Sunday, 6 March 2016

OSPF over DMVPN

OSPF over DMVPN

What we need to keep in mind here is that mGRE is a non-broadcast multi-access network (NBMA) how OSPF works. In order for OSPF to operate properly, the DMVPN hub router must be the OSPF DR and all the other routers should not be allowed to be a DR/BDR.  The only way you could have a DR/BDR design if this was a multi-hub DMVPN network – and that is beyond the scope of this post (due to hardware limitation in my lab). Also, the mGRE tunnel on the hub router must be set to a OSPF broadcast network via the ip ospf network broadcast command.


R1 -====( DMVPN  ))========R5

First thing we will do is add a Loopback interface to the DMVPN hub router.R5
The reason we are doing this here, and every other router, is to give us something to route!






crypto isakmp policy 10
 encr aes
 hash md5
 authentication pre-share
 group 5
crypto isakmp key cisco address 0.0.0.0       
!
!
crypto ipsec transform-set ESP_AES_SHA esp-aes esp-sha-hmac
 mode tunnel
!
crypto ipsec profile DMVPN_PROFILE
 set transform-set ESP_AES_SHA
!


interface Loopback0
 ip address 150.1.5.5 255.255.255.255
 ipv6 address 2001:150:5:5::5/128


Now onto the Tunnel interface.  Keep in mind I will only be notating the OSPF related commands.

interface Tunnel0
 ip address 155.1.0.5 255.255.255.0
 no ip redirects

I will notate the MTU.  This must be the same on all interfaces in order for OSPF to work.  Worst case, you might be able to use the ip ospf mt-ignore command.
 ip mtu 1400
 ip nhrp authentication NHRPPASS
You will need to configure NHRP mapping for Multicast traffic
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip tcp adjust-mss 1360
 delay 1000
The hub should be configured as OSPF network-type broadcast (the same from R1 to R5)
interface Tunnel0
ip ospf network type broadcast
ip ospf 1 area 0
!
Set the OSPF priority high to make sure this is the DR
ip ospf priority 255
 tunnel source Ethernet0/0.100
 tunnel mode gre multipoint
 tunnel key 150
 tunnel protection ipsec profile DMVPN_PROFILE
!
Now we need to configure the OSPF routing process, here ID 1
router ospf 1 

now the other routers
example 

R1
!
crypto isakmp policy 10
 encr aes
 hash md5
 authentication pre-share
 group 5
crypto isakmp key cisco address 0.0.0.0       
!
!
crypto ipsec transform-set ESP_AES_SHA esp-aes esp-sha-hmac
 mode tunnel
!
crypto ipsec profile DMVPN_PROFILE
 set transform-set ESP_AES_SHA
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 150.1.1.1 255.255.255.255
 ipv6 address 2001:150:1:1::1/128
!
interface Tunnel0
 ip address 155.1.0.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication NHRPPASS
 ip nhrp map 155.1.0.5 169.254.100.5
 ip nhrp map multicast 169.254.100.5
 ip nhrp network-id 1
 ip nhrp holdtime 300
 ip nhrp nhs 155.1.0.5
 ip tcp adjust-mss 1360

ip ospf network type broadcast
ip ospf 1 area 0
!
Set the OSPF priority high to make sure this is not DR or BDR.
ip ospf priority0
 tunnel source Ethernet0/0.100
 tunnel mode gre multipoint
 tunnel key 150
 tunnel protection ipsec profile DMVPN_PROFILE
!
 -===========

OSPF DR manipulation has been already presented in this part. 
Router with higher priority will win. 
Posted by at