DMVPN Tunnel Source Failover

Off the back of my last post about failing over outbound access using IP SLA and route-maps here I needed to also accommodate DMVPN tunnels in this process.

The issue that I ran into was that in a DMVPN spoke tunnel we specify the tunnel source <interface> manually. When were failing over between two providers obviously our interface will change rendering our tunnel useless.

I tried a few different workaround such as a duplicate tunnel to the same DMVPN hub and a new tunnel to a new DMVPN hub but due to my environment with one telco at the DMVPN hub end I couldn’t pass traffic. I didn’t dive too deeply into why, but I suspect that it was due to ipsec not being able to identify the correct source traffic as we were sharing interfaces and profiles.

There is a tunnel source dynamic command that Cisco support but I could only find documentation regarding this and routing protocols – again not something that I could run in my environment.

In order to solve this, I threw in a simple EEM script. EEM scripts will take inputs from router events and execute actions that you define.

I put together an EEM script that was triggered on the ip sla event and that actually typed out the commands to change the tunnel source interface. See below.

event manager applet change_dmvpn_source_down
event track 1 state down
action 1.0 cli command “enable”
action 1.5 cli command “config t”
action 2.0 cli command “interface tun0”
action 2.5 cli command “tunnel source gi0/2”
action 3.0 cli command “end”

event manager applet change_dmvpn_source_up
event track 1 state up
action 1.0 cli command “enable”
action 1.5 cli command “config t”
action 2.0 cli command “interface tun0”
action 2.5 cli command “tunnel source gi0/0”
action 3.0 cli command “end”

EEM always seems a little crude to me, but in these types of scenarios when you are pigeon-holed on technology and need a quick fix it works quite well.

One thought on “DMVPN Tunnel Source Failover

  1. just used this…works like a charm! nice work!

Leave a Reply

Your email address will not be published. Required fields are marked *