Introduction
In this article, I am going to set up BGP routing over the dual homed DMVPN WAN. Why I use BGP and not some other routing protocol (OSPF, ISIS, RIP, EIGRP)? I want to use route summarization and advance, centralized route filtering. OSPF does not full fill these requirements. It is a Link State routing protocol and all routers within the OSPF area must have identical Link State Database. This means that route filtering and summarization can only be done between areas, not inside the area. The other Link State routing protocol IS-IS is not supported with DMVPN, so it is also out of the question. RIP is a Hop Count routing protocol and we could use it if we want to implement a very simple routing. However, I want to use advanced, centralized routing policy, so RIP is not my choice. Then we have two vector based protocols; EIGRP (distance vector) and BGP (path vector). These are the “de facto” routing protocols for routing over the DMVPN WAN and I could pick either one. However, I prefer BGP as a WAN routing protocol, so that is why I am going to use it in my example.
In our example topology (figure 1), we have two sites:
Central Site: We have edge routers S1R1 and S1R2, with two virtual Routing Instance (VRF); default and front-door VRFs. Physical interfaces 3 and 4 on both routers belong to default VRF and also participates in OSPF Area 0. Both routers S1R1 and S1R2 have also tunnel interfaces, Tunnel11 and Tunnel12 respectively that belongs to the default VRF. Internal BGP peering between the Central site and Remote site runs between Tunnel interfaces. Physical Interface 2 in both edge routers belongs to front-door VRF, which is a termination point for the WAN connection. There is no iBGP peering between routers S1R1 and S1R2. Both edge routers are BGP route-Reflectors. Router S1R3 has four networks attached to it (172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24 and 172.16.3.0/24). We advertise these networks via OSPF as well as the default route. It also has an Interface Looback1000 with address 10.28.158.1, which we are going to use for testing a default route. Network 10.28.158.0/24 is not advertised with OSPF.
Branch Site: We only have one router in Branch Site. There are two Tunnel Interfaces and one LAN interface, which all belongs to default VRF. There are two front-door VRFs, one for the MPLS connection and one for the Internet connection. Note that Interface towards the Internet gets its IP address via DHCP from the router INET-R112.
Figure 1: Physical topology and IP addressing.
