Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
10
Helpful
3
Replies

DMVPN & EIGRP - Nested DMVPN

DJay
Level 1
Level 1

‎09-01-2021 11:40 PM

I'm looking for any type of help please, I'm starting to go around and round and finding myself looking to get more aggressive with config changes which I'm sure will push me in a bad direction.

I'm having issues with the 'Over_NET' DMVPN, its a DMVPN tunnel that I need to push through another DMVPN.

This is also over 2 diverse WAN Paths (1&2).

 

The WAN paths and Tunnels (2&3 - Under_NET) are good.

The new setup to support new locations has same WAN Paths but 2 new Tunnels (7&8 - Under_NET) they are good.

I'm tryin to add another tunnel in Under_Net called Over_NET (4)

I can see Tu4 is:

UP/UP on Hub

UP/DOWN on Spoke.

SPOKE: Tu4 is missing from 'sh ip nhrp multicast', but exists in 'sh ip nhrp details'.

HUB: Tu4 is missing from 'sh ip nhrp multicast', & 'sh ip nhrp details'.

 

This makes me think its a multicast issues, but I've gone over and over the routers to make sure PIM is across interfaces and enabled.

Over_NET is tied to Under_NET Lookbacks.

Tring to keep all in Uder_NET and global, within the HUB RT.

 

The other area that could be effecting this is the EIGRP setup witch I have little experience with.

 

Any suggestions and ideas of this to test please advise. I'm at the end of my limits. TY

 

Config and testing:

============================================================================
Hub:
-------------------
interface Loopback0
ip address 10.10.100.1 255.255.255.255
ip pim sparse-mode
!
interface Loopback1
description UnderNET Loopback
ip vrf forwarding Under_NET
ip address 192.168.250.10 255.255.255.255
ip pim sparse-mode


interface Tunnel4
description DMVPN_WAN_OverNET
ip vrf forwarding Under_NET
ip address 10.0.4.1 255.255.255.0
no ip redirects
ip mtu 1300
ip pim nbma-mode
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 4
ip nhrp registration no-unique
ip tcp adjust-mss 1250
delay 500
qos pre-classify
tunnel source Loopback1
tunnel mode gre multipoint
tunnel key 4
!
interface Tunnel7
description DMVPN_Path1
ip vrf forwarding Under_NET
ip address 192.168.202.1 255.255.255.0
no ip redirects
ip mtu 1350
ip pim nbma-mode
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 7
ip nhrp registration no-unique
ip tcp adjust-mss 1300
delay 50
qos pre-classify
tunnel source GigabitEthernet0/1.713
tunnel mode gre multipoint
tunnel key 7
tunnel vrf Path1


interface Tunnel8
description DMVPN_Path2
ip vrf forwarding Under_NET
ip address 192.168.201.1 255.255.255.0
no ip redirects
ip mtu 1350
ip pim nbma-mode
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 8
ip nhrp registration no-unique
ip tcp adjust-mss 1300
delay 500
qos pre-classify
tunnel source GigabitEthernet0/1.801
tunnel mode gre multipoint
tunnel key 8
tunnel vrf Path2

router eigrp WAN_Path
!
address-family ipv4 unicast autonomous-system 10
!
af-interface default
authentication mode hmac-sha-256 #########
passive-interface
exit-af-interface
!
af-interface Tunnel3
summary-address 10.10.0.0 255.255.0.0
no passive-interface
no split-horizon
exit-af-interface
!
af-interface Tunnel2
summary-address 10.10.0.0 255.255.0.0
no passive-interface
no split-horizon
exit-af-interface
!
topology base
exit-af-topology
network 10.0.0.0
network 192.168.0.0 0.0.0.0
metric weights 0 0 0 1 0 0 0
exit-address-family
!
!
router eigrp Under_NET
!
address-family ipv4 unicast vrf Under_NET autonomous-system 100
!
af-interface default
authentication mode hmac-sha-256 ##############
passive-interface
exit-af-interface
!
af-interface Tunnel7
summary-address 192.168.0.0 255.255.0.0
no passive-interface
no split-horizon
exit-af-interface
!
af-interface Tunnel8
summary-address 192.168.0.0 255.255.0.0
no split-horizon
exit-af-interface
!
af-interface Tunnel4
summary-address 10.0.0.0 255.255.0.0
no split-horizon
exit-af-interface

topology base
exit-af-topology
network 10.0.0.0 0.0.255.255
network 192.168.0.0 0.0.255.255
metric weights 0 0 0 1 0 0 0
exit-address-family
!
!
router eigrp Over_NET
!
address-family ipv4 unicast vrf Under_NET autonomous-system 110
!
af-interface default
authentication mode hmac-sha-256 #############
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.0.0.0 0.0.0.255
metric weights 0 0 0 1 0 0 0
exit-address-family

ip pim rp-address 10.10.100.11
ip pim register-source Loopback0
ip pim vrf Under_NET register-source Loopback1
ip route 0.0.0.0 0.0.0.0 Null0
ip route 10.10.0.0 255.255.0.0 10.10.102.2
ip route 10.10.100.11 255.255.255.255 10.10.102.2
ip route vrf Path2 0.0.0.0 0.0.0.0 10.248.50.209
ip route vrf Path1 0.0.0.0 0.0.0.0 10.159.0.209
============================================================================
Spoke:
-------------------
interface Loopback0
description Over_NET LOOPBACK
ip vrf forwarding Over_NET
ip address 10.48.100.10 255.255.255.255
ip pim sparse-mode
!
interface Loopback1
description Under_NET LOOPBACK
ip vrf forwarding Under_NET
ip address 192.168.250.48 255.255.255.255
ip pim sparse-mode
!
interface Tunnel4
description WAN Path - Over_NET
ip vrf forwarding Under_NET
ip address 10.0.4.48 255.255.255.0
ip mtu 1300
ip pim sparse-mode
ip nhrp map multicast 192.168.250.10
ip nhrp map 10.0.4.1 192.168.250.10
ip nhrp network-id 4
ip nhrp holdtime 300
ip nhrp nhs 10.0.4.1
ip tcp adjust-mss 1250
delay 500
qos pre-classify
tunnel source Loopback1
tunnel destination 192.168.250.10
tunnel key 4
tunnel vrf Over_NET
!
interface Tunnel7
description WAN Path - Path1
ip vrf forwarding Under_NET
ip address 192.168.202.48 255.255.255.0
ip mtu 1350
ip pim sparse-mode
ip nhrp map multicast 10.159.0.220
ip nhrp map 192.168.202.1 10.159.0.220
ip nhrp network-id 7
ip nhrp holdtime 300
ip nhrp nhs 192.168.202.1
ip tcp adjust-mss 1300
delay 500
qos pre-classify
tunnel source GigabitEthernet0/0/0.733
tunnel destination 10.159.0.220
tunnel key 7
tunnel vrf Path1

interface Tunnel8
description WAN Path - Path2
ip vrf forwarding Under_NET
ip address 192.168.201.48 255.255.255.0
ip mtu 1350
ip pim sparse-mode
ip nhrp map multicast 10.248.50.212
ip nhrp map 192.168.201.1 10.248.50.212
ip nhrp network-id 8
ip nhrp holdtime 300
ip nhrp nhs 192.168.201.1
ip tcp adjust-mss 1300
delay 500
qos pre-classify
tunnel source GigabitEthernet0/0/0.801
tunnel destination 10.248.50.212
tunnel key 8
tunnel vrf Path2

router eigrp WAN Path
!
address-family ipv4 unicast autonomous-system 10
!
af-interface default
authentication mode hmac-sha-256 #######################
exit-af-interface
!
topology base
exit-af-topology
network 10.48.0.0 0.3.255.255
metric weights 0 0 0 1 0 0 0
eigrp router-id 10.48.100.10
eigrp stub summary redistributed
exit-address-family
!

!
router eigrp Under_NET
!
address-family ipv4 unicast vrf Under_NET autonomous-system 100
!
af-interface default
authentication mode hmac-sha-256 ####################
passive-interface
exit-af-interface
!
af-interface Tunnel7
summary-address 192.168.0.0 255.255.0.0
no passive-interface
exit-af-interface
!
af-interface Tunnel8
summary-address 192.168.0.0 255.255.0.0
exit-af-interface
!
topology base
exit-af-topology
network 192.168.0.0 0.0.255.255
network 192.168.201.0
network 192.168.202.0
metric weights 0 0 0 1 0 0 0
eigrp router-id 192.168.250.48
exit-address-family
!
!
router eigrp Over_NET
!
address-family ipv4 unicast vrf Over_NET autonomous-system 110
!
af-interface default
authentication mode hmac-sha-256 #####################
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 10.0.0.0 0.0.0.255
metric weights 0 0 0 1 0 0 0
exit-address-family
!

ip route 0.0.0.0 0.0.0.0 Null0
ip route 10.48.0.0 255.255.0.0 Null0
ip route 10.123.123.0 255.255.255.0 Null0
ip pim rp-address 10.10.100.11
ip pim vrf Over_NET register-source Loopback0
ip pim vrf Under_NET register-source Loopback1
=====================================================

Hub:

Loopback0 10.10.100.1 YES NVRAM up up
Loopback1 192.168.250.10 YES NVRAM up up
Tunnel0 10.10.100.1 YES unset up up
Tunnel2 10.0.2.1 YES NVRAM up up
Tunnel3 10.0.3.1 YES NVRAM up up
Tunnel4 10.0.4.1 YES manual up up
Tunnel7 192.168.202.1 YES NVRAM up up
Tunnel8 192.168.201.1 YES NVRAM up up

#sh ip nh multicast
I/F NBMA address
Tunnel2 192.168.221.2 Flags: dynamic (Enabled)
Tunnel3 10.248.51.102 Flags: dynamic (Enabled)
Tunnel7 192.168.222.2 Flags: dynamic (Enabled)
Tunnel8 10.248.108.34 Flags: dynamic (Enabled

sh ip nh det
10.0.2.12/32 via 10.0.2.12
Tunnel2 created 2d03h, expire 00:04:56
Type: dynamic, Flags: registered used nhop
NBMA address: 192.168.221.2
10.0.3.12/32 via 10.0.3.12
Tunnel3 created 2d04h, expire 00:04:59
Type: dynamic, Flags: registered used nhop
NBMA address: 10.248.51.102
192.168.202.48/32 (Under_NET) via 192.168.202.48
Tunnel7 created 22:52:19, expire 00:04:29
Type: dynamic, Flags: registered used nhop
NBMA address: 192.168.222.2
192.168.201.48/32 (Under_NET) via 192.168.201.48
Tunnel8 created 22:49:17, expire 00:04:01
Type: dynamic, Flags: registered used nhop
NBMA address: 10.248.108.34

============================
Spoke:

Loopback0 10.48.100.10 YES manual up up
Loopback1 192.168.250.48 YES NVRAM up up
Tunnel0 unassigned YES manual up down
Tunnel4 10.0.4.48 YES manual up down
Tunnel7 192.168.202.48 YES manual up up
Tunnel8 192.168.201.48 YES manual up up

#sh ip nh multicast
I/F NBMA address
Tunnel7 10.159.0.220 Flags: static (Enabled)
Tunnel8 10.248.50.212 Flags: static (Enabled)

10.0.4.1/32 (Under_NET) via 10.0.4.1
Tunnel4 created 00:36:26, never expire
Type: static, Flags:
NBMA address: 192.168.250.10
Preference: 255
192.168.202.1/32 (Under_NET) via 192.168.202.1
Tunnel7 created 6d05h, never expire
Type: static, Flags:
NBMA address: 10.159.0.220
Preference: 255
192.168.201.1/32 (Under_NET) via 192.168.201.1
Tunnel8 created 6d03h, never expire
Type: static, Flags:
NBMA address: 10.248.50.212
Preference: 255

 

 

 

 

 

 

 

 

 

Labels:
3 Replies 3

MHM Cisco World
VIP
VIP

‎09-02-2021 06:40 AM

I see one point which is, 
loopback as source for Tu4 is in different VRF than the tunnel vrf.
try make it same and see result. 

0 Helpful

DJay
Level 1
Level 1
In response to MHM Cisco World

‎09-05-2021 01:47 AM

Thanks for the info.

After run some debugs found an issue with the lower supporting tunnels - authentication (Tu7&8). Wasn't seeing the neighbours.

Then Tunnel4 came up but also had issue with no EIGRP Neighbours - could see the tunnel in EIGRP Topology on 1 side (Spoke) and not the other (Hub).

 

HUB: As soon as I raised the Tunnel4 Int from Global table to the Under_NET table--Tunnel 4 had Neighbours and can ping across Tu4, 7, 8.

 

But issue now is that I need traffic from Tunnel 4 (Hub) to drop-down/routable to the Global table.

After looking at some online posts there is something called route Leaking I may have to setup.

I was thinking it would be as simple as a static route for VRF Under_NET network to Global Table Loopback. Plus the reverse--Static route in Globle Table to VRF Under_NET Loopback.

 

Any insight if im wasting my time and/or can only be done by Route Leaking wo get traffic between the VRF and Global Table?

Customers Also Viewed These Support Documents