cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1164
Views
10
Helpful
8
Replies

Dual OSPF protocols supporting DMVPN

pratgupt
Level 1
Level 1
Is  it possible to have 2 OSPF processes to have DMVPN tunnel running  instead of BGP and OSPF?
8 Replies 8

Hitesh Vinzoda
Level 4
Level 4

Can you rephrase the sentence or elaborate the scenario, what exactly you want to achieve...?

HTH

Hitesh Vinzoda

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Pratibha,

if you mean that you would like to use two different OSPF processes one running INSIDE the MGRE virtual flat topology and one running on real infrastructure in a lab environment.: this is possible.

if you would like to run two OSPF processes on the MGRE interface the answer is negative unless you use different area-ids

OSPF version2 does not export OSPF process-id in OSPF hellos so you cannot run two OSPF processes using the same area-id.

But even using different areas could be a big problem as the router cannot know to which process to send the packet

I do not recommend to try to use it, but if you are in a lab you can test it by yourself.

your best choice would be to deploy two DMVPN clouds with two mGRE and on mGREx you run ospf process x and on mGRE y you run OSPF process y.

Hope to help

Giuseppe

Thank you Hitesh and Giuseppe. This was a question posted by a reader on our Facebook page at http://www.facebook.com/CiscoSupportCommunity?v=app_2373072738#!/topic.php?uid=133380531411&topic=15610. I will have them take a look at your answers. Thanks again!

hello giuslar,

i am having a live scenario,

i am having now main branch with 25 nodes attached with ip connect provided from my ISP connecting each with OSPF process 10.

the config is in short as following:

int tunel 1

ip address 1.1.1.1 255.255.255.0

-etc-

int fa0/0 <-- LAN

ip address 10.100.100.1 255.255.255.0

int fa0/1 <-- WAN

ip address 10.211.211.62 255.255.255.252

rotuer ospf 10

network 1.1.1.1 0.0.0.0 area 0

network LAN area 0

network WAN area 0

nothing else configured to be mentioned. (no static routes or default rules)

lets go step by step,

based on the above basic config; by showing crypto isakmp sa it shows that the tunnel is ACTIVE but traffic is exposed to my ISP as when i show ip route i can see all other branches and nodes being published from my ISP (10.211.211.61) not from my tunnel interface.

i am sure the DMVPN tunnel is not working as there is no traffic coming or going through it. how can this problem be solved?

keeping in mind that i can't change the process ospf 10 as it is the routing protocol agreed on with my ISP.

to solve this problem i've tried to have 2 OSPF processes but i am failing to make it happen.

if you need more info please let me know.

folks,

i am still looking for a solution, can someone help me.

Hello Shaheen,

you need to use two OSPF processes:

OSPF process 10 has to be used only for the link to the provider and eventually a loopback interface to be used as IPSec endpoint

example:

access link in net 192.168.3.0/30

loop 192.168.3.254/32

internal networks:

10.10.0.0/16

DMVPN IP subnet: 172.18.20,0/24

OSPF process 20 for DMVPN

router ospf 10

network 192.168.3.0 0.0.03 area 0

network 192.168.3.254 0.0.0.0 area 0

!

router ospf 20

network 172.18.20.0 0.0.0.255 area 0

network 10.10.0.0 0.0.255.255 area 1

your main process becomes process 20, OSPF 10 is only used with SP

you need a clear separation between internal networks to be only advertised on OSPF 20 to send and receive traffic over the DMVPN

Hope to help

Giuseppe

hi guiseppe,

dont i need to redistribute any process to the other?

Hello Shaheen,

>> dont i need to redistribute any process to the other?

don't do that keep them separated or you may be lost

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco

Ā