DMVPN No Socket

Ricky S · ‎02-27-2013

Hey everyone, of late I have been noticing a situation at one of my remote branch offices' DMVPN router. This router randomly drops connection to my office. I have a Cisco VOIP phone on my desk with the Call Manager located at that remote office. This phone goes offline whenever the two offices loose connection. Whenever it does, I SSH into the remote branch office router and notice it's got an X beside the D (output below).

D stands for dynamic (which is good) but X stands for No Socket...as per the below legend

Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete

N - NATed, L - Local, X - No Socket

# Ent --> Number of NHRP entries with same NBMA peer

NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting

UpDn Time --> Up or Down Time for a Tunnel

Show DMVPN

Interface: Tunnel0, IPv4 NHRP Details

Type:Spoke, NHRP Peers:46,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb

----- --------------- --------------- ----- -------- -----

6 nnn.nnn.nnn 10.10.200.1 UP 12:31:12 S

1 nnn.nnn.nnn 10.10.200.2 UP 10:30:43 DX

1 nnn.nnn.nnn 10.10.200.4 UP 03:14:15 DX

It then starts to route traffic to my office via the DMVPN headend (as expected) however since my DMVPN router still holds a dynamic tunnel to the remote office, the communication is intrupted until the timer runs out.

Any ideas? Please advise.

Thanks

Ricky

Peter Paluch · ‎03-07-2013

Hi Ricky,

Can you issue show dmvpn detail when this occurs and post the result? The socket, from the little I could see in the documentation, appears to refer to an IPsec connection. Perhaps there are some issues related to the IPsec protection of your DMVPN tunnels.

Best regards,

Peter

nyami.david · ‎06-13-2019

Hi I am having the same problem. here is the output of the "show dmvpn detail" [on the tunnel that's down".

Interface: Tunnelxxx
Session: [0x14566F74]
Crypto Session Status: DOWN
fvrf: INET, IPSEC FLOW: permit 47 host x.x.x.x host x.x.x.x
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Outbound SPI : 0x 0, transform :
Socket State: Closed

Pending DMVPN Sessions:

regards

David

Murray Bown · ‎02-06-2020

David, did you ever get this resolved?

Murray Bown · ‎02-06-2020

Hi Peter,

I know this post is very old but you may be able to help. Below is the output from a show dmvpn and show dmvpn detail.

sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable, I2 - Temporary
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
2 194.73.xxx.xxx 172.19.255.1 UP 04:00:44 S
172.19.255.88 UP 00:01:13 I2
1 217.128.xxx.xxx 172.19.255.3 UP 03:16:39 DX

sh dm detail
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable, I2 - Temporary
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface Tunnel0 is up/up, Addr. is 172.19.255.16, VRF ""
Tunnel Src./Dest. addr: 192.168.1.254/MGRE, Tunnel VRF ""
Protocol/Transport: "multi-GRE/IP", Protect "protect-DMVPN-gre"
Interface State Control: Disabled
nhrp event-publisher : Disabled

IPv4 NHS:
172.19.255.1 RE priority = 0 cluster = 0
Type:Spoke, Total NBMA Peers (v4/v6): 2

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb Target Network
----- --------------- --------------- ----- -------- ----- -----------------
2 194.73.XXX.XXX 172.19.255.1 UP 04:04:47 S 172.19.255.1/32
194.73.XXX.XXX 172.19.255.88 UP 00:02:01 I2 172.19.255.88/32
1 217.128.XXX.XXX 172.19.255.3 UP 03:20:42 DX 172.19.255.3/32

Crypto Session Details:
--------------------------------------------------------------------------------

Interface: Tunnel0
Session: [0x2C93BCB0]
Crypto Session Status: UP-NO-IKE
fvrf: (none), IPSEC FLOW: permit 47 host 192.168.1.254 host 194.73.XXX.XXX
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 2103538 drop 0 life (KB/Sec) 2311744/7 hours, 55 mins
Outbound: #pkts enc'ed 1484469 drop 0 life (KB/Sec) 3751056/7 hours, 55 mins
Outbound SPI : 0x7AEA717E, transform : esp-aes esp-sha256-hmac
Socket State: Open

Interface: Tunnel0
Session: [0x2C93BDA8]
Session ID: 0
IKEv1 SA: local 192.168.1.254/500 remote 217.128.XXX.XXX/500 Inactive
Capabilities:(none) connid:0 lifetime:0
Session ID: 0
IKEv1 SA: local 192.168.1.254/500 remote 217.128.XXX.XXX/500 Inactive
Capabilities:(none) connid:0 lifetime:0
Crypto Session Status: DOWN-NEGOTIATING
fvrf: (none), IPSEC FLOW: permit 47 host 192.168.1.254 host 217.128.XXX.XXX
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Outbound SPI : 0x 0, transform :
Socket State: Closed

Pending DMVPN Sessions:

Interface: Tunnel0
Session ID: 0
IKEv1 SA: local 192.168.1.254/500 remote 195.103.XXX.XXX/500 Inactive
Capabilities:(none) connid:0 lifetime:0
Session ID: 0
IKEv1 SA: local 192.168.1.254/500 remote 195.103.XXX.XXX/500 Inactive
Capabilities:(none) connid:0 lifetime:0
Crypto Session Status: DOWN-NEGOTIATING
fvrf: (none), IPSEC FLOW: permit 47 host 192.168.1.254 host 195.103.XXX.XXX
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Outbound SPI : 0x 0, transform :
Socket State: Closed