cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
679
Views
0
Helpful
12
Replies

dmvpn, cannot see hop override in the routing table for PHASE 3

Hi guys,

 

can someone please tell me what i am doing wrong here, trying to create dmvpn phase 3, spokes can trace to eachother directly. only thing is i cannot see override routes in the routing table.

 

 

d2.pngd1.PNG

1 ACCEPTED SOLUTION

Accepted Solutions

Hello @ahmedsid432135621 ,

>> would you consider DMVPN is working in its current config as the spokes can communicate together?

We may consider it working but you are just testing NHRP component of the DMVPN solution.

 

real world DMVPN :  NHRP + appropriate IGP or BGP + IPSec tunnel profile

 

your lab tests only the first one.

 

Hope to help

Giuseppe

 

View solution in original post

12 REPLIES 12
Georg Pauwen
VIP Master

Hello,

 

post the full running configs (sh run) of the hub and one of the spokes...

Giuseppe Larosa
Hall of Fame Master

Hello @ahmedsid432135621 ,

DMVPN phase 3 is heavily based on NHRP redirect that can be performed by CEF without performance penalties.

 

So in DMVPN Phase 3 routing is performed with a totally different strategy then in Phase 2.

 

However, you should provide your configurations as already suggested to get better help

 

Hope to help

Giuseppe

 

R1#show run
Building configuration...

Current configuration : 2152 bytes
!
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
!
ip tcp synwait-time 5
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel1
ip address 192.168.167.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
tunnel source Loopback0
tunnel mode gre multipoint
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
ip address 10.1.3.1 255.255.255.0
negotiation auto
!
!
interface GigabitEthernet4/0
ip address 10.1.2.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet5/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet6/0
no ip address
shutdown
negotiation auto
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.2.0 0.0.0.255 area 0
network 10.1.3.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
control-plane
!
!
!
mgcp profile default
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end

====================================================================================
R6#show run
Building configuration...

Current configuration : 2169 bytes
!
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Tunnel1
ip address 192.168.167.6 255.255.255.0
no ip redirects
ip nhrp map 192.168.167.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 1
ip nhrp nhs 192.168.167.1
ip nhrp shortcut
tunnel source Loopback0
tunnel mode gre multipoint
!
!
interface GigabitEthernet1/0
ip address 10.4.6.6 255.255.255.0
negotiation auto
router ospf 1
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 1
network 10.4.6.0 0.0.0.255 area 1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end

R1#show run
Building configuration...

Current configuration : 2152 bytes
!
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
!
ip tcp synwait-time 5
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel1
ip address 192.168.167.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
tunnel source Loopback0
tunnel mode gre multipoint
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
ip address 10.1.3.1 255.255.255.0
negotiation auto
!

!
interface GigabitEthernet4/0
ip address 10.1.2.1 255.255.255.0
negotiation auto
!

!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.2.0 0.0.0.255 area 0
network 10.1.3.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
control-plane
!
!
!
mgcp profile default
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end

===========================================
R6#show run
Building configuration...

Current configuration : 2169 bytes
!
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Tunnel1
ip address 192.168.167.6 255.255.255.0
no ip redirects
ip nhrp map 192.168.167.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 1
ip nhrp nhs 192.168.167.1
ip nhrp shortcut
tunnel source Loopback0
tunnel mode gre multipoint
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
ip address 10.4.6.6 255.255.255.0
negotiation auto
!
!
router ospf 1
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 1
network 10.4.6.0 0.0.0.255 area 1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end

thanks, here is the config 

Hello @ahmedsid432135621 ,

you are not running any IGP over the DMVPN tunnel:

 

You have router ospf 1 that is executed on the underlay network

 

You could use EIGRP over the DMVPN bur at the moment there is no IGP over the virtual flat network built by NHRP

 

>> interface Tunnel1
ip address 192.168.167.6 255.255.255.0
no ip redirects
ip nhrp map 192.168.167.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 1
ip nhrp nhs 192.168.167.1
ip nhrp shortcut
tunnel source Loopback0
tunnel mode gre multipoint
!

 

router ospf 1
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 1
network 10.4.6.0 0.0.0.255 area 1
!

 

You can add test VLANs / subnets to be advertised using EIGRP  over the DMVPN multipoint GRE this is a safe step to avoid recursive routing error

 

Hope to help

Giuseppe

 

 

 

 

i never thought of that, and must have missed this implication in the books. how is it that dmvpn is functioning without the IGP?

Hello @ahmedsid432135621 ,

NHRP provides the resolution protocol that solves the NBMA external address in the virtual address and that is in place.

But a useful DMVPN would need an IGP to route someting over it

Because DMVPN is a framework to build Hub and Spokes VPN Site to Site with the capabiity to setup SPoke to spoke tunnels when needed.

Interesting traffic to setup the IPSEc tunnels that is used in real world to protect the DMVPN mGRE is triggered by traffic between LAN subnets advertised over the DMVPN.

You can use an EIGRP process or a different OSPF process for the IGP over the DMVPN-

 

Hope to help

Giuseppe

 

 

 

thanks, one last question, would you consider DMVPN is working in its current config as the spokes can communicate together?

Hello,

 

I have not followed the entire discussion, but in any case you need to announce the tunnel network in OSPF:

 

Hub

 

router ospf 1
network 192.168.167.0 0.0.0.255 area 0

 

Spokes

 

router ospf 1
network 192.168.167.0 0.0.0.255 area 1

Hello @Georg Pauwen ,

in my opinion the original poster should use a separate IGP   ( EIGRP or another OSPF process) to avoid recursive routing error.

 

also putting the same subnet in two different areas looks like not correct unless it is a trick

 

Best Regards

Giuseppe

Hello @ahmedsid432135621 ,

>> would you consider DMVPN is working in its current config as the spokes can communicate together?

We may consider it working but you are just testing NHRP component of the DMVPN solution.

 

real world DMVPN :  NHRP + appropriate IGP or BGP + IPSec tunnel profile

 

your lab tests only the first one.

 

Hope to help

Giuseppe