DMVPN with BGP & OSPF

While working on some older CCNP labs recently I needed to get rid of the frame relay that was used in the various labs since it’s no longer being used and is not supported in EVE-NG. I originally connected everything via a generic cloud and used ethernet interfaces since that is the only type Eve will support to the cloud. While this worked okay I did not like the direct connectivity I was seeing between the routers as it seemed like the DMVPN tunnel I was building was pointless.

Then I decided to use EBGP as the Underlay for the DMVPN Overlay. I choose a very simple implementation where the hub and spokes all connect to the same “ISP”. This makes the scenario much easier since the ISP is just redistributing connected subnets.

Now I’m using DMVPN in the place of Frame Relay for all of my labs and it’s working great. I had never worked with DMVPN before so this was a great lab. Originally it was just a simple OSPF lab that “morphed” into something far more interesting. I’ll post the configuration snippets below in case you are curious.

ISP-SINGLE-REDISTRIBUTED –> allowas-in (for multiple ISP’s)

router bgp 1
 bgp log-neighbor-changes
 neighbor 11.11.11.1 remote-as 11
 neighbor 22.22.22.1 remote-as 22
 neighbor 44.44.44.1 remote-as 44
 network 11.11.11.0 mask 255.255.255.0
 network 22.22.22.0 mask 255.255.255.0
 network 44.44.44.0 mask 255.255.255.0
end

ip route 11.11.11.0 255.255.255.0 Null0
ip route 22.22.22.0 255.255.255.0 Null0
ip route 44.44.44.0 255.255.255.0 Null0

interface Serial1/0
 ip address 11.11.11.2 255.255.255.252
 serial restart-delay 0

interface Serial1/2
 ip address 22.22.22.2 255.255.255.252
 serial restart-delay 0

interface Serial1/3
 ip address 44.44.44.2 255.255.255.252
 serial restart-delay 0
end

BGP#sh ip bgp
     Network          Next Hop            Metric LocPrf Weight Path
 *>   11.11.11.0/24    0.0.0.0                  0         32768 i
 *>   22.22.22.0/24    0.0.0.0                  0         32768 i
 *>   44.44.44.0/24    0.0.0.0                  0         32768 i

DMVPN-HUB

interface Serial1/0
 ip address 11.11.11.1 255.255.255.252
 serial restart-delay 0

router bgp 11
 bgp log-neighbor-changes
 distribute-list 10 in
 network 11.11.11.0 mask 255.255.255.0
 neighbor 11.11.11.2 remote-as 1
end

access-list 10 deny   11.11.11.0
access-list 10 permit any

R1#sh ip bgp
     Network          Next Hop            Metric LocPrf Weight Path
 *>   22.22.22.0/24    11.11.11.2               0             0 1 i
 *>   44.44.44.0/24    11.11.11.2               0             0 1 i

Hub#sh ip route bgp
Gateway of last resort is not set
      22.0.0.0/30 is subnetted, 1 subnets
B        22.22.22.0 [20/0] via 11.11.11.2, 00:00:40
      44.0.0.0/30 is subnetted, 1 subnets
B        44.44.44.0 [20/0] via 11.11.11.2, 00:00:40

interface Tunnel1
 ip address 10.1.110.1 255.255.255.0
 no ip redirects
 ip nhrp map multicast dynamic
 ip nhrp network-id 10
 ip ospf network point-to-multipoint
 ip ospf cost 64
 tunnel source 11.11.11.1
 tunnel mode gre multipoint
end

HUB#sh dmvpn | i 1
        T1 - Route Installed, T2 - Nexthop-override
Interface: Tunnel1, IPv4 NHRP Details 
     1 22.22.22.1           10.1.110.2    UP 01:02:32     D
     1 44.44.44.1           10.1.110.4    UP 01:02:40     D

router ospf 1
 router-id 10.1.1.1
 area 24 stub no-summary
 redistribute static subnets
 network 10.1.110.0 0.0.0.255 area 24
 network 10.1.116.0 0.0.0.255 area 0
 neighbor 10.1.110.2 cost 10

HUB#sh ip ospf nei
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.6.6.6          0   FULL/  -        00:00:33    10.1.116.6      Serial1/1
10.4.4.4          0   FULL/  -        00:01:56    10.1.110.4      Tunnel1
10.2.2.2          0   FULL/  -        00:01:36    10.1.110.2      Tunnel1

Spoke #1

interface Serial1/2
 ip address 22.22.22.1 255.255.255.252
 serial restart-delay 0
end

router bgp 22
 bgp log-neighbor-changes
 distribute-list 10 in
 network 22.22.22.0 mask 255.255.255.0
 neighbor 22.22.22.2 remote-as 1
end

access-list 10 deny   22.22.22.0
access-list 10 permit any

R2#sh ip bgp
     Network          Next Hop            Metric LocPrf Weight Path
 *>   11.11.11.0/24    22.22.22.2               0             0 1 i
 *>   44.44.44.0/24    22.22.22.2               0             0 1 i

Spoke1#sh ip route bgp
Gateway of last resort is 10.1.110.1 to network 0.0.0.0
      11.0.0.0/30 is subnetted, 1 subnets
B        11.11.11.0 [20/0] via 22.22.22.2, 00:00:40
      44.0.0.0/30 is subnetted, 1 subnets
B        44.44.44.0 [20/0] via 22.22.22.2, 00:00:40

interface Tunnel1
 ip address 10.1.110.2 255.255.255.0
 no ip redirects
 ip nhrp map 10.1.110.1 11.11.11.1
 ip nhrp map multicast 11.11.11.1
 ip nhrp map 10.1.110.4 44.44.44.1
 ip nhrp map multicast 44.44.44.1
 ip nhrp network-id 10
 ip nhrp nhs 10.1.110.1
 ip nhrp nhs 10.1.110.4
 ip ospf network point-to-multipoint
 ip ospf cost 64
 tunnel source 22.22.22.1
 tunnel mode gre multipoint
end

Spoke1#sh dmvpn | i 1
        T1 - Route Installed, T2 - Nexthop-override
Interface: Tunnel1, IPv4 NHRP Details 
     1 11.11.11.1           10.1.110.1    UP 01:02:23     S
     1 44.44.44.1           10.1.110.4    UP 00:16:21     S

router ospf 1
 router-id 10.2.2.2
 area 24 stub
 network 10.1.110.0 0.0.0.255 area 24
 network 172.30.24.0 0.0.0.255 area 24
 distribute-list 10 in
end

Spoke1#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.1.1          0   FULL/  -        00:01:53    10.1.110.1      Tunnel1
10.4.4.4          1   FULL/DR         00:00:39    172.30.24.4     Ethernet0/0

Spoke #2 

interface Serial1/3
 ip address 44.44.44.1 255.255.255.252
 serial restart-delay 0
end

router bgp 44
 bgp log-neighbor-changes
 distribute-list 10 in
 network 44.44.44.0 mask 255.255.255.0
 neighbor 44.44.44.2 remote-as 1
end

access-list 10 deny   44.44.44.0
access-list 10 permit any

R4#sh ip bgp
     Network          Next Hop            Metric LocPrf Weight Path
 *>   11.11.11.0/24    44.44.44.2               0             0 1 i
 *>   22.22.22.0/24    44.44.44.2               0             0 1 i

Spoke2#sh ip route bgp
Gateway of last resort is 10.1.110.1 to network 0.0.0.0
      11.0.0.0/30 is subnetted, 1 subnets
B        11.11.11.0 [20/0] via 44.44.44.2, 00:00:40
      22.0.0.0/30 is subnetted, 1 subnets
B        22.22.22.0 [20/0] via 44.44.44.2, 00:00:40

interface Tunnel1
 ip address 10.1.110.4 255.255.255.0
 no ip redirects
 ip nhrp map 10.1.110.1 11.11.11.1
 ip nhrp map multicast 11.11.11.1
 ip nhrp map 10.1.110.2 22.22.22.1
 ip nhrp map multicast 22.22.22.1
 ip nhrp network-id 10
 ip nhrp nhs 10.1.110.1
 ip nhrp nhs 10.1.110.2
 ip ospf network point-to-multipoint
 ip ospf cost 64
 tunnel source 44.44.44.1
 tunnel mode gre multipoint
end

Spoke2#sh dmvpn | i 1
        T1 - Route Installed, T2 - Nexthop-override
Interface: Tunnel1, IPv4 NHRP Details 
     1 11.11.11.1           10.1.110.1    UP 00:12:38     S
     1 22.22.22.1           10.1.110.2    UP 00:12:38     S

router ospf 1
 router-id 10.4.4.4
 area 24 stub
 network 10.1.110.0 0.0.0.255 area 24
 network 172.30.24.0 0.0.0.255 area 24
end

Spoke2#sh ip ospf nei
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.1.1          0   FULL/  -        00:01:53    10.1.110.1      Tunnel1
10.2.2.2          1   FULL/BDR        00:00:36    172.30.24.2     Ethernet0/0

When I get some extra time I’ll add 2 more ISP routers so that each site it connecting to a different instance of AS1. Then I’ll use iBGP within AS1 to forward the routes accordingly and verify that the tunnel can still be built through various hops as opposed to all meeting on the same AS1 router. This method is a better approximation of a real world scenario.

Another option would be to use EBGP and have each site use a different ISP. Then make the different Autonomous Systems talk to each other to form the tunnel, another very likely real world scenario and one of the whole reasons for using DMVPN.