cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3106
Views
0
Helpful
6
Replies

DMVPN Troubleshooting

TH09
Level 1
Level 1

Hi there,

 

Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working. 

Attached are the configs and lab topology.

Thanks.Lab1-Topology.JPG

2 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Taha,

 

>> Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working. 

 

First of all, the routing protocol used in the DMVPN over the MGRE tunnel is EIGRP , BGP may be used on ISP routers

 

I see the following on RC1, RC2:

 

router eigrp 1
network 10.1.1.0 0.0.0.255
network 192.0.0.0 0.255.255.255
!

 

RC1 I guess is the hub

! RC1 MGRE configuration

 

interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

! RC2 MGRE tunnel configuration

interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

The following considerations apply to your lab:

 

a) routing aspects

 

The protocol used over the virtual flat subnet is EIGRP 1.

The HUB router requires special configuration at interface level to correctly support DMVPN and to allow spoke to spoke dynamic tunnel

 a.1  :    Being EIGRP with distance vector roots in order to make the HUB to re-advertise out the MGRE tunnel interface routes learned by Spoke1 to Spoke2 and so on you need to disable split horizon on HUB RC1

! on RC1

int tunnel 10

no ip eigrp 1 split-horizon

 

a.2:  For dynamic spoke to spoke tunnels to form there are two options depending on what version of DMVPN you are using: for DMVPN Phase 2 the first to support this feature, the hub router needed to be instructed to keep the original next-hop when re-advertising routes from a spoke to all other ones:

a.2 DMVPN Phase 2:

! on HUB RC1

int tunnel 10

no ip eigrp 1 next-hop self

 

a.2 DMVPN Phase 3: in Phase 3 NHRP has been enhanced and there is no need to keep the original next-hop however you need to enable NHRP redirect messages to be sent by the HUB

 

! on HUB RC1

int tunnel 10

ip nhrp redirect

 

 

b)   MTU issues ******************

 

Your configuration does not take in account the overhead caused by IPSEC and GRE tunnels. To avoid fragmentation of packets over the the underlying network infrastructure you need to use a reduced MTU

! on ALL devices taking part in DMVPN RC1, RC2, RC3, RC4

interface tunnel 10

 mtu 1400

 

Note:

I couldn't check all the commands I have proposed above. However, yo should be able to find out the correct syntax of each of them. For DMVPN Phase 2 you need to disable EIGRP split horizon and you need to disable the use of HUB own next-hop under the MGRE tunnel interface.

 

 

Hope to help

Giuseppe

 

 

 

 

View solution in original post

Hello,

OSPF is link state like IS-IS and requires a different configuration to be used in DMVPN.

RIP as EIGRP requires to disable split horizon on the HUB MGRE tunnel interface.

For RIP the command is simply:

no ip split-horizon

 

Hope to help

Giuseppe

 

View solution in original post

6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Taha,

 

>> Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working. 

 

First of all, the routing protocol used in the DMVPN over the MGRE tunnel is EIGRP , BGP may be used on ISP routers

 

I see the following on RC1, RC2:

 

router eigrp 1
network 10.1.1.0 0.0.0.255
network 192.0.0.0 0.255.255.255
!

 

RC1 I guess is the hub

! RC1 MGRE configuration

 

interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

! RC2 MGRE tunnel configuration

interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!

 

The following considerations apply to your lab:

 

a) routing aspects

 

The protocol used over the virtual flat subnet is EIGRP 1.

The HUB router requires special configuration at interface level to correctly support DMVPN and to allow spoke to spoke dynamic tunnel

 a.1  :    Being EIGRP with distance vector roots in order to make the HUB to re-advertise out the MGRE tunnel interface routes learned by Spoke1 to Spoke2 and so on you need to disable split horizon on HUB RC1

! on RC1

int tunnel 10

no ip eigrp 1 split-horizon

 

a.2:  For dynamic spoke to spoke tunnels to form there are two options depending on what version of DMVPN you are using: for DMVPN Phase 2 the first to support this feature, the hub router needed to be instructed to keep the original next-hop when re-advertising routes from a spoke to all other ones:

a.2 DMVPN Phase 2:

! on HUB RC1

int tunnel 10

no ip eigrp 1 next-hop self

 

a.2 DMVPN Phase 3: in Phase 3 NHRP has been enhanced and there is no need to keep the original next-hop however you need to enable NHRP redirect messages to be sent by the HUB

 

! on HUB RC1

int tunnel 10

ip nhrp redirect

 

 

b)   MTU issues ******************

 

Your configuration does not take in account the overhead caused by IPSEC and GRE tunnels. To avoid fragmentation of packets over the the underlying network infrastructure you need to use a reduced MTU

! on ALL devices taking part in DMVPN RC1, RC2, RC3, RC4

interface tunnel 10

 mtu 1400

 

Note:

I couldn't check all the commands I have proposed above. However, yo should be able to find out the correct syntax of each of them. For DMVPN Phase 2 you need to disable EIGRP split horizon and you need to disable the use of HUB own next-hop under the MGRE tunnel interface.

 

 

Hope to help

Giuseppe

 

 

 

 

Perfect! Spoke-to-Spoke connectivity worked with just the first command you told was missing:
no ip split-horizon eigrp 1 ( Quick question: Do we need to use this with eigrp or any distance vector protocol like ospf rip?)

Hello,

OSPF is link state like IS-IS and requires a different configuration to be used in DMVPN.

RIP as EIGRP requires to disable split horizon on the HUB MGRE tunnel interface.

For RIP the command is simply:

no ip split-horizon

 

Hope to help

Giuseppe

 

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

As I looking your configuration found that Phase3 is not enabled and EIGRP Split Horizon is also making an issue for you.

Make a few changes as

RC1:

interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipointno ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp redirect
tunnel protection ipsec profile MGRE

 

CR2:

interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint

ip nhrp shortcut
tunnel protection ipsec profile MGRE

 

And update the status with Routing table, NHRP table output from all routers.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Thanks Deepak.

shallugarg6343
Level 1
Level 1

If you are using EIGRP in your network.

 

Hub Config

ip mtu 1400

no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1

ip nhrp redirect

ip tcp adjust-mss 1360

ip nhrp holdtime 300

 

SPKOE config if you are using ISR G2

ip mtu 1400

ip nhrp holdtime 300

ip nhrp registration no-unique
ip nhrp shortcut

ip tcp adjust-mss 1360

load-interval 30

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco