connected with hub1 where has FULL adjency and spoke2 has FULL adjency with hub2.
The exception occurs where we have only one spoke on sitte. It has FULL adjency with both hubs as it has two separate tunnel interfaces, each having separate subnet and in each subnet the DR is a hub router.

In case of DMVPN phase , like I wrote, it will be phase 2 and I admit that I didn't set priority on spokes. Only on hubs to force them to be the DR routers.

In case of question if the OSPF is configured accordingly to the phase, this is what I  was not sure and that's why I'm here

So I will now paste some configs with more elements for you.
This is the HUB1 configuration:

router ospf 10
router-id 10.100.0.1
priority 100
auto-cost reference-bandwidth 100000
nsf
area 0 authentication
area 1 authentication message-digest
redistribute static metric-type 1 subnets
redistribute bgp 65210 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel101
network 10.100.0.1 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.101.100.0 0.0.0.255 area 1

interface Tunnel101
bandwidth 1000000
ip address 10.100.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxxx
ip nhrp network-id 101
ip nhrp redirect
ip tcp adjust-mss 1360
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf priority 100
ip ospf bfd
ip ospf 10 area 0
delay 1000
tunnel source GigabitEthernet0/0/3
tunnel mode gre multipoint
tunnel key 101
tunnel vrf IWAN-TRANSPORT-1
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE
domain iwan path INET1 path-id 1
hold-queue 4096 in
hold-queue 4096 out

interface GigabitEthernet0/0/0
ip address 10.101.100.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via rx allow-default
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 xxxxxxxxxxxxxxx
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 100
ip ospf bfd
ip ospf 10 area 1
negotiation auto

This is the HUB1 configuration:

router ospf 10
router-id 10.100.0.2
priority 80
auto-cost reference-bandwidth 100000
nsf
area 0 authentication
area 1 authentication message-digest
redistribute static metric-type 1 subnets
redistribute bgp 65210 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel201
network 10.100.0.2 0.0.0.0 area 0
network 10.100.2.0 0.0.0.255 area 0
network 10.101.100.0 0.0.0.255 area 1

interface Tunnel201
bandwidth 200000
ip flow monitor FlowMonitor1 input
ip flow monitor FlowMonitor1 output
ip address 10.100.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxxxxxx
ip nhrp network-id 201
ip nhrp redirect
ip tcp adjust-mss 1360
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf priority 90
ip ospf bfd
ip ospf 10 area 0
ip ospf cost 10000
delay 1000
tunnel source GigabitEthernet0/0/3
tunnel mode gre multipoint
tunnel key 201
tunnel vrf IWAN-TRANSPORT-2
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE
domain iwan path INET2 path-id 2
hold-queue 4096 in
hold-queue 4096 out

interface GigabitEthernet0/0/0
ip address 10.101.100.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via rx allow-default
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7xxxxxxxxxxxx
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 90
ip ospf bfd
ip ospf 10 area 1
ip ospf cost 1000
negotiation auto


Now the Spoke 1 from area with two spokes:

router ospf 10
router-id 10.100.0.22
auto-cost reference-bandwidth 100000
nsf
area 0 authentication
area 10 authentication
redistribute bgp 65224 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel101
network 10.100.0.22 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.110.100.0 0.0.0.255 area 10

interface Tunnel101
bandwidth 10000
ip address 10.100.1.11 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxxxxx
ip nhrp network-id 101
ip nhrp nhs 10.100.1.1 nbma 157.161.177.34 multicast
ip tcp adjust-mss 1360
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0
delay 10000
no nhrp route-watch
if-state nhrp
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 101
tunnel vrf IWAN-TRANSPORT-1
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE


interface GigabitEthernet0/0/0
ip address 10.110.100.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via rx allow-default
standby 10 ip 10.110.100.1
standby 10 priority 110
standby 10 preempt
standby 10 track 10 decrement 60
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 100
ip ospf bfd
ip ospf 10 area 10
delay 25000
negotiation auto

Now the Spoke 2 from area with two spokes:

router ospf 10
router-id 10.100.0.23
auto-cost reference-bandwidth 100000
shutdown
nsf
area 0 authentication
area 10 authentication
redistribute bgp 65224 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel201
network 10.100.0.23 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.110.100.0 0.0.0.255 area 10

interface Tunnel201
bandwidth 10000
ip address 10.100.2.11 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxxxxx
ip nhrp network-id 201
ip nhrp nhs 10.100.2.1 nbma 212.120.38.169 multicast
ip tcp adjust-mss 1360
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0
ip ospf cost 10000
delay 20000
no nhrp route-watch
if-state nhrp
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 201
tunnel vrf IWAN-TRANSPORT-2
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE


interface GigabitEthernet0/0/0
ip address 10.110.100.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via rx allow-default
standby 10 ip 10.110.100.1
standby 10 priority 105
standby 10 preempt
standby 10 track 10 decrement 60
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 50
ip ospf bfd
ip ospf 10 area 10
ip ospf cost 10000
delay 25000
negotiation auto

Spoke from area with only one spoke:

router ospf 10
router-id 10.100.0.16
auto-cost reference-bandwidth 100000
shutdown
nsf
area 0 authentication
area 7 authentication
redistribute static metric-type 1 subnets
redistribute bgp 65228 metric-type 1 subnets route-map BGP2OSPF
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Tunnel101
no passive-interface Tunnel201
network 10.100.0.16 0.0.0.0 area 0
network 10.100.1.0 0.0.0.255 area 0
network 10.100.2.0 0.0.0.255 area 0
network 10.107.100.0 0.0.0.255 area 7


interface Tunnel101
bandwidth 30000
ip address 10.100.1.8 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxxxxx
ip nhrp network-id 101
ip nhrp nhs 10.100.1.1 nbma 157.161.177.34 multicast
ip tcp adjust-mss 1360
ip ospf authentication key-chain WAN-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0
delay 1000
nhrp group RS-GROUP-30MBPS
no nhrp route-watch
if-state nhrp
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 101
tunnel vrf IWAN-TRANSPORT-1
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE shared

interface Tunnel201
bandwidth 10000
ip flow monitor FlowMonitor1 input
ip flow monitor FlowMonitor1 output
ip address 10.100.2.8 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxxxxxxx
ip nhrp network-id 201
ip nhrp nhs 10.100.2.1 nbma 212.120.38.169 multicast
ip tcp adjust-mss 1360
ip ospf authentication key-chain WAN2-OSPF
ip ospf network broadcast
ip ospf bfd
ip ospf 10 area 0
ip ospf cost 10000
delay 20000
nhrp group RS-GROUP-30MBPS
no nhrp route-watch
if-state nhrp
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 201
tunnel vrf IWAN-TRANSPORT-1
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE shared


interface GigabitEthernet0/0/0
ip address 10.107.100.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via rx allow-default
standby 1 ip 10.107.100.1
standby 1 priority 110
standby 1 preempt
standby 1 track 10 decrement 60
ip ospf authentication key-chain LAN-OSPF
ip ospf dead-interval 15
ip ospf hello-interval 5
ip ospf priority 50
ip ospf bfd
ip ospf 10 area 7
delay 25000
negotiation auto

Enjoy
In case of new shows like OSPF database, I will be able to send some during the next weekend as I cannot make to much of changes during the week.

Thank you!