09-26-2019 09:25 PM
Hi there,
Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working.
Attached are the configs and lab topology.
Thanks.
Solved! Go to Solution.
09-26-2019 11:02 PM - edited 09-26-2019 11:14 PM
Hello Taha,
>> Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working.
First of all, the routing protocol used in the DMVPN over the MGRE tunnel is EIGRP , BGP may be used on ISP routers
I see the following on RC1, RC2:
router eigrp 1
network 10.1.1.0 0.0.0.255
network 192.0.0.0 0.255.255.255
!
RC1 I guess is the hub
! RC1 MGRE configuration
interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!
! RC2 MGRE tunnel configuration
interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!
The following considerations apply to your lab:
a) routing aspects
The protocol used over the virtual flat subnet is EIGRP 1.
The HUB router requires special configuration at interface level to correctly support DMVPN and to allow spoke to spoke dynamic tunnel
a.1 : Being EIGRP with distance vector roots in order to make the HUB to re-advertise out the MGRE tunnel interface routes learned by Spoke1 to Spoke2 and so on you need to disable split horizon on HUB RC1
! on RC1
int tunnel 10
no ip eigrp 1 split-horizon
a.2: For dynamic spoke to spoke tunnels to form there are two options depending on what version of DMVPN you are using: for DMVPN Phase 2 the first to support this feature, the hub router needed to be instructed to keep the original next-hop when re-advertising routes from a spoke to all other ones:
a.2 DMVPN Phase 2:
! on HUB RC1
int tunnel 10
no ip eigrp 1 next-hop self
a.2 DMVPN Phase 3: in Phase 3 NHRP has been enhanced and there is no need to keep the original next-hop however you need to enable NHRP redirect messages to be sent by the HUB
! on HUB RC1
int tunnel 10
ip nhrp redirect
b) MTU issues ******************
Your configuration does not take in account the overhead caused by IPSEC and GRE tunnels. To avoid fragmentation of packets over the the underlying network infrastructure you need to use a reduced MTU
! on ALL devices taking part in DMVPN RC1, RC2, RC3, RC4
interface tunnel 10
mtu 1400
Note:
I couldn't check all the commands I have proposed above. However, yo should be able to find out the correct syntax of each of them. For DMVPN Phase 2 you need to disable EIGRP split horizon and you need to disable the use of HUB own next-hop under the MGRE tunnel interface.
Hope to help
Giuseppe
09-27-2019 04:57 AM
Hello,
OSPF is link state like IS-IS and requires a different configuration to be used in DMVPN.
RIP as EIGRP requires to disable split horizon on the HUB MGRE tunnel interface.
For RIP the command is simply:
no ip split-horizon
Hope to help
Giuseppe
09-26-2019 11:02 PM - edited 09-26-2019 11:14 PM
Hello Taha,
>> Trying to get this DMVPN + BGP lab going but for some reason I have hub-to-spoke connectivity running but spoke-to-spoke connectivity is not working.
First of all, the routing protocol used in the DMVPN over the MGRE tunnel is EIGRP , BGP may be used on ISP routers
I see the following on RC1, RC2:
router eigrp 1
network 10.1.1.0 0.0.0.255
network 192.0.0.0 0.255.255.255
!
RC1 I guess is the hub
! RC1 MGRE configuration
interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!
! RC2 MGRE tunnel configuration
interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile MGRE
!
The following considerations apply to your lab:
a) routing aspects
The protocol used over the virtual flat subnet is EIGRP 1.
The HUB router requires special configuration at interface level to correctly support DMVPN and to allow spoke to spoke dynamic tunnel
a.1 : Being EIGRP with distance vector roots in order to make the HUB to re-advertise out the MGRE tunnel interface routes learned by Spoke1 to Spoke2 and so on you need to disable split horizon on HUB RC1
! on RC1
int tunnel 10
no ip eigrp 1 split-horizon
a.2: For dynamic spoke to spoke tunnels to form there are two options depending on what version of DMVPN you are using: for DMVPN Phase 2 the first to support this feature, the hub router needed to be instructed to keep the original next-hop when re-advertising routes from a spoke to all other ones:
a.2 DMVPN Phase 2:
! on HUB RC1
int tunnel 10
no ip eigrp 1 next-hop self
a.2 DMVPN Phase 3: in Phase 3 NHRP has been enhanced and there is no need to keep the original next-hop however you need to enable NHRP redirect messages to be sent by the HUB
! on HUB RC1
int tunnel 10
ip nhrp redirect
b) MTU issues ******************
Your configuration does not take in account the overhead caused by IPSEC and GRE tunnels. To avoid fragmentation of packets over the the underlying network infrastructure you need to use a reduced MTU
! on ALL devices taking part in DMVPN RC1, RC2, RC3, RC4
interface tunnel 10
mtu 1400
Note:
I couldn't check all the commands I have proposed above. However, yo should be able to find out the correct syntax of each of them. For DMVPN Phase 2 you need to disable EIGRP split horizon and you need to disable the use of HUB own next-hop under the MGRE tunnel interface.
Hope to help
Giuseppe
09-27-2019 04:52 AM
09-27-2019 04:57 AM
Hello,
OSPF is link state like IS-IS and requires a different configuration to be used in DMVPN.
RIP as EIGRP requires to disable split horizon on the HUB MGRE tunnel interface.
For RIP the command is simply:
no ip split-horizon
Hope to help
Giuseppe
09-27-2019 12:12 AM
Hi,
As I looking your configuration found that Phase3 is not enabled and EIGRP Split Horizon is also making an issue for you.
Make a few changes as
RC1:
interface Tunnel10
ip address 192.168.10.1 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map multicast dynamic
ip nhrp network-id 10
tunnel source Ethernet0/1
tunnel mode gre multipointno ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp redirect
tunnel protection ipsec profile MGRE
CR2:
interface Tunnel10
ip address 192.168.10.2 255.255.255.0
no ip redirects
ip nhrp authentication PASS
ip nhrp map 192.168.10.1 8.8.3.2
ip nhrp map multicast 8.8.3.2
ip nhrp network-id 10
ip nhrp nhs 192.168.10.1
tunnel source Ethernet0/1
tunnel mode gre multipoint
ip nhrp shortcut
tunnel protection ipsec profile MGRE
And update the status with Routing table, NHRP table output from all routers.
09-27-2019 05:54 AM
02-16-2020 04:49 PM
If you are using EIGRP in your network.
Hub Config
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp redirect
ip tcp adjust-mss 1360
ip nhrp holdtime 300
SPKOE config if you are using ISR G2
ip mtu 1400
ip nhrp holdtime 300
ip nhrp registration no-unique
ip nhrp shortcut
ip tcp adjust-mss 1360
load-interval 30
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide