DMVPN with BGP as a protocol

jbstratil · July 7, 2017, 2:06pm

I have a DMVPN built in my lab with 2 hubs and 4 spokes. My challenge is I am required to use BGP as my routing protocol. How do I configure BGP to make hub A the primary and hub B the backup? Hub A has two spokes (1&2) directly connected, and Hub B has two spokes (3&4) directly connected

Here are the basic configurations:

    Hub A:

!
interface Loopback518
 ip address 1.1.1.1 255.255.255.255
end

sh run int tu518
Building configuration...

Current configuration : 448 bytes
!
interface Tunnel518
 bandwidth 1000000
 ip address 10.1.1.1 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp map 10.1.1.2 10.62.250.2
 ip nhrp map multicast 10.62.250.2
 ip nhrp network-id 500
 ip nhrp nhs 10.1.1.2
 ip nhrp server-only
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/0/3
 tunnel mode gre multipoint
 tunnel key 518
end

Hub B:

sh run int lo518  
Building configuration...

Current configuration : 65 bytes
!
interface Loopback518
 ip address 7.7.7.7 255.255.255.255
end
!
interface Tunnel518
 bandwidth 1000000
 ip address 10.1.1.2 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp map 10.1.1.1 10.62.250.1
 ip nhrp map multicast 10.62.250.1
 ip nhrp network-id 500
 ip nhrp nhs 10.1.1.1
 ip nhrp server-only
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/0/0
 tunnel mode gre multipoint
 tunnel key 518
end

Spoke 1:

!
interface Loopback518
 ip address 3.3.3.3 255.255.255.255
end

!
interface Tunnel518
 bandwidth 1000000
 ip address 10.1.1.3 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp map 10.1.1.1 10.62.250.1
 ip nhrp map multicast 10.62.250.1
 ip nhrp map 10.1.1.2 10.62.250.2
 ip nhrp map multicast 10.62.250.2
 ip nhrp network-id 500
 ip nhrp nhs 10.1.1.1
 ip nhrp nhs 10.1.1.2
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/2
 tunnel mode gre multipoint
 tunnel key 518
end

Spoke 2:

!
interface Loopback518
 ip address 4.4.4.4 255.255.255.255
end
!
interface Tunnel518
 bandwidth 1000000
 ip address 10.1.1.4 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp map 10.1.1.1 10.62.250.1
 ip nhrp map multicast 10.62.250.1
 ip nhrp map 10.1.1.2 10.62.250.2
 ip nhrp map multicast 10.62.250.2
 ip nhrp network-id 500
 ip nhrp nhs 10.1.1.1
 ip nhrp nhs 10.1.1.2
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/2
 tunnel mode gre multipoint
 tunnel key 518
end

Spoke 3:

!
interface Loopback518
 ip address 7.7.7.7 255.255.255.255
end
!
interface Tunnel518
 bandwidth 1000000
 ip address 10.1.1.2 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp map 10.1.1.1 10.62.250.1
 ip nhrp map multicast 10.62.250.1
 ip nhrp network-id 500
 ip nhrp nhs 10.1.1.1
 ip nhrp server-only
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/0/0
 tunnel mode gre multipoint
 tunnel key 518
end

Spoke 4:

!
interface Loopback518
 ip address 6.6.6.6 255.255.255.255
end

!
interface Tunnel518
 bandwidth 1000000
 ip address 10.1.1.6 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp map 10.1.1.2 10.62.250.2
 ip nhrp map multicast 10.62.250.2
 ip nhrp map 10.1.1.1 10.62.250.1
 ip nhrp map multicast 10.62.250.1
 ip nhrp network-id 500
 ip nhrp nhs 10.1.1.2
 ip nhrp nhs 10.1.1.1
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 518
end

My tunnels are up and working in the hubs and spokes:

Hub 1:

sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel518, IPv4 NHRP Details 
Type:Hub/Spoke, NHRP Peers:5, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 10.62.250.2            10.1.1.2    UP 16:15:11     S
     1 10.62.250.3            10.1.1.3    UP 16:15:01     D
     1 10.62.250.4            10.1.1.4    UP 16:15:10     D
     1 10.62.250.5            10.1.1.5    UP 16:15:13     D
     1 10.62.250.6            10.1.1.6    UP 16:15:01     D

Spoke 2:

sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel518, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:3, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 10.62.250.1            10.1.1.1    UP 16:28:46     S
     1 10.62.250.2            10.1.1.2    UP 16:28:40     S
     1 10.62.250.6            10.1.1.6    UP 01:48:41     D

Spoke 4:

sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel518, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:5, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 10.62.250.1            10.1.1.1    UP 16:13:18     S
     1 10.62.250.2            10.1.1.2    UP     6w2d     S
     1 10.62.250.3            10.1.1.3    UP 01:24:01     D
     1 10.62.250.4            10.1.1.4    UP 01:33:27     D
     1 10.62.250.5            10.1.1.5    UP 01:23:54     D

My basic question is how to configure BGP to allow for hub A to be considered the primary and hub B the backup

ReneMolenaar · July 7, 2017, 3:20pm

Hi Joseph,

First thing I notice, I see that you mapped spoke 1, 2 and 4 to both hub A +B ? On spoke 3 I only see it is mapped to hub A?

What do you want to advertise through BGP?

jbstratil · July 7, 2017, 3:43pm

All spokes are mapped to both hubs, but I only had one tunnel up to spoke 3 when I uploaded those configs. I have these mapped through a couple of 7604’s to simulate a carrier network between the spokes and hubs. I want to have the spokes in a different AS than the hubs, like it would be on our live network, and I was thinking if I do a route map on Hub 2 to prepend or assign a different local preference, then the traffic will prefer one hub over the other. Am I going in the wrong direction here? Basically the hubs will be sitting in our data center and the spokes will be out at our different user locations. I plan on using an address family to advertise routes to different locations

jbstratil · July 7, 2017, 5:52pm

BGP is established
sh run | b router bgp
router bgp 65123
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 bgp listen range 10.1.1.0/24 peer-group DMVPN_SPOKES
 network 0.0.0.0
 network 1.1.1.1 mask 255.255.255.255
 neighbor DMVPN_SPOKES peer-group
 neighbor DMVPN_SPOKES remote-as 65123
 neighbor DMVPN_SPOKES route-map SPOKE_ROUTERS out
 neighbor IPSEC peer-group
 neighbor IPSEC remote-as 65123
 neighbor IPSEC timers 30 90
 neighbor IPSEC send-community
 neighbor IPSEC soft-reconfiguration inbound
 neighbor IPSEC prefix-list PREFIX_NO_DEFAULT in
 neighbor IPSEC prefix-list PREFIX_NEXT_HOP_ONLY out
 neighbor 10.1.1.2 remote-as 65123
!
sh ip bgp sum
BGP router identifier 1.1.1.1, local AS number 65123
BGP table version is 47, main routing table version 47
8 network entries using 1152 bytes of memory
9 path entries using 720 bytes of memory
2/2 BGP path/bestpath attribute entries using 288 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2160 total bytes of memory
BGP activity 25/17 prefixes, 33/24 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.2        4        65123    1328    1330       47    0    0 20:01:48        3
*10.1.1.3       4        65123    1327    1331       47    0    0 20:01:27        1
*10.1.1.4       4        65123    1327    1327       47    0    0 20:01:37        1
*10.1.1.5       4        65123    1325    1328       47    0    0 20:01:41        1
*10.1.1.6       4        65123    1330    1328       47    0    0 20:01:30        1
* Dynamically created based on a listen range command
Dynamically created neighbors: 4, Subnet ranges: 1

BGP peergroup DMVPN_SPOKES listen range group members: 
  10.1.1.0/24 

Total dynamically created neighbors: 4/(100 max), Subnet ranges: 1

How do I tell which hub is being preferred?

ReneMolenaar · July 17, 2017, 1:48pm

Hi @jbstratil,

Since you use iBGP, you can use local preference for this. Advertise a higher local preference value on the hub that you want to use as primary hub. You can do this in the outbound route-map DMVPN_SPOKES that you created:

route-map SPOKE_ROUTERS permit 10
 set local-preference 200

Your spoke routers will prefer the path from the hub with the highest local preference.