06-12-2011 05:45 PM - edited 02-21-2020 05:24 PM
Hi All,
Just wanted to start off by apologizing from the ugly diagram. Didn't really feel like busting other the other laptop for Visio. It may be ugly but I hope it does the trick in terms of information.
Attached to this post I have a diagram that I hope can assist with my question.
Currently I have a DMVPN and MPLS design setup that has an OSPF connection between the DMVPN HUB router and my L3 Core switch. When the remote sites MPLS connection goes down the site advertises its local routes over the DMVPN and those routes are then advertised via the main site and out the MPLS with a lower BGP local preference and AS_PATH prepending.
This is a design I inherited and I can see a fundamental flaw in it. The problem is, on the remote branch side, if the connection between the L3 switch and the SP CE goes down the SP CE will learn the local routes from the remote branch via eBGP (AD 20). When the uplink between the L3 switch and the SP CE comes back online the SP CE will prefer to go back to the Main location and over the DMVPN. Thus all traffic destined to the remote site will route over the DMVPN.
Now, this has been addressed in the main site...when the routes from the local site are advertised via the Main site I mentioned I use local preference and path prepend...I prepend the originating AS_PATH onto it aswell as the AS of the main site. So when the route goes full circle and reaches the remote sites SP CE the route is discarded because the SP CE see's its own AS in the AS_PATH.
My question is....this isn't a really scalable design. For every site with a backup (DMVPN) connection I need to have a specific route-tag and route-map sequence to add in the local sites AS number into the AS_PATH.
Would it be a better design to change the DMVPN HUB router from a OSPF connection to the L3 core and setup an iBGP connection to my two (2) CPE routers at my main site? This would automatically put in the orignating AS and I would no longer have to manually set this. Looking for feedback on that....
The other question would be how everything else would work. Currently the CPE routers redistribute BGP into OSPF...so the Core switches have reachability to the other sites via the MPLS. I'm guessing I would just ensure that the DMVPN routes advertised to the CPE routers also redistribute into OSPF and into the Core Switches. Just ensure that those routes have a worse metric (OSPF = cost / BGP = Local Preference). Looking for feedback on that...
Any other design related feedback would be really appreciated.
06-15-2011 09:47 AM
Hi,
Let me start by saying that in most cases of design it's better of to send it to your local SE for evaluation.
I would also post a parallel thread in routing forums.
If you still have not found a solution we can have a (most likely) lenghty discussion and if you have found a solution, well I would be thrilled to see.
On maybe a separate note. I would take advantage of BGP all over the place rather than replying on OSPF.
BGP scales best in DMVPN (in term of amout of spokes at least). And as far as I understand it would solve your routing problem (but then again I'm new to this).
Having a single RP all over the place would significantly decrease problems - it's looks like a CCIE challange :-)
Marcin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: