Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
0
Helpful
5
Replies

DMVPN HUB Static Route change

wrobbin
Level 1
Level 1

‎03-21-2016 01:36 PM - edited ‎02-21-2020 08:44 PM

Currently we run DMVPN and BGP establshes via a static route  like so

ip route A.B.C.D 255.255.255.255 Tunnel100 name DMVPN-HUB-BGP-PEER

it was changed via an EEM Script to

ip route A.B.C.D 255.255.255.255 W.X.Y.Z   name DMVPN-HUB-BGP-PEER

I thought  it could be due to 

For point to point interfaces,  you can use static routes that point to the interface or to the next  hop address. There is only one possible next hop and its L2 address will  be used to build L2 frame.


For multipoint interfaces which the DMVPN tunnel interfaces are,  it is more suitable to use static routes that point to a next hop  address to avoid the need for resolving every destination address to its  L2 address. While we could  still continue to use static  routes pointing to the interface it’s not a scalable solution.

but I was told this was the incorrect reason......

What other reason could this be needed/done this way?

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-21-2016 02:04 PM

I'm a little confused.

You can have static BGP neighbours.  You can redistribute static routes into BGP.  But BGP is a dynamic routing protocol, and does not have static routes.  What are you meaning here?

Who created the EEM script?  Perhaps you could ask them why they did this.

Are you using static routes to override a dynamic routing table for remote BGP neighbours perhaps, to prevent route recursion?

0 Helpful

wrobbin
Level 1
Level 1
In response to Philip D'Ath

‎03-21-2016 02:09 PM

This static route is used to establish the BGP peering session over DMVPN with the hub,

0 Helpful

wrobbin
Level 1
Level 1
In response to wrobbin

‎03-21-2016 02:10 PM

what i dont get is why use the IP of the hub vice a tunnel interface. What does it gain you ?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to wrobbin

‎03-21-2016 02:15 PM

Ok, what it does is prevent the routing from using recursion for a route lookup.

If you don't specify the tunnel interface, and the Tunnel goes down but the router can find a path via another circuit, it will use that (aka recursively lookup the route).

With BGP you [mostly] want point to point connections.  If the Tunnel goes down you want BGP to go down - not to keep working via another path.

0 Helpful

wrobbin
Level 1
Level 1
In response to Philip D'Ath

‎03-21-2016 02:20 PM

The Tunnel Interface for example is 10.x.0.1/16  and the BGP Peer is 10.x.0.35/16

Since DMVPN it  is a NBMA no need to worry about broadcast.

ip route A.B.C.D 255.255.255.255 Tunnel100 name DMVPN-HUB-BGP-PEER

So that /16 is a connected route to the tunnel.

so it wouldn't look for it out of any other interface if that route went down.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents