Almost all articles describing DMVPN in combination with OSPF use the “magic” ip ospf database-filter all out command on the hub routers to minimize the OSPF traffic traversing the DMVPN part of the network.
The same trick can be used in any hub-and-spoke network, including Frame Relay-based networks.
What these articles usually fail to tell you is the true impact of this command: it stops all OSPF flooding from hub router. The spoke routers receive no OSPF information whatsoever; to establish connectivity to the network core, you have to use static default routes on the hubspoke routers.
I’ve described the details of OSPF flooding filters and their use in hub-and-spoke networks in the “OSPF flooding filters in hub-and-spoke environment” article in the CT3 wiki.
Posts
4 comments:
few restrictions i could quickly think worth mentioning when "ip ospf database-filter all out" is configured on hub and static default is used on spokes -
1. For DMVPN phase2, this wont work as the spokes need the actual tunnel IP address of the other spokes as next-hop for direct spoke to spoke communication
2. typically the spokes would already have a default route towards their ISP for internet access.
Swap
#19804
"you have to use static default routes on the hub routers" - I think you meant to say "spoke routers" here?
You're absolutely right. It helps if your network uses a nice addressing range so you don't have to use a default route on the spoke routers. Otherwise VRFs should help ;)
Correct. Thanks. Fixed.
This blog is using JS-Kit comments. You have to enable JavaScript if you want to post a comment.