Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Run Eigrp over DMVPN in an MPLS cloud with BGP

Hi,

We are having 15 sites connected to each other via MPLS using BGP.

We are planning to run DMVPN over the WAN.Can we use EIGRP in the tunnel as we know Eigrp is having an administartive distance of 90 & BGP 20.We won't be able to see eigrp routes in the routing table.

Rgds.,

Sachin

11 REPLIES
Hall of Fame Super Silver

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Hello Sachin,

when you use DMVPN you need to separate the routing protocols actions and scopes:

you need a network infrastructure that has to be used to allow for the DMVPN to be setup in your case is an MPLS L3 VPN and you use eBGP as CE-PE protocol.

Then comes the DMVPN that can use EIGRP.

In order to work well and avoid recursion issues and so on:

eBGP will advertise the ip addresses that are used as IPSec endpoints.

NHRP will build a virtual flat backbone for EIGRP in multipoint GRE that travel inside IPSec.

In the EIGRP protocol you need to advertise the LAN subnets of every site that you want to protect.

Of course these "inside" IP subnets have to advertised only by EIGRP inside mGRE and not by the BGP.

You may need a route filter on the eBGP session or a change in your network statements to achieve this.

Another requirement is that the external ip addresses have to be not advertised by EIGRP.

I was able to use this setup but this separation of duties among BGP (infrastructure only ) and EIGRP (inside only) is needed

Hope to help

Giuseppe

New Member

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Giuseppe,

Not sure if you are still watching this but I have the exact same situation and was hoping  to possibly get an example of some sort.

Say for example:

10.1.1.0/30 is my PE/CE Link

10.2.1.0/24 is LAN

10.3.1.0/24 is my DMVPN Tunnel Subnet

and

10.4.1.0/29 is my Subnet on my Outside Interface (I am not behind an ASA or other FW)

What networks would I have on my BGP configuration and which on my EIGRP? would there be any redistribution?

Thanks!

Hall of Fame Super Silver

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Hello Mloraditch,

in simple words you need to avoid recursion or the tunnel will flap.

network 10.1.1.0/30 should be advertised on BGP.

EIGRP should have network specific commands including mask for

internal LAN

virtual flat subnet on DMVPN 10.3.1.0

if other subnets have to communicate out of DMVPN example 10.4.1.0 they must not be advertised over the tunnel by EIGRP.

Hope to help

Giuseppe

New Member

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Ok that makes sense and that's where I was going with the information from your older post, what about redistribution? Do i need to redistribute back and forth?

Thanks so much, very appreciated!

Hall of Fame Super Silver

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Hello Mloraditch,

thanks for your kind remarks

redistributing should be not needed and it should be considered carefully because it can lead to routing problems.

Being DMVPN routing based there is no extended ACL to defined traffic to be encrypted like in a standard point to point IPSec tunnel.

protected communications have to be decided on per IP subnet basis.

you cannot discriminate on a per protocol basis and you need to keep separated external routing and internal (DMVPN) routing so I don't see a need for redistribution.

Or your DMVPN is to be used for backup purposes ?

Hope to help

Giuseppe

New Member

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Giuseppe,

My DMVPN is for backup purposes. the primary connections are t-1s into the MPLS network.

Does this change things?

Hall of Fame Super Silver

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Hello Mloraditch,

yes if DMVPN is used as a backup link there may be a need for redistribution.

I suppose primary paths are MPLS links where you receive an MPLS L3 VPN.

I also suppose your are using eBGP as PE-CE protocol on these links.

eBGP has AD 20 better then EIGRP routes (when no EIGRP summary routes are configured locally).

It is important to know if DMVPN tunnels are terminated in head quarters on a different router.

Also it is important to  know what IGP is used on head quarters and what, if any, on each remote site.

If it is EIGRP and the same EIGRP process used on DMVPN this may require some care

AD and route length can be used to prefer primary paths.

More specific routes are used first regardless of AD, if two routes have the same prefix length AD plays a role.

Hope to help

Giuseppe

New Member

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

You are correct. Primary is MPLS links and eBGP on PE/CE.

DMVPN is being terminated on a router that is also an MPLS Endpoint

.

Previously the whole network was statically routed so there were no IGPs running anywhere. The BGP is just now being implemented for the DMVPN install. The remote sites are small and only have 1 subnet so there was no need to run a routing protocol anywhere before.

I have attached a PDF that gives you an idea (hopefully) of what I had and where I am trying to go.

Thanks you again for all of your assistance!

Hall of Fame Super Silver

Re: Run Eigrp over DMVPN in an MPLS cloud with BGP

Hello Mloraditch,

>> DMVPN is being terminated on a router that is also an MPLS Endpoint

but it is the only node on central site or there is another node in central site?

I've given a look at the network diagram but it is not possible to understand the central site structure

I think you should be fine, in case of doubt if your address plan allows it have EIGRP to use ip summary-address to advertise less specific routes.

Hope to help

Giuseppe

New Member

Run Eigrp over DMVPN in an MPLS cloud with BGP

Hi Giuseppe

I am also working on a design to run DMVPN with EIGRP over MPLS/BGP network. In our scenario, the primary link is from another ISP running OSPF currently. Can i run EIGRP on primary link and still run EIGRP on DMVPN to keep consistency in routing protocols and maintain simplicity of design? i am concerned about how failover will work etc. let me know your thoughts. Do you feel running OSPF on primary link will make it easier?

Run Eigrp over DMVPN in an MPLS cloud with BGP

Have a look at the bellow link for deisgn consideration where you have dmvpn as abs Kip to the mpls wan

In your case only difference is that you do not have bgp same concepts still apply

https://supportforums.cisco.com/docs/DOC-8356

Hope this help

If helpful rate

2891
Views
10
Helpful
11
Replies
CreatePlease to create content