BGP - multipath in a DMVPN environment

When deploying BGP multipath in a DMVPN environment, the behavior of the ECMP may be somewhat different than expected. This is because of the way that BGP interacts with NHRP.

In a DMVPN topology, and particularly in one with multiple hubs (dual hub dual cloud or dual hub single cloud), you may find that BGP multipath is achievable on some spokes but not on others. This may be due to several reasons:

  • Differing BGP attributes - Multipath will only work if the weight, local preference, AS path, origin type, MED, and IGP metric are the same.
  • The configuration of maximum-paths - If maximum-paths is not configured or is set to a value less than the number of paths available, then only one path will be chosen as the best path.
  • Consider how NHRP is interacting with BGP multipath:
    • If NHRP shortcuts (spoke-to-spoke tunnels) are not correctly established, traffic might be forced to take a less optimal path via the hub(s), impacting the effectiveness of BGP multipath.
    • Next Hop Resolution - BGP relies on correct next-hop information for routing decisions. If NHRP is not correctly resolving these next hops, especially in a setup with multiple hubs, BGP might not make the optimal path selections.
    • NHRP and BGP Synchronization - In a dynamic environment like DMVPN, the synchronization between NHRP and BGP is vital. Delays or mismatches in updates between these two can lead to routing inconsistencies.

Such a setup requires extra care to ensure that all configuration components are interacting predictably for an expected outcome.