This won’t be a real long lab, as its more just removing OSPF as the WAN, configuring the ISP Router with point to point static routes to each site, then adding a single default route out to the Internet like you would any site in the Front Door VRF and associating both the Physical and Tunnel interfaces to it.
A quick break down of the simple configuration that allowed this to work
This will only be changes made on PHX1, all other DMVPN routers were adjusted accordingly with these same configurations.
The default route
ip route vrf FrontDoor 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.123.2
The Physical Interface
interface FastEthernet0/0
description Link to ISP
vrf forwarding FrontDoor
ip address 172.16.123.1 255.255.255.252
duplex full
(Have to remember to re-apply IP after adding VRF)
The Tunnel Interface
interface Tunnel0
ip address 192.168.1.10 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 100
no ip split-horizon eigrp 100
ip nhrp map multicast dynamic
ip nhrp network-id 11
qos pre-classify
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel vrf FrontDoor
tunnel protection ipsec profile ProtectTheTunnel
EIGRP Configuration (contains Overlay address)
router eigrp 100
network 10.10.10.0 0.0.0.255
network 192.168.1.0
The final DMVPN with Front Door VRF’s configured all around
PHX1#sh dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding, W –> Waiting
UpDn Time –> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:3,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1 172.16.123.5 192.168.1.1 UP 00:35:41 D
1 172.16.123.9 192.168.1.2 UP 00:34:44 D
1 172.16.123.13 192.168.1.3 UP 00:34:34 D
PHX1#
And from Minneapolis location MPLS2 router:
MPLS2#sh ip route
(Codes redacted)
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.0.1.0/24 is directly connected, FastEthernet2/0
L 10.0.1.1/32 is directly connected, FastEthernet2/0
D 10.0.2.0/24 [90/28167680] via 10.10.1.254, 00:00:48, FastEthernet1/0
D 10.0.3.0/24 [90/28167680] via 10.10.1.254, 00:00:42, FastEthernet1/0
D 10.0.10.0/24 [90/26887680] via 10.10.1.254, 00:00:55, FastEthernet1/0
C 10.10.1.0/24 is directly connected, FastEthernet1/0
L 10.10.1.253/32 is directly connected, FastEthernet1/0
D 10.10.2.0/24 [90/28165120] via 10.10.1.254, 00:00:49, FastEthernet1/0
D 10.10.3.0/24 [90/28165120] via 10.10.1.254, 00:00:43, FastEthernet1/0
D 10.10.10.0/24
[90/26885120] via 10.10.1.254, 00:00:56, FastEthernet1/0
D 192.168.1.0/24 [90/26882560] via 10.10.1.254, 00:43:48, FastEthernet1/0
MPLS2#
I am not sure what the issue was with applying this to my OSPF / EIGRP DMVPN Lab that was singing along just fine, however I see a default route to the Internet a lot more than I am configuring edge routers to be OSPF Neighbors with an ISP Core, so I will shut my big fat mouth and take Yes for an answer on this one 🙂
Front Door VRF’s ladies and gentlemen!
Will leave up my struggle post to get it working with OSPF because to maybe look back on that to see if there was some way to have gotten it working in light of now having it running, but for now I am leaving this dog lie in rest!
The DEVNET GRIND! 