cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


137
Views
0
Helpful
9
Replies
Highlighted

forcing traffic over DMVPN tunnels with BGP without vrf's

I am having trouble setting up DMVPN in a virtual network in GNS3 for a proof of concept before putting in on a live network. I can get the static tunnels from the spokes to the hubs to come up but I cannot get traffic to pass though the tunnels. I can get dynamic tunnels between the spokes to form only if I ping the spoke tunnel IP directly. The routers in question are using BGP over a MLPS for routing but do not have any VRF’s configured. I was unable to find any info about using BGP without VRF’s. Is it possible or will I need to use VRF’s or a different routing protocol like OSPF or EIGRP to make the traffic use the DMVPN tunnels? Any help you can give will be greatly appreciated.

Everyone's tags (2)
9 REPLIES
Rising star

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

What are you trying to do?

 

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

Trying to get all traffic coming from inside the network to the other other spokes to pass through the DMVPN tunnel.  If I ping one of the other spokes tunnel IP a dynamic tunnel gets setup but if I just send data to a spoke network it goes through outside the tunnel.  

Rising star

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

You should run some IGP protocol over DMVPN (ospf, bgp, eigrp)

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

Everything I found for using BGP over DMVPN uses vrf's and that's not an option here. Was hoping not to have to use a different protocol.
Rising star

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

post your configs and topology

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

I can only put in bits and pieces.  I am mimicking a live config and have to cut out a lot.  There are several spokes connected through a MPLS.  

 

Tunnel Configs

 

Hub Config

interface Tunnel1
description mGRE - DMVPN Tunnel
bandwidth 1000
ip address 172.31.255.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication *******
ip nhrp map multicast dynamic
ip nhrp network-id 17231255
ip nhrp holdtime 450
ip tcp adjust-mss 1360
delay 1000
mpls ip
tunnel source ********
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile DMVPN-VPN


Spoke 3

interface Tunnel1
description mGRE - DMVPN Tunnel
ip address 172.31.255.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication *******
ip nhrp map multicast **********
ip nhrp map 172.31.255.1 **********
ip nhrp network-id 17231255
ip nhrp holdtime 450
ip nhrp nhs 172.31.255.1
ip tcp adjust-mss 1360
delay 1000
mpls ip
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile DMVPN-VPN


Spoke 4

interface Tunnel1
description mGRE - DMVPN Tunnel
ip address 172.31.255.4 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication *******
ip nhrp map multicast **********
ip nhrp map 172.31.255.1 **********
ip nhrp network-id 17231255
ip nhrp holdtime 450
ip nhrp nhs 172.31.255.1
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile DMVPN-VPN

 

 

 

Rising star

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

ok, what is your BGP configuration?

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

Hub

router bgp 65001
bgp log-neighbor-changes
network 0.0.0.0
network 10.30.0.0 mask 255.255.255.0
neighbor <IP out to MPLS> remote-as 209
neighbor <IP out to MPLS> default-originate
neighbor <IP out to MPLS> soft-reconfiguration inbound


Spoke 4

router bgp 65001
bgp log-neighbor-changes
network 10.20.0.0 mask 255.255.255.0
network 10.20.80.0 mask 255.255.255.0
network 10.251.0.20 mask 255.255.255.255
network 172.20.20.0 mask 255.255.255.0
neighbor <IP out to MPLS> remote-as 209
neighbor <IP out to MPLS> soft-reconfiguration inbound

Spoke 3

router bgp 65001
bgp log-neighbor-changes
network 10.21.0.0 mask 255.255.255.0
neighbor <IP out to MPLS> remote-as 209
neighbor <IP out to MPLS> soft-reconfiguration inbound

MPLS

router bgp 209
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor <ip to spoke 4> remote-as 65001
neighbor <ip to spoke 4> update-source GigabitEthernet0/3
neighbor <ip to spoke 3> remote-as 65001
neighbor <ip to spoke 3> update-source GigabitEthernet0/2
neighbor <ip to hub> remote-as 65001
neighbor <ip to hub> update-source GigabitEthernet0/0
neighbor <ip to spoke 1> remote-as 65001
neighbor <ip to spoke 1> update-source GigabitEthernet0/1
Rising star

Re: forcing traffic over DMVPN tunnels with BGP without vrf's

create vrf's on hub and spokes
for example
!
vrf definition mpls_vpn
rd 1:1
address-family ipv4
!
put mpls facing interfaces in vrf's
correct tunnels by adding "tunnel vrf mpls_core"
correct crypto keyring
move bgp sessions to "MPLS" router in address-family ipv4 vrf mpls_vpn
create bgp sessions in address-family ipv4
HUB must be route-reflector RR with source of tunnel and next-hop- unchanged
redistribute connected and static into bgp

CreatePlease to create content
Webcast-ISE Deployment and Best Practices