Redistributing OSPF and eigrp

Similar Messages

• Redistribute static in OSPF and EIGRP

  When use "redistribute static" in OSPF OR eigrp, does it also redistribute connected networks?
  When use "sh ip eigrp topology", the entries with "via RStatic" indicate a redistribution of static routes, corret?

  Hello,
  redistribute static will redistribute all static routes found in the IP routing table. In case you want to announce the connected interfaces you have two options:
  1) router ospf 10
  network 192.168.1.1 0.0.0.0 area 0
  for
  interface Ethernet0
  ip address 192.168.1.1 255.255.255.0
  2) router ospf 10
  redistribute connected
  The same applies for EIGRP.
  Hope this helps! Please rate all posts.
  Martin

• Igrp And Ospf And Rip And Sending Packet Out ?

  If I have got a scenario asking me not to send EIGRP packets out any other interfaces except interface Ethernet 0/0 (ip address is 183.1.123.3),,,,,,,,,,,then I can configure the router like this:
  Router eigrp 100
  Network 183.1.123.3 0.0.0.0------ ip address for fa 0/0,,,not the whole network.
  I can this for OSPf as well.
  Can I use same procedure with RIP ?
  Second question:
  For OSPF we choose router-id , why do we need to configure this for EIGRP or IGRP

  Hi,
  Router eigrp 100
  Network 183.1.123.3 0.0.0.0
  With this command, OSPF and EIGRP works only on that interface not any other interface.
  In case of RIP, its not possible. You have to use " passive interface " command in order to stop the RIP packets.
  in case of EIGRP, router -id is used to identify the originating router for external routes. If an external route is received with the local router ID, the route is discarded. The router ID can be configured with any IP address with two exceptions; 0.0.0.0 and 255.255.255.255 are not legal values and cannot be entered. A unique value should be configured for each router.
  HTH,
  -amit singh

• How do you Redistribution EIGRP into OSPF and maintain a distance of 250 for a static route?

  Ok, I have scoured the forums long enough and have to post. The design is below. I moved a firewall to our new data center, which required adding some static routes for VPN connections and broadband backups. To minimize the amount of static routes I redistribute static into EIGRP with a route-map and prefix-list.
  My problem is the next part of my network. When the data leaves my 56128's it hits an edge device connecting to our dark fiber. On this edge device I am running OSPF onto the dark fiber, then redistribute some EIGRP subnets into OSPF and again all is well.
  Everything works up until the point the redistributed routes hit my RIB at my main data center where I am running IBGP. IBPG is run between our MPLS router and core for all our remote sites. When my backup route from the 56128's hits the cores, it supersedes the BGP route because the AD route O E2 [110/20] is lower than the BGP AD B [200/0]. Given the configuration below what can be done to remedy this? Oh when I redistribute I can only change the AD for the backup routes, all other routes should stay the same.
  56128's where my static routes are:
  ip route 192.168.101.0/24 192.168.30.77 name firewall 250
  router eigrp 65100
     redistribute static route-map Static-To-Eigrp
  route-map Static-To-Eigrp permit 10
     match ip address prefix-list Static2Eigrp
  ip prefix-list Static2Eigrp seq 2 permit 192.168.101.0/24
  Edge device:
  router eigrp 65100
   network 172.18.0.5 0.0.0.0
   network 172.18.0.32 0.0.0.3
   network 172.18.0.36 0.0.0.3
   redistribute ospf 65100 metric 2000000 0 255 1 1500
   redistribute static metric 200000 0 255 1 1500 route-map STATICS_INTO_EIGRP
   passive-interface default
   no passive-interface Port-channel11
   no passive-interface Port-channel12
   eigrp router-id 172.18.0.5
  router ospf 65100
   router-id 172.18.0.5
   log-adjacency-changes
   redistribute eigrp 65100 subnets route-map EIGRP_INTO_OSPF
   passive-interface default
   no passive-interface GigabitEthernet1/0/1
   no passive-interface GigabitEthernet1/0/2
   no passive-interface GigabitEthernet2/0/1
   no passive-interface GigabitEthernet2/0/2
   network 172.18.0.0 0.0.255.255 area 0
  ip prefix-list EIGRP_INTO_OSPF seq 5 permit 172.18.0.0/16 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 10 permit 192.168.94.0/29 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 15 permit 192.168.26.32/29 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 20 permit 192.168.30.72/29 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 25 permit 192.168.20.128/25 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 26 permit 192.168.101.0/24 le 32 <- Backup Route for MPLS Remote Office
  route-map EIGRP_INTO_OSPF permit 10
   match ip address prefix-list EIGRP_INTO_OSPF

  So in the case of a /24. If it were say broken up into /25's? From our remote sites we are using aggregate-address summary-only. Not sure how I would advertise a more specific route via BGP, sorry.
  I didnt have this problem until I moved my firewalls. They plugged into the cores where IBGP was running and the static never kicked in unless the bgp route disappeared. I guess I could use my static redistribution for my VPN sites and use statics across the cores for the handful of backup links I have.

• Redistribution from ospf into eigrp

  If I have 3 routers running ospf and want to redistribute eigrp into this, what metrics do I need to use ?
  thanks

  I'm assuming you are wanting one way redistribute. If you are wanting to redistribute EIGRP into OSPF you will need to use a COST based metric such as;
  redistribute eigrp 65001 metric 100 subnets
  -or-
  redistribute eigrp 65001 subnets
  default-metric 100
  A metric is not required for OSPF, however, if you redistribute an IGP into OSPF without specifying a default-metric, it will be assigned a metric of 20. The OSPF metric is based on the 10 to the 8th / bandwidth of the link. For example, Ethernet cost is 10.
  Please rate post if it helped.
  Thanks!

• Question about network statement in OSPF and BGP

  The network statements in OSPF and BGP can be used to advertise networks. But I'm not clear under what circumstances would make more sense to use network statements to advertise a network than by using other methods to have the network learned by other routers.
  Here is an example: assume I'm running BGP on router A. I want to advertise network 10.1.1.0/24 to other BGP peers. I have a OSPF route for this network. I can do 2 things: one is to use "network 10.1.1.0 mask 255.255.255.0", the other is to do "redistribute OSPF ... route-map OSPF-INTO-BGP", and create a prefix list to permit 10.1.1.0/24.
  Both would work to have this network learned by other BGP peers. But which is better for what purpose?
  Thanks a lot
  Gary

  Hi Gary,
  There is one little difference between the use of the two approaches - the route injected into BGP by using a network statement will carry an Origin attribute of IGP, whereas the route injected using redistribution will have an Origin attribute of Incomplete. Now, that is not a huge issue since you can always change that whatever value you desire both with the use of the network statement and redistribution. The important thing, however, is that in the BGP best path selection process, the Origin attribute comparison is fairly high up and will prefer a route with the attribute of IGP.
  Apart from that, there is absolutely no difference between using the network statement and using redistribution with a route-map that matches exactly on the same route that you would have specified with the network statement.
  I guess one advantage of using the redistribute approach is that it does not clutter up the BGP config. If you wish to add more routes, you simply add them to the prefix list so that you don't really touch the BGP config portion at all..
  Hope that helps - pls do remember to rate posts that help.
  Paresh

• UC540 and EIGRP

  Is EIGRP an option with a UC540 or am I missing something?  I see bgp, ospf, rip and a few others as options but no eigrp.  I am trying to tunnel remote clinics back to our main site and have done this successfully with the UC540 and simple VPN tunnel.
  Now I want to try and streamline the process by using a GRE tunnel and EIGRP.   I seem to be striking out though. 
  Any help is much appreciated.
  Thanks                  

  Is it that Cisco doesn't support it, or that it won't work?  The CLI commands are there for other routing protocols, with the exception of EIGRP. 

• Situations to prefer ospf over eigrp

  hi,
  i have seen somewhere in cisco documentaion " in high availability routed access layer campus network design ospf protocol instead of eigrp"
  are there any scenarios to prefer ospf over eigrp except the one " some are non-cisco some are cisco"
  Regards
  skrao

  The biggest reason to choose OSPF over EIGRP is the fact that EIGRP is proprietary. Apart from that, both protocols are highly scalable, fast-converging IGPs.
  In fact, EIGRP provides a bit more flexibility than OSPF in some circumstances e.g. it allows summarisation at arbitrary points within the network unlike OSPF, where you can only do so at ABRs.
  Both protocols require careful design since badly designed EIGRP networks will suffer from Stuck-in-active conditions and badly designed OSPF networks will result in a lot of CPU-intensive SPF calculations.
  Given proper design, both protocols can scale to very large networks.
  Pls do remember to rate posts.
  Paresh

• Hi all, need advice on OSPF and private vlans

  Hi all.
  I have a project to complete and need some help on the possible solution I can use.
  Basically we have ospf area 0 and the users in question are in ospf area 7 and is a stub.
  I need to route the traffic from these users out through area 0 through 3 core devices, onto an external firewall interface to be placed onto the vpn that sits on it. The firewall is not included in the ospf domain.
  My thinking was that the firewall has a default route back into the ospf domain so dont need to worry about traffic coming in, however my job is to segregate these users and take them out of our core network and place them onto an external network via this vpn.
  Not sure how to achieve this apart from static routing redistributed but surely this does not seperate their traffic only points the route to ospf?!
  I was thinking I might have to use private vlans or policy routing but when I try policy routing the policy gets ignored due to normal forwarding.
  Any help and advice would be greatly appreciated.
  Cheers
  Steve

  Steve
  Thanks, that helps.
  GRE is defintely out because apart from the 6500 GRE tunneling is not supported on the Cisco switches.
  It's good that area 7 is only for these users and not mixed up with other users.
  So if i understand correcty the 4500 interface connecting to the 6500 is in area 0 and the interface connecting to the 3550 is in area.
  Or is the 3550 connected to both areas and the 4500 totally in area 0 ?
  Can you confirm the above ?
  In terms of keeping them separate there are 2 possible choices. You can either -
  1) use VRF-LIte, although i'm not sure whether the HP switch would support this. With VRF-Lite you are in effect creating virtual devices on the same physical device. This means each virtual device has it's own routing and forwarding table so it is quite secure because you would only populate the routing table with the routes needed so there would be no way for users to jump to thes rest of your networks.
  The downside is that is can become quite complex to configure. If the 4500 is only used to connect are 7 to area 0 then that would not be a problem but the connection from the 6500 to the HP could and i don't even know whether the HP supports VRF-Lite functionality let alone how to configure it on that switch.
  But it would, at least from the 4500 to 6500 to HP provide complete separation in terms of routing and forwarding. Once it got to the HP it wouldn't but that might not be an issue.
  2) Use PBR (possibly together with acls). This is easier to configure ie. you configure PBR on the 4500 and the 6500 to get the traffic to the HP switch. But you do not get the actual separation you get with VRF-Lite ie. the traffic simply overrides the existing routing tables.
  The other thing to bear in mind with PBR is that you also have to configure the return traffic as well so each device would need multiple PBR configs.
  Again i don't know whether the HP supports PBR but it may not be an issue depending on what the routing is on the HP.
  You could also use a combination of the above ie VRF-Lite between the Cisco switches and then PBR for the last hop to the HP device.
  I should say i don't have a huge amount of experience with VRF-Lite but that should not necessarily stop you using it if it is what you need. There are lots of other people on here so i'm sure there will be other people who can help if i can't.
  It still depends on how much separation is required. VRF-Lite is definitely seen as a way to separate traffic running across a shared infrastructure, PBR is not really seen in the same way.  So it may well be worth going back to find out exactly what "segregating" user traffic means.
  I don't want to confuse the issue but it's still not entirely clear what the actual requirement is.
  Jon

• OSPF and VLANs

  Scope of Inquiry:
  I've supported heterogeneous networks for merely a decade, but never quite big enough to expose me to Enterprise routing/switching concepts in real-time. I've supported numerous Metro Ethernet hub and spoke topologies, as well as a few racks in a datacenter environment ... however, once again ... no real application of OSPF, EIGRP, etc. 
  I'm learning some of the fundamental concepts of OSPF, adjacency, LSA types, etc... but one thing that has me tripped up is whether or not/how VLANs would be leveraged in a real-world scenario, in an OSPF environment.
  Can anyone kindly give me a very clear and concise explanation/high-level explanation of the contextual application of VLANs in an OSPF network, including whether or not tags would exist in each area, etc. * Please do not pontificate --- that is to overstate a simple explanation with extraneous details that are outside the scope of a basic/real-world explanation. Hope that wasn't too terse, but I'm trying to gain a working knowledge of the protocol and its nuances quickly. 
  Thanks!
  -Data-

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Hmm, don't know if I can briefly provide such a description.  Currently, I work in a large company (about 100,000 employees [with about 5,000 Enterprise switches and routers]) and my purview is about 10% of our Enterprise's switches and routers.  My sites range is size from just supporting a few hosts to thousands of hosts, equipment "sizes" range from Cisco 800 series ISRs, up to 6500s in VSS pairs.
  From a VLAN standpoint, VLANs generally provide subnets for hosts which also range is size from a /29 up to a /23.  VLAN/subnets are defined principally for like hosts and sized for the number of like hosts.  However, generally like host VLANs/subnets are split into multiple like VLANs/subnets once you get up to about a /24.
  A VLAN/subnet might only be hosted on one large chassis (4510 or 6509/6513) or it might be hosted on multiple L2 switches (2Ks/3Ks).  Generally (but not always) VLANs/subnets do not span multiple sites.
  At the moment, all sites with a region, generally one or more adjacent US States, are grouped into the same OSPF area.  I.e. such a region might have 50 to a couple of hundred OSPF "routers" in the same area.
  Originally area zero was used to tie the region areas together, but currently BGP is used with the WAN core (between regions).
  OSPF, per area, of course has all the subnets being hosted by VLANs and also all the (numbered) p2p links (per region/OSPF-area networks can run into a couple of hundred).
  LAN designs are generally just 1 or 2 layers, this because you can host so much on a large chassis or stack.  For example, at one of my larger sites, my user edge devices are 3 6509s with 96 port line cards.  As the users ports support both VoIP and data VLANs, a single data or VoIP VLAN spans two line cards (i.e. 192 ports).  So with 7 user line cards, the chassis hosts 4 data VLANs/subnets(/24) and 4 VoIP VLANs/subnets(/24).  As the 6509 has a L3 sup, the 8 chassis subnets are included in that device's OSPF router section and advertized to the rest of the OSPF area (via a dual gig, L3 Etherchannel, uplinked to a site core 6509 - the latter having two 10g SM off-site OSPF p2p fiber links).
  At a small (old technology) branch, I might have a "ring" of several 2K series switches.  For routing I'll have some 3K switch with an off-site gig link and a connection to one of the 2K switches.  I might also have a small ISR with a VPN tunnel, for off-site, with a connection to a different 2K switch.  There will be one to several VLANs/subnets defined on the 2K switches and 3K switch.  The ISR will indirectly have access to the VLANs via .q subinterfaces.  The 3K and ISR provide the subnet getways and include the VLAN/subnets into OSPF.  The also generally will run HSRP for the VLAN/subnet gateway IP.
  At a small (newer technology) branch, may have a L3 stack and an ISR.  One stack member has the high speed off-site gig link, the ISR connects to a different stack member.  However, the ISR now has a L3 routed p2p link to the L3 stack; there's no HSRP.  Yet, VLANs/subnets are pretty much as the above (paragraph).
  Hopefully the above gives you a view into some real world, large scale, with VLANs and OSPF.
  If you have additional questions, feel free to ask.

• Cisco 3270 MAR WGB and EIGRP Neighbors

  I'm setting up a lab environment where I want to have a 3270 MAR connect to a 1524 MESH AP on the 4.9 Public Safety frequency and form an EIGRP neighbor relationship and perform routing. So far, I can get the MAR associated to the 1524, which is connected to a 2106 running 4.1.192.22M. I have configured the 4.9 Radio on the MAR as a workgroup bridge and infrastructure-client. The radio interface is up, and it is associated. I have defined EIGRP neighbors, the AS numbers and K values match. I can't figure out why the EIGRP neighbor relationship won't come up? I've also configured the MAR as a stub network. I had this working in my lab several months ago, but restoring the configs on each of the devices doesn't result in neighbor formation. Attached is some config info and show commands.
  3560_8Port_PoE ---- 2106 ---- 1524_AP )))) (((( ----- 3270_4.9Radio_WGB ---- 3270_MAR
  Regards,
  Scott

  Update -
  Here's an output from back in January when I had it working:
  3270_MAR#
  *Mar 2 21:41:15.656: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 192.168.1.1 (Vlan1) is up: new adjacency <-----------------------LOOK HERE
  THIS MEANS THAT THE TWO ROUTERS EXCHANGED 'HELLOS' AND BECAME BUDDIES, SHARING THEIR ROUTING TABLES
  3270_MAR#sh ip route
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
  E1 - OSPF external type 1, E2 - OSPF external type 2
  i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
  ia - IS-IS inter area, * - candidate default, U - per-user static route
  o - ODR, P - periodic downloaded static route
  Gateway of last resort is 192.168.1.1 to network 0.0.0.0
  C 192.168.4.0/24 is directly connected, Vlan4
  C 192.168.5.0/24 is directly connected, Vlan5
  D 192.168.6.0/24 [90/28416] via 192.168.1.1, 00:01:31, Vlan1 <----------------------------- This route was updated using EIGRP
  C 192.168.7.0/24 is directly connected, FastEthernet0/0
  C 192.168.1.0/24 is directly connected, Vlan1
  D 192.168.3.0/24 [90/28416] via 192.168.1.1, 00:01:31, Vlan1
  S* 0.0.0.0/0 [1/0] via 192.168.1.1
  3270_MAR#

• Load Balancing with OSPF and maximum-paths command

  Hello,
  Just a quick query really, we have a disribution layer 3 switch, in its routing table it has 3 default routes all with the same metric from the core router, this is because the core router is setup with the comamnd "default-information originate always metric 50" which obviously proagates the default route around the area and the metric never changes from 50.
  So i have a routing table that looks like this:
  O*E2 0.0.0.0/0 [110/50] via 77.95.176.9, 06:44:51, GigabitEthernet4/9
                 [110/50] via 77.95.176.17, 06:44:51, Vlan903
                 [110/50] via 91.203.72.5, 06:44:51, Vlan262
  Three default routes with the same metric, does this mean that the router IOS will load balance traffic over all three routes evenly?  I mean i have been reading up on it and appartemtly i dont have the command "maximum-paths 3" under my ospf process?
  I have been doing some traceroutes from this switch to the internet (various sites) and all the traffic seems to be going out over the first  route in the table that next hop is 77.95.176.9
  My question is how can i verify that load balancing is taking place, or if its not then i need to add this "maximum-paths 3" command to the ospf on the local switch?  I would say load balancing is not taking place but im sure i have seen traffic from one customer being routes over all 3 paths due to matching spikes on the SNMP sensors?
  Many Thanks.
  Matt

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Yes, your traffic should use all three paths, as Rick notes, OSPF, on Cisco, normally defaults to using up to 4 equal cost paths.
  As Rick also notes mentioning CEF, how actual traffic is forwarded across ECMP can vary.  Often, the device will keep all traffic for the same flow on the same egress port, and attributes selected for actual egress port selection might be deterministic.  I.e. it's possible same traffic flow will always be sent to the same egress port.  (This means even with ECMP, you may not see an equal load distribution.)

• DMVPN Question on NHRP and EIGRP neighbor relations

  First of all thank you for your answer, in a DMVPN network, running EIGRP over GRE, will a spoke consider another spoke an EIGRP neighbor? or will it just consider the hub to be an EIGRP neighbor when it comes to sending/receiving eigrp queries/updates? given that in dmvpn setup one spoke can establish a direct tunnel with another spoke.

  If you are running EIGRP, under EIGRP type in
  no split-horizon eigrp ; where x is the as #.
  Also, if your dmvpn routers have default routes ie 0.0.0.0/0 pointing to the ISP on all routers that is ok. IF you have specific static routes for DMVPN hub public on DMVPN spoke router, you would also need to add a static route for the other dmvpn spoke public address on your first dmvpn spoke and vice versa. Hope this helps.

• Direct Connect OSPF and BGP AWS failover setup

  Hi,
  We recently installed AWS Direct Connect which was successful but now we are looking at the best way to  automatically fail over if our Direct Connect fails to route via our back VPN.
  The setup
  Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
  A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area.  Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
  What we want to achieve
  The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS.  What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500? 
  I appreciate your time.

  Hi,
  We recently installed AWS Direct Connect which was successful but now we are looking at the best way to  automatically fail over if our Direct Connect fails to route via our back VPN.
  The setup
  Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
  A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area.  Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
  What we want to achieve
  The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS.  What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500? 
  I appreciate your time.

• DMVPN and Eigrp SIA issues

  I have over 250 sites in a hub-and-spoke desing, each remote site has a frame-relay and an IPSec tunnel to the office, we are running Eigrp but ever since we deployed DMVPN we've been getting many SIA messages...is this a normal behavior for a DMVPN design? should I just decrease how often EIGRP queries are sent or increase EIGRP timers, or should I just leave it alone...has anyone seen DMVPN in over 200 sites working flawlessly using eigrp? just curious...

  GTS = Generic Traffic Shaping.
  We just use the easier to use, traffic-shape rate command, but the likely cisco answer would be to create policy-map/class-maps for the tunnel interfaces.
  Our Tunnel interfaces have the following additional commands. cut-edited-paste.
  Site with a T1
  interface Tunnel111
  description VPN sitea to siteb
  bandwidth 1536
  ip unnumbered Loopback0
  ip access-group whattoblockin in
  ip access-group whattoblockout out
  ip mtu 1600
  ip hello-interval eigrp 111 2
  ip hold-time eigrp 111 8
  ip pim sparse-mode
  ip route-cache flow
  ip tcp adjust-mss 1280
  load-interval 30
  delay 1001
  traffic-shape rate 1536000 8192 8192 2048
  cdp enable
  tunnel source a.a.a.a
  tunnel destination b.b.b.b
  end
  The traffic-shape command is just there to keep the outside interface from being over run and dropping packets after encryption. This isn't "QOS" by Cisco's book, but when we implemented this, Cisco didn't have a pre-qualify that worked properly with DMVPN.
  If we start having problems with a site having heavy utilization, we'll change the traffic-shape statement to smooth out the traffic and control the heavy users. (refer to effects of WFQ).
  Do a search for WFQ and GTS on Cisco.com
  (oh, and if anyone tells you that the ip mtu command is a bad idea, tell 'em to stick it in their ear...)
  Rob