Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2608
Views
0
Helpful
3
Replies

DMVPN Phase 2 tunnel requires static map to spokes from hub

randy227
Level 1
Level 1

‎11-15-2019 10:44 PM - edited ‎11-15-2019 11:16 PM

I have a legacy network that has  a dual hub setup and 4 spokes that are connected together over a local ISP.  The network is a enterprise network with OSPF as the IGP and MPLS running over the top.  The issue I'm running into with this existing configuration is the hub requires for connectivity to the spokes having NHRP map multicast and NHS to each spoke connecting over the ISP.  Along with that, the spokes were also configured with the hub and other spokes NHRP map multicast and NHS statements.  In a normal phase 2 DMVPN, I would expect the spokes to be configured to statically point to the hubs but the hubs to be completely dynamic, not requiring static maps.

 

With that said, in order to clean up this configuration I removed the static maps on one of the hubs and lost connectivity to the spokes that connect over the ISP. I can see when issuing "show dmvpn" that the spoke's state is UP and also the tunnels have an IPSEC policy in which they have formed SAs.  I can also ping the NBMA address of the spokes.

 

In order to restore connectivity, I had to add them back to the tunnel configuration.  This doesn't make much sense based off how I have used DMVPN in the past. I'm just speculating but I'm wondering with requiring the NHRP map multicast if multicast is somehow broke.  Does anyone have an idea as why the hub would require a static map to each spoke?

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎11-16-2019 02:51 AM

i do not believe Hub required Static entries here since we do not know your environment and high-level diagram and configuration it is hard to say what is wrong, by looking at your post.

 

if you need help, we expect to post your HLD (which include what device and version running on the device)  and configuration and some evidence of the problem to understand.

 

or there is a good example document here which can help you to compare the config.

 

https://blog.ine.com/2008/08/02/dmvpn-explained

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP

‎11-16-2019 02:59 AM

Hello,

 

hard to say indeed without seeing the configs. You might want to check if all spoke and hub tunnels ate configured with 'ip ospf network broadcast'.

 

Also, are all hub and spokes in the same area (0) ?

0 Helpful

paul driver
VIP
VIP

‎11-16-2019 06:49 AM - edited ‎11-18-2019 04:11 PM

Hello

@randy227 wrote:

 In a normal phase 2 DMVPN, I would expect the spokes to be configured to statically point to the hubs but the hubs to be completely dynamic, not requiring static maps.

 

You are correct as long as the tunnels are GRE multipoint.


 Does anyone have an idea as why the hub would require a static map to each spoke?

Yes when it is a phase 1 DMVPN with static mappings and assigned tunnel source/destination addressing
or

when it is a phase 2 DMVPN and the hub and spokes tunnel are configured with nhrp static mapping with gre multitpoint


Are you using OSPF as the igp?
Would you be able to post your DMVPN confguration

 
OSPF Phase2 DMVPN mGre  example
(note: ospf network type broadcast/non broadcast would also work but you would need to tweak the priorities for DR/BDR election and neigbour commands for unicast

Hub =public ip 192.168.1.1.

interface Tunnel x
Desciption DMVPN hub
ip address 10.1.123.4 255.255.255.0
ip mtu 1400
tunnel source xxx
tunnel mode gre multipoint
ip ospf 1 area 0
ip ospf network point-to-multipoint
ip nhrp network-id 123
ip nhrp map multicast dynamic



Spoke
interface Tunnel x
desciption DMVPN spoke
ip address 10.1.123.2 255.255.255.0
ip mtu 1400
tunnel source xxx
tunnel mode gre multipoint 
ip ospf 1 area 0
ip ospf network point-to-multipoint
ip nhrp network-id 13
ip nhrp map multicast dynamic
ip nhrp map 10.1.123.4 192.168.1.1 <-------needs to resolve Hubs tunnel address to routable public address)
ip nhrp map multicast 192.168.1.1<---allow ospf MC traffic towards hub public ip
ip nhrp nhs 10.1.123.4 <-- allows registration of nbma ip to tunnel ip


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card