While working on some older CCNP labs recently I needed to get rid of the frame relay that was used in the various labs since it’s no longer being used and is not supported in EVE-NG. I originally connected everything via a generic cloud and used ethernet interfaces since that is the only type Eve will support to the cloud. While this worked okay I did not like the direct connectivity I was seeing between the routers as it seemed like the DMVPN tunnel I was building was pointless.
Then I decided to use EBGP as the Underlay for the DMVPN Overlay. I choose a very simple implementation where the hub and spokes all connect to the same “ISP”. This makes the scenario much easier since the ISP is just redistributing connected subnets.
Now I’m using DMVPN in the place of Frame Relay for all of my labs and it’s working great. I had never worked with DMVPN before so this was a great lab. Originally it was just a simple OSPF lab that “morphed” into something far more interesting. I’ll post the configuration snippets below in case you are curious.
ISP-SINGLE-REDISTRIBUTED –> allowas-in (for multiple ISP’s)
router bgp 1
bgp log-neighbor-changes
neighbor 11.11.11.1 remote-as 11
neighbor 22.22.22.1 remote-as 22
neighbor 44.44.44.1 remote-as 44
network 11.11.11.0 mask 255.255.255.0
network 22.22.22.0 mask 255.255.255.0
network 44.44.44.0 mask 255.255.255.0
end
ip route 11.11.11.0 255.255.255.0 Null0
ip route 22.22.22.0 255.255.255.0 Null0
ip route 44.44.44.0 255.255.255.0 Null0
interface Serial1/0
ip address 11.11.11.2 255.255.255.252
serial restart-delay 0
interface Serial1/2
ip address 22.22.22.2 255.255.255.252
serial restart-delay 0
interface Serial1/3
ip address 44.44.44.2 255.255.255.252
serial restart-delay 0
end
BGP#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 0.0.0.0 0 32768 i
*> 22.22.22.0/24 0.0.0.0 0 32768 i
*> 44.44.44.0/24 0.0.0.0 0 32768 i
DMVPN-HUB
interface Serial1/0
ip address 11.11.11.1 255.255.255.252
serial restart-delay 0
router bgp 11
bgp log-neighbor-changes
distribute-list 10 in
network 11.11.11.0 mask 255.255.255.0
neighbor 11.11.11.2 remote-as 1
end
access-list 10 deny 11.11.11.0
access-list 10 permit any
R1#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 22.22.22.0/24 11.11.11.2 0 0 1 i
*> 44.44.44.0/24 11.11.11.2 0 0 1 i
Hub#sh ip route bgp
Gateway of last resort is not set
22.0.0.0/30 is subnetted, 1 subnets
B 22.22.22.0 [20/0] via 11.11.11.2, 00:00:40
44.0.0.0/30 is subnetted, 1 subnets
B 44.44.44.0 [20/0] via 11.11.11.2, 00:00:40
interface Tunnel1
ip address 10.1.110.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip ospf network point-to-multipoint
ip ospf cost 64
tunnel source 11.11.11.1
tunnel mode gre multipoint
end
HUB#sh dmvpn | i 1
T1 - Route Installed, T2 - Nexthop-override
Interface: Tunnel1, IPv4 NHRP Details
1 22.22.22.1 10.1.110.2 UP 01:02:32 D
1 44.44.44.1 10.1.110.4 UP 01:02:40 D
router ospf 1
router-id 10.1.1.1
area 24 stub no-summary
redistribute static subnets
network 10.1.110.0 0.0.0.255 area 24
network 10.1.116.0 0.0.0.255 area 0
neighbor 10.1.110.2 cost 10
HUB#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
10.6.6.6 0 FULL/ - 00:00:33 10.1.116.6 Serial1/1
10.4.4.4 0 FULL/ - 00:01:56 10.1.110.4 Tunnel1
10.2.2.2 0 FULL/ - 00:01:36 10.1.110.2 Tunnel1
Spoke #1
interface Serial1/2
ip address 22.22.22.1 255.255.255.252
serial restart-delay 0
end
router bgp 22
bgp log-neighbor-changes
distribute-list 10 in
network 22.22.22.0 mask 255.255.255.0
neighbor 22.22.22.2 remote-as 1
end
access-list 10 deny 22.22.22.0
access-list 10 permit any
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 22.22.22.2 0 0 1 i
*> 44.44.44.0/24 22.22.22.2 0 0 1 i
Spoke1#sh ip route bgp
Gateway of last resort is 10.1.110.1 to network 0.0.0.0
11.0.0.0/30 is subnetted, 1 subnets
B 11.11.11.0 [20/0] via 22.22.22.2, 00:00:40
44.0.0.0/30 is subnetted, 1 subnets
B 44.44.44.0 [20/0] via 22.22.22.2, 00:00:40
interface Tunnel1
ip address 10.1.110.2 255.255.255.0
no ip redirects
ip nhrp map 10.1.110.1 11.11.11.1
ip nhrp map multicast 11.11.11.1
ip nhrp map 10.1.110.4 44.44.44.1
ip nhrp map multicast 44.44.44.1
ip nhrp network-id 10
ip nhrp nhs 10.1.110.1
ip nhrp nhs 10.1.110.4
ip ospf network point-to-multipoint
ip ospf cost 64
tunnel source 22.22.22.1
tunnel mode gre multipoint
end
Spoke1#sh dmvpn | i 1
T1 - Route Installed, T2 - Nexthop-override
Interface: Tunnel1, IPv4 NHRP Details
1 11.11.11.1 10.1.110.1 UP 01:02:23 S
1 44.44.44.1 10.1.110.4 UP 00:16:21 S
router ospf 1
router-id 10.2.2.2
area 24 stub
network 10.1.110.0 0.0.0.255 area 24
network 172.30.24.0 0.0.0.255 area 24
distribute-list 10 in
end
Spoke1#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
10.1.1.1 0 FULL/ - 00:01:53 10.1.110.1 Tunnel1
10.4.4.4 1 FULL/DR 00:00:39 172.30.24.4 Ethernet0/0
Spoke #2
interface Serial1/3
ip address 44.44.44.1 255.255.255.252
serial restart-delay 0
end
router bgp 44
bgp log-neighbor-changes
distribute-list 10 in
network 44.44.44.0 mask 255.255.255.0
neighbor 44.44.44.2 remote-as 1
end
access-list 10 deny 44.44.44.0
access-list 10 permit any
R4#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 44.44.44.2 0 0 1 i
*> 22.22.22.0/24 44.44.44.2 0 0 1 i
Spoke2#sh ip route bgp
Gateway of last resort is 10.1.110.1 to network 0.0.0.0
11.0.0.0/30 is subnetted, 1 subnets
B 11.11.11.0 [20/0] via 44.44.44.2, 00:00:40
22.0.0.0/30 is subnetted, 1 subnets
B 22.22.22.0 [20/0] via 44.44.44.2, 00:00:40
interface Tunnel1
ip address 10.1.110.4 255.255.255.0
no ip redirects
ip nhrp map 10.1.110.1 11.11.11.1
ip nhrp map multicast 11.11.11.1
ip nhrp map 10.1.110.2 22.22.22.1
ip nhrp map multicast 22.22.22.1
ip nhrp network-id 10
ip nhrp nhs 10.1.110.1
ip nhrp nhs 10.1.110.2
ip ospf network point-to-multipoint
ip ospf cost 64
tunnel source 44.44.44.1
tunnel mode gre multipoint
end
Spoke2#sh dmvpn | i 1
T1 - Route Installed, T2 - Nexthop-override
Interface: Tunnel1, IPv4 NHRP Details
1 11.11.11.1 10.1.110.1 UP 00:12:38 S
1 22.22.22.1 10.1.110.2 UP 00:12:38 S
router ospf 1
router-id 10.4.4.4
area 24 stub
network 10.1.110.0 0.0.0.255 area 24
network 172.30.24.0 0.0.0.255 area 24
end
Spoke2#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
10.1.1.1 0 FULL/ - 00:01:53 10.1.110.1 Tunnel1
10.2.2.2 1 FULL/BDR 00:00:36 172.30.24.2 Ethernet0/0
When I get some extra time I’ll add 2 more ISP routers so that each site it connecting to a different instance of AS1. Then I’ll use iBGP within AS1 to forward the routes accordingly and verify that the tunnel can still be built through various hops as opposed to all meeting on the same AS1 router. This method is a better approximation of a real world scenario.
Another option would be to use EBGP and have each site use a different ISP. Then make the different Autonomous Systems talk to each other to form the tunnel, another very likely real world scenario and one of the whole reasons for using DMVPN.