I have DMVPN with two hubs and an EIGRP relationship to a firewall (as well as to the spokes.)
The problem I am running into is that all of the DMVPN traffic is trying to egress Via one of the two VPN hubs - HUB 1 - it's at capacity for passing encrypted traffic.
HUB1 is assigning a metric to the routes it learns from the spokes which is preferable to HUB2.
So that's why the FW is sending all the traffic to HUB1.
redistribute eigrp 300 metric 100000 0 255 1 1500 route-map EIGRP300-TO-EIGRP100
redistribute eigrp 300 metric 100000 10 255 1 1500 route-map EIGRP300-TO-EIGRP100
The firewall and the HUB DMVPN routers speak via EIGRP100. Hub to spokes via 300.
What I want to do is for the firewall to prefer one hub for half of the sites roughly. I could put in some static routes as a quick fix out of the traffic jam. I could remove HUB 1 from half of the spokes and that would make the HUB 2 the best path for half of the spokes. But surely there's a more elegant approach using route maps.
Something to the effect of..
If you match ACL SAVE-MY-DMVPN, you have a better metric than HUB 1. Otherwise you keep the same metric you have now and let HUB 1 keep doing its thing.