Showing results for 
Search instead for 
Did you mean: 

DMVPN Design Question


Hi All,

Just  wanted to start off by apologizing from the ugly diagram.  Didn't  really feel like busting other the other laptop for Visio.  It may be  ugly but I hope it does the trick in terms of information.

Attached to this post I have a diagram that I hope can assist with my question.

Currently  I have a DMVPN and MPLS design setup that has an OSPF connection  between the DMVPN HUB router and my L3 Core switch.  When the remote  sites MPLS connection goes down the site advertises its local routes  over the DMVPN and those routes are then advertised via the main site  and out the MPLS with a lower BGP local preference and AS_PATH  prepending.

This  is a design I inherited and I can see a fundamental flaw in it.  The  problem is, on the remote branch side, if the connection between the L3  switch and the SP CE goes down the SP CE will learn the local routes  from the remote branch via eBGP (AD 20).  When the uplink between the L3  switch and the SP CE comes back online the SP CE will prefer to go back  to the Main location and over the DMVPN.  Thus all traffic destined to  the remote site will route over the DMVPN.

Now,  this has been addressed in the main site...when the routes from the  local site are advertised via the Main site I mentioned I use local  preference and path prepend...I prepend the originating AS_PATH onto it  aswell as the AS of the main site.  So when the route goes full circle  and reaches the remote sites SP CE the route is discarded because the SP  CE see's its own AS in the AS_PATH.

My  question is....this isn't a really scalable design.  For every site  with a backup (DMVPN) connection I need to have a specific route-tag and  route-map sequence to add in the local sites AS number into the  AS_PATH.

Would  it be a better design to change the DMVPN HUB router from a OSPF  connection to the L3 core and setup an iBGP connection to my two (2) CPE  routers at my main site?  This would automatically put in the  orignating AS and I would no longer have to manually set this.  Looking  for feedback on that....

The  other question would be how everything else would work.  Currently the  CPE routers redistribute BGP into the Core switches have  reachability to the other sites via the MPLS.  I'm guessing I would just  ensure that the DMVPN routes advertised to the CPE routers also  redistribute into OSPF and into the Core Switches.  Just ensure that  those routes have a worse metric (OSPF = cost / BGP = Local  Preference).  Looking for feedback on that...

Any other design related feedback would be really appreciated.


Marcin Latosiewicz
Cisco Employee
Cisco Employee


Let me start by saying that in most cases of design it's better of to send it to your local SE for evaluation.

I would also post a parallel thread in routing forums.

If you still have not found a solution we can have a (most likely) lenghty discussion and if you have found a solution, well I would be thrilled to see.

On maybe a separate note. I would take advantage of BGP all over the place rather than replying on OSPF.

BGP scales best in DMVPN (in term of amout of spokes at least).  And as far as I understand it would solve your routing problem (but then again I'm new to this).

Having a single RP all over the place would significantly decrease problems - it's looks like a CCIE challange :-)


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: