OSPF configuration in Phase 1 DMVPN network

This is how you configure OSPF in a Phase 1 DMVPN network (read the introductory post and Phase 1 DMVPN fundamentals first):

Remember:

  • Use point-to-multipoint network type on the hub router to ensure the hub router is always the IP next hop for the DMVPN routes.
  • Use point-to-multipoint network type on the spoke routers to ensure the OSPF timers match with the hub router.
  • The DMVPN part of your network should be a separate OSPF area; if at all possible, make it a stub or NSSA area.
  • If absolutely needed, use OSPF LSA flood filter on the hub router and a static default route on the spokes.

More information

The Phase 1 DMVPN section of the DMVPN: from Basics to Scalable Networks webinar (register here or buy a recording) also includes the following routing protocol-specific topics (as well as numerous others described in the previous post):

  • OSPF routing in Phase 1 DMVPN networks;
  • EIGRP routing in Phase 1 DMVPN networks;
  • BGP routing in Phase 1 DMVPN networks;
  • Dynamic BGP neighbors;
  • DMVPN redundancy;
  • Monitoring and troubleshooting guidelines.

4 comments:

  1. Ivan,

    Any recomendations on setting up a (dual) hub running OSPF with phase 1 spokes AND prevent all spoke routes from being seen at other spokes? Think service provider environment. Thanks, great blog!

    ReplyDelete
  2. Ivan Pepelnjak09 August, 2011 22:26

    Close to mission impossible. All spokes have to be in the same area as they are connected to the same subnet (which is why OSPF over DMVPN does not scale) and thus they get all intra-area information.

    The only trick you could use would be flood filters on the hub http://wiki.nil.com/OSPF_flooding_filters_in_hub-and-spoke_environment but then you need static default routes on the spokes. OK if you have a non-redundant setup, "slightly" harder if you need redundancy.

    ReplyDelete
  3. Hmm. The flood filter trick might work in a redundant network by using IP SLA to track static routes on the spokes, right? What IGP would you recommend to address scaling? EIGRP?

    ReplyDelete
  4. Ivan Pepelnjak10 August, 2011 19:42

    Yes, you could use IP SLA (like with passive RIP design). You'll find more about DMVPN scalability in this post:

    http://blog.ioshints.info/2010/10/dmvpn-scalability.html

    All of these topics are discussed in my DMVPN webinar (hint, hint ;) ); the materials include tested router configurations for 20+ different scenarios using OSPF, EIGRP, BGP and RIP.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.