10-24-2018 04:51 AM - edited 10-24-2018 05:00 AM
According to documentations...
...The hub receives the data packet and checks its routing table. Because this data packet is destined for a network behind another spoke, it is forwarded back out the NHRP interface to the next hop toward that spoke. At this point the hub detects that the packet arrived and was sent back out the NHRP interface. This behavior means that the data packet is taking at least two hops within the NHRP network and therefore this path via the hub is not the optimal one-hop path. The hub therefore sends an NHRP redirect message to the spoke...
... 4. H1 follows Steps 2 and 3 and forwards the data packet to Spoke B. NHRP in the output feature path also determines that the inbound (such as Tunnel0) and the outbound (Tunnel0) interface is part of the same DMVPN network and sends an NHRP redirect traffic indication to the tunnel (Spoke A) on which the data packet was received. The NHRP redirect message includes the original IP address and first eight bytes of the data packet...
Current topology...
Spoke1 sometimes does not build a straight tunnel to Spoke2 because the NHRP condition (see above) may not be met, because HUB have 2 next-hop interfaces to Spoke2. If a NHRP-request from Spoke1 arrives to HUB (Tunnel1), then there are two variants of events:
- option 1: If the HUB randomly chooses the same the next-hop Interface to Spoke2 (Tunnel1) (packet arrived and was sent back out the NHRP interface - condition is True), then the Spoke-to-Spoke tunnel is built.
- option 2: if the hub selects another next-hop interface to Spoke2 (Tunnel2) (packet arrived and was sent back out the NHRP interface - condition is False), then the tunnel is not built.
How to make a Spoke-to-Spoke tunnel always built? After all, Spoks in the same DMRPN cloud
HUB:
interface Tunnel1 description *** DMVPN over ISP1 *** ip address 172.16.1.254 255.255.255.0 no ip redirects no ip split-horizon eigrp 10 ip flow monitor flow-monitor input ip flow monitor flow-monitor output ip nhrp authentication sEcReT ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp holdtime 300 ip nhrp redirect ip summary-address eigrp 10 0.0.0.0 0.0.0.0 ip tcp adjust-mss 1432 qos pre-classify tunnel source 192.168.255.1 tunnel mode gre multipoint tunnel key 1 ! interface Tunnel2 description *** DMVPN over ISP2 *** ip address 172.16.2.254 255.255.255.0 no ip redirects no ip split-horizon eigrp 10 ip flow monitor flow-monitor input ip flow monitor flow-monitor output ip nhrp authentication sEcReT ip nhrp map multicast dynamic ip nhrp network-id 2 ip nhrp holdtime 300 ip nhrp redirect ip summary-address eigrp 10 0.0.0.0 0.0.0.0 ip tcp adjust-mss 1432 qos pre-classify tunnel source 192.168.255.2 tunnel mode gre multipoint tunnel key 2
Spoke1:
interface Tunnel1 description *** ISP1 *** bandwidth 20480 ip address 172.16.1.7 255.255.255.0 no ip redirects ip flow ingress ip flow egress ip nhrp authentication sEcReT ip nhrp group speed-20M ip nhrp map 172.16.1.254 192.168.255.1 ip nhrp map multicast 192.168.255.1 ip nhrp network-id 1 ip nhrp holdtime 300 ip nhrp attribute set group speed-20M ip nhrp nhs 172.16.1.254 ip nhrp shortcut ip summary-address eigrp 10 192.168.8.0 255.255.255.0 ip tcp adjust-mss 1432 qos pre-classify tunnel source 192.168.255.62 tunnel mode gre multipoint tunnel key 1
Spoke2:
interface Tunnel1 description *** ISP1 *** bandwidth 20480 ip address 172.16.1.18 255.255.255.0 no ip redirects ip flow ingress ip flow egress ip nhrp authentication sEcReT ip nhrp group speed-20M ip nhrp map 172.16.1.254 192.168.255.1 ip nhrp map multicast 192.168.255.1 ip nhrp network-id 1 ip nhrp holdtime 300 ip nhrp attribute set group speed-20M ip nhrp nhs 172.16.1.254 ip nhrp shortcut ip summary-address eigrp 10 192.168.19.0 255.255.255.0 ip tcp adjust-mss 1432 qos pre-classify tunnel source 10.255.249.1 tunnel mode gre multipoint tunnel key 1 ! interface Tunnel2 description *** ISP2 *** bandwidth 20480 ip address 172.16.2.18 255.255.255.0 no ip redirects ip flow ingress ip flow egress ip nhrp authentication sEcReT ip nhrp group speed-20M ip nhrp map 172.16.2.254 192.168.255.2 ip nhrp map multicast 192.168.255.2 ip nhrp network-id 2 ip nhrp holdtime 300 ip nhrp attribute set group speed-20M ip nhrp nhs 172.16.2.254 ip nhrp shortcut ip summary-address eigrp 10 192.168.19.0 255.255.255.0 ip tcp adjust-mss 1432 qos pre-classify tunnel source 10.255.251.194 tunnel mode gre multipoint tunnel key 2
10-24-2018 06:57 AM
In DMVPN, Spoke to spoke tunnels come up on as needed.
You have to adjust routing on HUB so that for Spoke 1 LAN subnet and Spoke 2 LAN subnet must be reachable through tunnel 1.
10-25-2018 12:06 AM
Thank you,
But I need solutions without adjusting routing on HUB, because the Spoke 2 need to have two load-balanced channels for in/out traffic. Are there any such solutions? Maybe in NHRP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide