Small edits / optimizations of the DMVPN example (ipspace#18)

DMVPN/Readme.md

@@ -3,6 +3,12 @@ In this lab topology a situation is simulated where an IPsec interconnect to a 4
 
 ![DMVPN topology](dmvpn.png)
 
+### Overlay network
+
+The diagram below display the resulting overlay network. Each hub is connected to each spoke with its own NHRP instance and subnet.
+
+![overlay topology](dmvpn_overlay.png)
+
 Some notes:
 - The IoT provider / underlay network is configured with static routes.
 - The uplink to the IoT provider is an IPsec tunnel.

DMVPN/hub.j2

@@ -1,3 +1,4 @@
+!
 router ospf 1
  router-id 10.0.0.{{ id }}
 !
@@ -8,8 +9,7 @@ interface GigabitEthernet0/1
  ip ospf network point-to-point
  ip ospf 1 area 0.0.0.0
 !
-{% for intf in hostvars[inventory_hostname].interfaces %}
-{%   if intf.type is defined and intf.type == "tunnel" %}
+{% for intf in interfaces if intf.type is defined and intf.type == "tunnel" %}
 interface {{ intf.ifname }}
  description DMVPN Tunnel
  ip address {{ intf.ipv4|ipaddr('address') }} {{ intf.ipv4|ipaddr('netmask') }}
@@ -26,16 +26,14 @@ interface {{ intf.ifname }}
  tunnel source GigabitEthernet0/1
  tunnel mode gre multipoint
  tunnel path-mtu-discovery
-{%   endif %}
 {% endfor%}
 !
-{% for intf in hostvars[inventory_hostname].interfaces %}
-{%   if intf.type is defined and intf.type == "lan" %}
-{%     for n in intf.neighbors %}
-{%       if n.node == "firewall" %}
+{% for intf in interfaces if intf.type is defined and intf.type == "lan" %}
+{%   for n in intf.neighbors %}
+{%     if n.node == "firewall" %}
 ip route 0.0.0.0 0.0.0.0 {{ n.ipv4|ipaddr('address') }} name default_to_firewall
-{%       endif %}
-{%     endfor%}
-{%   endif %}
+{%     endif %}
+{%   endfor%}
 {% endfor%}
 !
+an

DMVPN/iot.j2

@@ -12,7 +12,7 @@ crypto ipsec profile protect-IoT
  set security-association lifetime seconds 86400
  set transform-set TS 
 !
-{%- for intf in hostvars[inventory_hostname].interfaces -%} 
+{%- for intf in interfaces -%} 
 {%   if intf.type is defined and intf.type == "tunnel" %}
 
 interface {{ intf.ifname }}
@@ -33,7 +33,7 @@ interface {{ intf.ifname }}
  tunnel path-mtu-discovery
  tunnel protection ipsec profile protect-IoT
 !
-{% for tunint in hostvars[inventory_hostname].interfaces if tunint.type is defined and tunint.type == "tunnel" %}
+{% for tunint in interfaces if tunint.type is defined and tunint.type == "tunnel" %}
 {%   for n in tunint.neighbors %}
 {%     for intf in hostvars['iotprovider'].interfaces %}
 {%       if intf.type is defined and intf.type == "lan" %}

DMVPN/spoke.j2

@@ -5,7 +5,7 @@ router ospf 1
 interface loopback0
  ip ospf 1 area 0.0.0.0
 !
-{% for intf in hostvars[inventory_hostname].interfaces if intf.type is defined and intf.type == "tunnel" %}
+{% for intf in interfaces if intf.type is defined and intf.type == "tunnel" %}
 interface {{ intf.ifname }}
  description DMVPN Tunnel
  ip address {{ intf.ipv4|ipaddr('address') }} {{ intf.ipv4|ipaddr('netmask') }} 
@@ -48,19 +48,17 @@ interface {{ intf.ifname }}
 {% endfor %}
 !
 !
-{% for intf in hostvars['iotprovider'].interfaces %}
-{%   if intf.type is defined and intf.type == "lan" %}
-{%     set iotip = intf %}
-{%     for intff in hostvars['firewall'].interfaces %}
-{%       if intff.type is defined and intff.type == "lan" %}
+{% for intf in hostvars['iotprovider'].interfaces if intf.type is defined and intf.type == "lan" %}
+{%   set iotip = intf %}
+{%   for intff in hostvars['firewall'].interfaces %}
+{%     if intff.type is defined and intff.type == "lan" %}
 ip route {{ intff.ipv4|ipaddr('network') }} {{ intff.ipv4|ipaddr('netmask') }} {{ iotip.ipv4|ipaddr('address') }} name Prevent_recursive_routing
 !
 ip access-list standard NO_INTER_SPOKE_TRAFFIC
  permit host {{ iotip.ipv4|ipaddr('address')}}
  deny {{ iotip.ipv4|ipaddr('network') }} {{ iotip.ipv4|ipaddr('wildcard') }} 
-{%       endif %}
-{%     endfor %}
-{%   endif %}
+{%     endif %}
+{%   endfor %}
 {% endfor%}
  permit any
 !