11-15-2019 10:44 PM - edited 11-15-2019 11:16 PM
I have a legacy network that has a dual hub setup and 4 spokes that are connected together over a local ISP. The network is a enterprise network with OSPF as the IGP and MPLS running over the top. The issue I'm running into with this existing configuration is the hub requires for connectivity to the spokes having NHRP map multicast and NHS to each spoke connecting over the ISP. Along with that, the spokes were also configured with the hub and other spokes NHRP map multicast and NHS statements. In a normal phase 2 DMVPN, I would expect the spokes to be configured to statically point to the hubs but the hubs to be completely dynamic, not requiring static maps.
With that said, in order to clean up this configuration I removed the static maps on one of the hubs and lost connectivity to the spokes that connect over the ISP. I can see when issuing "show dmvpn" that the spoke's state is UP and also the tunnels have an IPSEC policy in which they have formed SAs. I can also ping the NBMA address of the spokes.
In order to restore connectivity, I had to add them back to the tunnel configuration. This doesn't make much sense based off how I have used DMVPN in the past. I'm just speculating but I'm wondering with requiring the NHRP map multicast if multicast is somehow broke. Does anyone have an idea as why the hub would require a static map to each spoke?
11-16-2019 02:51 AM
i do not believe Hub required Static entries here since we do not know your environment and high-level diagram and configuration it is hard to say what is wrong, by looking at your post.
if you need help, we expect to post your HLD (which include what device and version running on the device) and configuration and some evidence of the problem to understand.
or there is a good example document here which can help you to compare the config.
11-16-2019 02:59 AM
Hello,
hard to say indeed without seeing the configs. You might want to check if all spoke and hub tunnels ate configured with 'ip ospf network broadcast'.
Also, are all hub and spokes in the same area (0) ?
11-16-2019 06:49 AM - edited 11-18-2019 04:11 PM
Hello
@randy227 wrote:
In a normal phase 2 DMVPN, I would expect the spokes to be configured to statically point to the hubs but the hubs to be completely dynamic, not requiring static maps.
You are correct as long as the tunnels are GRE multipoint.
Does anyone have an idea as why the hub would require a static map to each spoke?
Yes when it is a phase 1 DMVPN with static mappings and assigned tunnel source/destination addressing
or
when it is a phase 2 DMVPN and the hub and spokes tunnel are configured with nhrp static mapping with gre multitpoint
Are you using OSPF as the igp?
Would you be able to post your DMVPN confguration
OSPF Phase2 DMVPN mGre example
(note: ospf network type broadcast/non broadcast would also work but you would need to tweak the priorities for DR/BDR election and neigbour commands for unicast
Hub =public ip 192.168.1.1.
interface Tunnel x
Desciption DMVPN hub
ip address 10.1.123.4 255.255.255.0
ip mtu 1400
tunnel source xxx
tunnel mode gre multipoint
ip ospf 1 area 0
ip ospf network point-to-multipoint
ip nhrp network-id 123
ip nhrp map multicast dynamic
Spoke
interface Tunnel x
desciption DMVPN spoke
ip address 10.1.123.2 255.255.255.0
ip mtu 1400
tunnel source xxx
tunnel mode gre multipoint
ip ospf 1 area 0
ip ospf network point-to-multipoint
ip nhrp network-id 13
ip nhrp map multicast dynamic
ip nhrp map 10.1.123.4 192.168.1.1 <-------needs to resolve Hubs tunnel address to routable public address)
ip nhrp map multicast 192.168.1.1<---allow ospf MC traffic towards hub public ip
ip nhrp nhs 10.1.123.4 <-- allows registration of nbma ip to tunnel ip
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide