Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
989
Views
6
Helpful
8
Replies

Split-Horizon - DMVPN with OSPF

Ronit Bhattacharjee
Level 1
Level 1

‎07-17-2023 01:27 AM

Hi. I deployed a simple DMVPN setup with 1 Hub and 2 Spokes. I am running OSPF. Looks like, unlike EIGRP, OSPF doesn't use split-horizon to prevent Spoke routes from being advertised to other spokes. 

What is the most straight-forward way to prevent Spokes from learning routes from other spokes?DMVPN.png

Labels:
8 Replies 8

MHM Cisco World
VIP
VIP

‎07-17-2023 01:38 AM

Yes ospf not like eigrp in dmvpn.

Can you run two tunnel in hub one for each spoke ?

Ronit Bhattacharjee
Level 1
Level 1
In response to MHM Cisco World

‎07-17-2023 01:39 AM - edited ‎07-17-2023 01:40 AM

Thanks, unfortunately I already deployed the setup and would like to avoid major changes as much as possible, as remote access is very tricky to arrange and stopping the spoke-to-spoke communication is low priority.

Also, there would be more spokes added in the future and the requirement is not to have to make any changes on the Hub to accommodate them.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Ronit Bhattacharjee

‎07-17-2023 01:42 AM

The issue you have one tunnel i.e. you run one area between spoke and hub'

And for ospf all routers in one area have same DB so each spoke have same db'

That why spoke know prefix directly from other spoks not via hub.

Let me check if there is othet solution 

Ronit Bhattacharjee
Level 1
Level 1
In response to MHM Cisco World

‎07-17-2023 03:59 AM

You're right. There's no way to prevent spoke-to-spoke communication at the routing level while using OSPF. We can use access-lists everywhere to block this traffic, but doesn't look like a good solution.

We discussed this internally and decided to go through the one-time pain of migrating to EIGRP to reach our design requirements. 

MHM Cisco World
VIP
VIP
In response to Ronit Bhattacharjee

‎07-17-2023 04:02 AM

That why Cisco always recommends eigrp or bgp(not for all case) for dmvpn.

The ospf have many limitations in dmvpn

Ronit Bhattacharjee
Level 1
Level 1

‎07-17-2023 04:07 AM

Actually I referred to this document during my original design and got misled by this line

Dynamic Multipoint VPN Configuration Guide, Cisco IOS Release 15M&T - Dynamic Multipoint VPN [Support] - Cisco
"Enhanced Interior Gateway Routing Protocol (EIGRP) should be avoided"

0 Helpful

MHM Cisco World
VIP
VIP
In response to Ronit Bhattacharjee

‎07-17-2023 04:19 AM

EIGRP avoiding only for VRF aware (this I will make deep dive to full understand why)
but I your case as I see from topology there is no F-VRF (vrf aware).

0 Helpful

David Ruess
VIP
VIP

‎07-17-2023 01:51 PM

Hello,

Only the interfaces connecting to the HUB have to be in the same area. All interfaces behind that can be in another area.

That being said you can utilize the area-range command to help with that

The link is similar to route setup:

https://study-ccnp.com/ospf-route-filtering-summarization-area-local-ospf/

You might also be able to turn those areas behind the spoke routers into stub areas where only a default route is advertised to them instead of the specific routes.

 

-David

Customers Also Viewed These Support Documents