DMVPN with 2 OSPF processes

Answered Question
Jun 6th, 2010
User Badges:

hello everyone,


i am trying to find a solution to have DMVPN tunnel running between our corporate and our ISP.


however they current running protocol between us and ISP is OSPF process 10, announcing internal LAN and WAN IP addresses.


how can i have anothrer OSPF process that can support the DMVPN Tunneling?

Correct Answer by Chetan Kumar Ress about 7 years 1 month ago

Hi


I would like to clear one thing that DMVPN is your own cloud  that run over ISP cloud.


Here you are running OSPF with SP for WAN & LAN Connectivity. But when you are going with DMVPN then make sure that you are using ISP for only WAN Connectivity.


For tunnel you need WAN Connectivity and after creating tunnel you can check weather you are able ping point to point ip of those tunnel.


if its working fine then you can run the different ospf process and route only Tunnel IP & LAN IP for that Locaiton & Central HQ.


and in other ospf process that is for ISP should responsible for only you WAN Connectivity i.e. your tunnel Source IP.


Please refer the below config


Central Router


interface fa0

des  **** WAN ***

ip add 1.1.1.1 255.255.255.252



interface loopback 10

des **** LAN Network ****

ip add 10.1.1.1 255.255.255.0



interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.1 255.255.255.0

tunnel source 1.1.1.1

tunnel des 2.2.2.2 255.255.255.252

tunnel mode gre

(Refer DMVPN Configuration)


ospf 10  ---- For ISP

network 1.1.1.1 0.0.0.0.3 area 0



osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 10.0.0.0 0.0.0.255 area 0 ---- LAN Network



Remote Router


interface fa0

des  **** WAN ***

ip add 2.2.2.2 255.255.255.252



interface loopback 10

des **** LAN Network ****

ip add 20.1.1.1 255.255.255.0



interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.2 255.255.255.0

tunnel source 2.2.2.2

tunnel des 1.1.1.1

(Refer DMVPN Configuration)


ospf 10  ---- For ISP

network 2.2.2.0 0.0.0.0.3 area 0



osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 20.0.0.0 0.0.0.255 area 0 ---- LAN Network





Regards

Chetan Kumar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Laurent Aubert Sun, 06/06/2010 - 09:47
User Badges:
  • Cisco Employee,

Hi,


Just configure a new OSPF instance with a new Id and add the network statement accordingly:


router ospf 10

...

!

router ospf 11

...

!


HTH


Laurent.

Ahmed Shaheen Sun, 06/06/2010 - 09:54
User Badges:

hi laurent,


i've done the same, i've kept process 10 for WAN and 11 for LAN (From Branch and HQ), however from the core router or the branch router i cant reach other end.


i cant see the network on the routing table at all.

Reza Sharifi Sun, 06/06/2010 - 11:48
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi,


Since you have two OSPF processes in order for one process to see the other processes' route, you have to redistribute from one to another.


for example:

router ospf 1

redis ospf 2 subnet xxxx


HTH

Reza

Ahmed Shaheen Mon, 06/07/2010 - 12:21
User Badges:

Hello Reza,


i've tried the same as well, however if i ended up redistributing the LAN subnet from 2nd OSPF process i am still announcing LAN to SP on 1st OSPF process.


i can see this when i trace route a branch ip from HQ.

Laurent Aubert Mon, 06/07/2010 - 06:30
User Badges:
  • Cisco Employee,

Hi,


OSPF 10 should include only Tunnels source addesses and OSPF 11 should run inside the tunnels to advertise LAN subnets only.



1- Do you learn tunnels of branch and HA source addresses correctly via OSPF 10 ?

2- If yes are your IPSec tunnels UP ?

3- If yes are your OSPF session inside the tunnel UP ?


Thanks


Laurent.

Ahmed Shaheen Mon, 06/07/2010 - 12:33
User Badges:

Hi Laurent,


When i've created another instance of OSPF Process i am not able to see it running by performing a multiple commands like show ip route ospf 11 nothing shows, however i ensure it has been created by verifing information on show ip ospf interface.


anyways, coming back to your questions please find below

1- since Tunel, WAN and LAN both are announced on OSPF 10 they are properly learnet.

2- IP sec tunnels are active even, but with no use

3- i didnt understand excatlly this point.


thank you

Correct Answer
Chetan Kumar Ress Mon, 06/07/2010 - 07:08
User Badges:
  • Silver, 250 points or more

Hi


I would like to clear one thing that DMVPN is your own cloud  that run over ISP cloud.


Here you are running OSPF with SP for WAN & LAN Connectivity. But when you are going with DMVPN then make sure that you are using ISP for only WAN Connectivity.


For tunnel you need WAN Connectivity and after creating tunnel you can check weather you are able ping point to point ip of those tunnel.


if its working fine then you can run the different ospf process and route only Tunnel IP & LAN IP for that Locaiton & Central HQ.


and in other ospf process that is for ISP should responsible for only you WAN Connectivity i.e. your tunnel Source IP.


Please refer the below config


Central Router


interface fa0

des  **** WAN ***

ip add 1.1.1.1 255.255.255.252



interface loopback 10

des **** LAN Network ****

ip add 10.1.1.1 255.255.255.0



interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.1 255.255.255.0

tunnel source 1.1.1.1

tunnel des 2.2.2.2 255.255.255.252

tunnel mode gre

(Refer DMVPN Configuration)


ospf 10  ---- For ISP

network 1.1.1.1 0.0.0.0.3 area 0



osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 10.0.0.0 0.0.0.255 area 0 ---- LAN Network



Remote Router


interface fa0

des  **** WAN ***

ip add 2.2.2.2 255.255.255.252



interface loopback 10

des **** LAN Network ****

ip add 20.1.1.1 255.255.255.0



interface tunnel 10

des *** DMVPN ***

ip add 192.168.1.2 255.255.255.0

tunnel source 2.2.2.2

tunnel des 1.1.1.1

(Refer DMVPN Configuration)


ospf 10  ---- For ISP

network 2.2.2.0 0.0.0.0.3 area 0



osp 20 --- For DMVPN

network 192.168.1.0 0.0.0.255 area 0 --- Tunnel Network

network 20.0.0.0 0.0.0.255 area 0 ---- LAN Network





Regards

Chetan Kumar

Ahmed Shaheen Mon, 06/07/2010 - 12:36
User Badges:

Hi Kumar,


thank you for the detailed response, however i have two questions


1- how will traffic be routed through WAN?

2- why is LAN configured on loopback not fastethernet?


thanks

Chetan Kumar Ress Tue, 06/08/2010 - 05:26
User Badges:
  • Silver, 250 points or more

Hi


1- how will traffic be routed through WAN?

----- Between CE & PE you are running Ospf & Your Tunnel Will use that one as a source to communicate other side of Tunnel network.

For DMVPN you requried that All router should reach each other & that is possible via ISP ( As you can using OSPF with ISP)


2- why is LAN configured on loopback not fastethernet\


----- It was just an example to show that how you need to advertise the network. In Production you can configure LAN on physical interface.



Regards

Chetan kumar

Actions

This Discussion