Solved: Re: DMVPN Dual Hub - Dual Cloud - Phase 3 - OSPF, Spoke-to-Spoke not working!

George3 · ‎10-14-2017

Please help verifying my configuration, everything is working fine except for Spoke-to-Spoke. When Hub1 is down the traffic is going through Hub2 and vice versa, but wen both Hub1 and Hub2 are down Spoke1 can't see Spoke2.

Attached the config.

George3 · ‎10-16-2017

This answered my question

If you are using dynamic routing protocol inside the tunnels, you will loose your routes once the Hub failed so there is nothing you can do, spoke-2-spoke communication is lost.

If you are using static routing and If the spoke already has a NHRP entry before the hub failed, it will use it. But if the remote spoke public address changed in the meantime, it will not work as there is no HUB to answer to the NHRP resolution request.

View solution in original post

Flavio Miranda · ‎10-14-2017

Hello,

Can you share the topology again. I can´t see on the previous post.

-If I helped you somehow, please, rate it as useful.-

George3 · ‎10-14-2017

config is in the attached .txt files.

BannerMOTD · ‎10-14-2017

It sounds like when Hub1 and Hub2 go down, then spoke1 and spoke2 cannot communicate because the tunnel between both spokes use the tunnel configured on both hubs.

Rob Ingram · ‎10-15-2017

but wen both Hub1 and Hub2 are down Spoke1 can't see Spoke2.

The spoke to spoke tunnels are dynamic, the spokes rely on the Hubs in order to inform them of the IP address of the other spoke in order to build a dynamic spoke-to-spoke tunnel. Prior to a dynamic spoke-to-spoke tunnel being built, the first packet would always go to the hub before being routed to the other spoke, the tunnel is built and all susequent packets go direct to the spoke. This is why the Hub is so important.

So when both hubs are down, yes it would be expected that the spokes cannot form a tunnel. The Hubs should be made highly available, perhaps build additional Hubs.

George3 · ‎10-16-2017

You are correct, when I do show dmvpn on both spokes each has a static tunnel to Hub1 and Hub2. When I do traceroute on Spoke 1 to Spoke 2 it goes through Hub1, when I repeat the traceroute it goes directly to Spoke 2. After the traceroute I checked the dmvpn on both Spokes and they both had a new dynamic tunnel to each other. Once I shutdown the uplink on Hub1 and Hub2 the static and the dynamic tunnels disappear and Spokes can't see each other anymore!

George3 · ‎10-16-2017

This answered my question

If you are using dynamic routing protocol inside the tunnels, you will loose your routes once the Hub failed so there is nothing you can do, spoke-2-spoke communication is lost.

If you are using static routing and If the spoke already has a NHRP entry before the hub failed, it will use it. But if the remote spoke public address changed in the meantime, it will not work as there is no HUB to answer to the NHRP resolution request.