Dual OSPF protocols supporting DMVPN

Unanswered Question
Jun 17th, 2010
Is  it possible to have 2 OSPF processes to have DMVPN tunnel running  instead of BGP and OSPF?
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Hitesh Vinzoda Thu, 06/17/2010 - 22:52

Can you rephrase the sentence or elaborate the scenario, what exactly you want to achieve...?

HTH

Hitesh Vinzoda

Giuseppe Larosa Fri, 06/18/2010 - 05:46

Hello Pratibha,

if you mean that you would like to use two different OSPF processes one running INSIDE the MGRE virtual flat topology and one running on real infrastructure in a lab environment.: this is possible.

if you would like to run two OSPF processes on the MGRE interface the answer is negative unless you use different area-ids

OSPF version2 does not export OSPF process-id in OSPF hellos so you cannot run two OSPF processes using the same area-id.

But even using different areas could be a big problem as the router cannot know to which process to send the packet

I do not recommend to try to use it, but if you are in a lab you can test it by yourself.

your best choice would be to deploy two DMVPN clouds with two mGRE and on mGREx you run ospf process x and on mGRE y you run OSPF process y.

Hope to help

Giuseppe

Ahmed Shaheen Fri, 06/18/2010 - 15:24

hello giuslar,

i am having a live scenario,

i am having now main branch with 25 nodes attached with ip connect provided from my ISP connecting each with OSPF process 10.

the config is in short as following:

int tunel 1

ip address 1.1.1.1 255.255.255.0

-etc-

int fa0/0 <-- LAN

ip address 10.100.100.1 255.255.255.0

int fa0/1 <-- WAN

ip address 10.211.211.62 255.255.255.252

rotuer ospf 10

network 1.1.1.1 0.0.0.0 area 0

network LAN area 0

network WAN area 0

nothing else configured to be mentioned. (no static routes or default rules)

lets go step by step,

based on the above basic config; by showing crypto isakmp sa it shows that the tunnel is ACTIVE but traffic is exposed to my ISP as when i show ip route i can see all other branches and nodes being published from my ISP (10.211.211.61) not from my tunnel interface.

i am sure the DMVPN tunnel is not working as there is no traffic coming or going through it. how can this problem be solved?

keeping in mind that i can't change the process ospf 10 as it is the routing protocol agreed on with my ISP.

to solve this problem i've tried to have 2 OSPF processes but i am failing to make it happen.

if you need more info please let me know.

Giuseppe Larosa Wed, 07/07/2010 - 00:13

Hello Shaheen,

you need to use two OSPF processes:

OSPF process 10 has to be used only for the link to the provider and eventually a loopback interface to be used as IPSec endpoint

example:

access link in net 192.168.3.0/30

loop 192.168.3.254/32

internal networks:

10.10.0.0/16

DMVPN IP subnet: 172.18.20,0/24

OSPF process 20 for DMVPN

router ospf 10

network 192.168.3.0 0.0.03 area 0

network 192.168.3.254 0.0.0.0 area 0

!

router ospf 20

network 172.18.20.0 0.0.0.255 area 0

network 10.10.0.0 0.0.255.255 area 1

your main process becomes process 20, OSPF 10 is only used with SP

you need a clear separation between internal networks to be only advertised on OSPF 20 to send and receive traffic over the DMVPN

Hope to help

Giuseppe

Giuseppe Larosa Wed, 07/07/2010 - 01:46

Hello Shaheen,

>> dont i need to redistribute any process to the other?

don't do that keep them separated or you may be lost

Hope to help

Giuseppe

Actions

This Discussion