troubleshooting Question
Route Influencing EIGRP over DMVPN
asked on
I have DMVPN with two hubs and an EIGRP relationship to a firewall (as well as to the spokes.)
The problem I am running into is that all of the DMVPN traffic is trying to egress Via one of the two VPN hubs - HUB 1 - it's at capacity for passing encrypted traffic.
SPOKE----HUB 1----FW
SPOKE----HUB 2----FW
HUB1 is assigning a metric to the routes it learns from the spokes which is preferable to HUB2.
So that's why the FW is sending all the traffic to HUB1.
HUB1
redistribute eigrp 300 metric 100000 0 255 1 1500 route-map EIGRP300-TO-EIGRP100
HUB2
redistribute eigrp 300 metric 100000 10 255 1 1500 route-map EIGRP300-TO-EIGRP100
The firewall and the HUB DMVPN routers speak via EIGRP100. Hub to spokes via 300.
What I want to do is for the firewall to prefer one hub for half of the sites roughly. I could put in some static routes as a quick fix out of the traffic jam. I could remove HUB 1 from half of the spokes and that would make the HUB 2 the best path for half of the spokes. But surely there's a more elegant approach using route maps.
Something to the effect of..
If you match ACL SAVE-MY-DMVPN, you have a better metric than HUB 1. Otherwise you keep the same metric you have now and let HUB 1 keep doing its thing.
???
spiker.png
The problem I am running into is that all of the DMVPN traffic is trying to egress Via one of the two VPN hubs - HUB 1 - it's at capacity for passing encrypted traffic.
SPOKE----HUB 1----FW
SPOKE----HUB 2----FW
HUB1 is assigning a metric to the routes it learns from the spokes which is preferable to HUB2.
So that's why the FW is sending all the traffic to HUB1.
HUB1
redistribute eigrp 300 metric 100000 0 255 1 1500 route-map EIGRP300-TO-EIGRP100
HUB2
redistribute eigrp 300 metric 100000 10 255 1 1500 route-map EIGRP300-TO-EIGRP100
The firewall and the HUB DMVPN routers speak via EIGRP100. Hub to spokes via 300.
What I want to do is for the firewall to prefer one hub for half of the sites roughly. I could put in some static routes as a quick fix out of the traffic jam. I could remove HUB 1 from half of the spokes and that would make the HUB 2 the best path for half of the spokes. But surely there's a more elegant approach using route maps.
Something to the effect of..
If you match ACL SAVE-MY-DMVPN, you have a better metric than HUB 1. Otherwise you keep the same metric you have now and let HUB 1 keep doing its thing.
???
spiker.png
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.