cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
367
Views
0
Helpful
5
Replies
Beginner

DMVPN Troubleshooting

Hi there,

 

Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working. 

Attached are the configs and lab topology.

Thanks.Lab1-Topology.JPG

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Hall of Fame Expert

Re: DMVPN Troubleshooting

Hello Taha,

 

>> Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working. 

 

First of all, the routing protocol used in the DMVPN over the MGRE tunnel is EIGRP , BGP may be used on ISP routers

 

I see the following on RC1, RC2:

 

router eigrp 1
network 10.1.1.0 0.0.0.255
network 192.0.0.0 0.255.255.255
!

 

RC1 I guess is the hub

! RC1 MGRE configuration

 

interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

! RC2 MGRE tunnel configuration

interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

The following considerations apply to your lab:

 

a) routing aspects

 

The protocol used over the virtual flat subnet is EIGRP 1.

The HUB router requires special configuration at interface level to correctly support DMVPN and to allow spoke to spoke dynamic tunnel

 a.1  :    Being EIGRP with distance vector roots in order to make the HUB to re-advertise out the MGRE tunnel interface routes learned by Spoke1 to Spoke2 and so on you need to disable split horizon on HUB RC1

! on RC1

int tunnel 10

no ip eigrp 1 split-horizon

 

a.2:  For dynamic spoke to spoke tunnels to form there are two options depending on what version of DMVPN you are using: for DMVPN Phase 2 the first to support this feature, the hub router needed to be instructed to keep the original next-hop when re-advertising routes from a spoke to all other ones:

a.2 DMVPN Phase 2:

! on HUB RC1

int tunnel 10

no ip eigrp 1 next-hop self

 

a.2 DMVPN Phase 3: in Phase 3 NHRP has been enhanced and there is no need to keep the original next-hop however you need to enable NHRP redirect messages to be sent by the HUB

 

! on HUB RC1

int tunnel 10

ip nhrp redirect

 

 

b)   MTU issues ******************

 

Your configuration does not take in account the overhead caused by IPSEC and GRE tunnels. To avoid fragmentation of packets over the the underlying network infrastructure you need to use a reduced MTU

! on ALL devices taking part in DMVPN RC1, RC2, RC3, RC4

interface tunnel 10

 mtu 1400

 

Note:

I couldn't check all the commands I have proposed above. However, yo should be able to find out the correct syntax of each of them. For DMVPN Phase 2 you need to disable EIGRP split horizon and you need to disable the use of HUB own next-hop under the MGRE tunnel interface.

 

 

Hope to help

Giuseppe

 

 

 

 

Hall of Fame Expert

Re: DMVPN Troubleshooting

Hello,

OSPF is link state like IS-IS and requires a different configuration to be used in DMVPN.

RIP as EIGRP requires to disable split horizon on the HUB MGRE tunnel interface.

For RIP the command is simply:

no ip split-horizon

 

Hope to help

Giuseppe

 

5 REPLIES 5
Highlighted
Hall of Fame Expert

Re: DMVPN Troubleshooting

Hello Taha,

 

>> Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working. 

 

First of all, the routing protocol used in the DMVPN over the MGRE tunnel is EIGRP , BGP may be used on ISP routers

 

I see the following on RC1, RC2:

 

router eigrp 1
network 10.1.1.0 0.0.0.255
network 192.0.0.0 0.255.255.255
!

 

RC1 I guess is the hub

! RC1 MGRE configuration

 

interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

! RC2 MGRE tunnel configuration

interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

The following considerations apply to your lab:

 

a) routing aspects

 

The protocol used over the virtual flat subnet is EIGRP 1.

The HUB router requires special configuration at interface level to correctly support DMVPN and to allow spoke to spoke dynamic tunnel

 a.1  :    Being EIGRP with distance vector roots in order to make the HUB to re-advertise out the MGRE tunnel interface routes learned by Spoke1 to Spoke2 and so on you need to disable split horizon on HUB RC1

! on RC1

int tunnel 10

no ip eigrp 1 split-horizon

 

a.2:  For dynamic spoke to spoke tunnels to form there are two options depending on what version of DMVPN you are using: for DMVPN Phase 2 the first to support this feature, the hub router needed to be instructed to keep the original next-hop when re-advertising routes from a spoke to all other ones:

a.2 DMVPN Phase 2:

! on HUB RC1

int tunnel 10

no ip eigrp 1 next-hop self

 

a.2 DMVPN Phase 3: in Phase 3 NHRP has been enhanced and there is no need to keep the original next-hop however you need to enable NHRP redirect messages to be sent by the HUB

 

! on HUB RC1

int tunnel 10

ip nhrp redirect

 

 

b)   MTU issues ******************

 

Your configuration does not take in account the overhead caused by IPSEC and GRE tunnels. To avoid fragmentation of packets over the the underlying network infrastructure you need to use a reduced MTU

! on ALL devices taking part in DMVPN RC1, RC2, RC3, RC4

interface tunnel 10

 mtu 1400

 

Note:

I couldn't check all the commands I have proposed above. However, yo should be able to find out the correct syntax of each of them. For DMVPN Phase 2 you need to disable EIGRP split horizon and you need to disable the use of HUB own next-hop under the MGRE tunnel interface.

 

 

Hope to help

Giuseppe

 

 

 

 

Beginner

Re: DMVPN Troubleshooting

Perfect! Spoke-to-Spoke connectivity worked with just the first command you told was missing:
no ip split-horizon eigrp 1 ( Quick question: Do we need to use this with eigrp or any distance vector protocol like ospf rip?)
Hall of Fame Expert

Re: DMVPN Troubleshooting

Hello,

OSPF is link state like IS-IS and requires a different configuration to be used in DMVPN.

RIP as EIGRP requires to disable split horizon on the HUB MGRE tunnel interface.

For RIP the command is simply:

no ip split-horizon

 

Hope to help

Giuseppe

 

VIP Advocate

Re: DMVPN Troubleshooting

Hi,

As I looking your configuration found that Phase3 is not enabled and EIGRP Split Horizon is also making an issue for you.

Make a few changes as

RC1:

interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipointno ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp redirect
tunnel protection ipsec profile MGRE

 

CR2:

interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint

ip nhrp shortcut
tunnel protection ipsec profile MGRE

 

And update the status with Routing table, NHRP table output from all routers.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Beginner

Re: DMVPN Troubleshooting

Thanks Deepak.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards