We are in the process of designing a DMVPN network, which will be used as a backup (over the Internet) to our MPLS WAN Network. Currently we are using EIGRP at central and remote site.
If I select EIGRP as also the routing protocol for the DMVPN, then EIGRP will consider the MPLS WAN Routes as External (Since they are being redistributed through BGP from MPLS Core into our internal Core) and then DMVPN Routes will be preferred over MPLS WAN Routes. Is this understanding correct ?
How can i correct this problem ? Using the 'distance eigrp ...' command ?
Is there any advantage using OSPF as the routing protocol in DMVPN ? This won't solve the above problem but are there any inherent advantages of OSPF over EIGRP in DMVPN Design ?
We have around 18 Sites that will be connected with no Spoke-Spoke functionality required.
I personally recommend OSPF simply because of the use of areas. Area 0 (or 0.0.0.0) for the WAN MPLS and Area X (or 10.1.X.0) for LAN at each site. X or course being the site/subnet number. In my opinion it is much more simple for administrative reasoning. Every DMVPN I've designed was created with OSPF.
You really cannot use EIGRP effectively over the WAN. I was managing a 500 node DMVPN with a a redundant 6509 core. The results were unbelievable. The 1811's hanging off of the cores through the DMVPN's were crazy. Every time a change occurred, if one router lost its VPN connection, the EIGRP protocol would broadcast the changes to all of the cloud, meaning to all 499 EIGRP participants would have to be notified of the change. This was HUGE. OSPF has better NBMBA environments that you would use. Personally, you wouldn't have a choice. Using EIGRP with DMVPN's that are over 50 nodes are practically impossible. I did work around the issue and stabilized the network but knowing what I know now, definately OSPF.
Any way we can talk via the phone? Do you run voice over your DMVPN? I have a large site deployment of DMVPN that is in the process of failing due to quality issues. At max capacity we will have over 800 remote sites. We have been looking into 1861's with CME.
Have you considered moving to GETVPN? It is a fully-meshed VPN solution without the "hub-and-spoke" of DMVPN. DMVPN was obviously not designed with VoIP in mind and the traffic flow is actually very destructive of voice traffic. That said, GETVPN is definitely your solution for voice over an encrypted WAN.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...