In the same topology above will be running DMVPN with BGP this time. Currently there are no routing protocols setup, only the DMVPN phase 3 configs. R1-3 are spokes and R5 is the hub.

BGP in DMVPN is able to leverage BGP Peer Groups. We setup a group name associated with an IP range that is able to automatically be added as a BGP neighbor, then we assign that peer group desired BGP neighbor parameters. The config on the hub is below.

All of this is running iBGP/ASN 100. A spoke configuration is below.

This can be applied to all spokes. After this is entered all neighbors come up and a spoke routing table looks like below:

Note that the next hops are preserved instead of being modified by the hub. From spoke 2 to spoke 1 we’re going to run a ping and let the direct tunnel form. After we’re getting the following on R2:

R2 is receiving an ‘H’/NHRP route and we can see the tunnel formed directly between the two spokes.

On R5/Hub we can change the behavior of the next hop by enabling next hop self.

Now the route table on a spoke has the next hop setup as the hub itself.

BGP Summary:

Similar to EIGRP, BGP allows us to summarize prefixes from any location. On the hub we’re going to summarize our transit/VPN range – 155.1.0.0/16.

R5(config-router)#aggregate-address 155.1.0.0 255.255.0.0 summary-only

After a ‘clear ip bgp * out’ on the hub, we begin seeing the summary address above on spokes.

Now from R1 we’ll ping R3 and let the dynamic tunnel come up. Again in the routing table we’re seeing the ‘%’ override symbol and an NHRP ‘H’ route.

A Default route can be setup instead of the summary address on the hub as well. In BGP we’re going to remove the aggregate address and add a default originate command.

R5 is now advertising a default route AND all the specific routes. If we want to make this ONLY default route from R5 to the spokes, we can do that with a route-map/prefix list combination.

Then apply the route-map outbound to the neighbor group in BGP.

This now pushes only 0.0.0.0/0 from R5 to the spokes.

Now when trying to establish spoke to spoke connectivity, NHRP will kick in and create a more direct route as traffic is needed.

Above R3 is running a trace to R1 and it initially shows hitting the DMVPN Hub at .5. The second attempt at the trace shows R3 going directly to R1. Once the dynamic tunnel is stood up we see that the NHRP route has been added to R3’s route table.

The advantage of BGP in a DMVPN topology is that you can be very specific on what routes you are advertising from hub to spoke. In addition, the BGP listen feature can be used for easier spoke turn up.

Published by Yup2k

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s