Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1764
Views
0
Helpful
3
Replies

DMVPN Tunnel Stuck in Exstart/BDR

carlos234
Level 1
Level 1

‎10-27-2011 04:12 PM - edited ‎03-04-2019 02:04 PM

Hi all,

This is my first post and any help will be glady appreciated.

I have a network consisting of 13 routers all of which connect via DMVPN.  Two of the routers are hubs, one with an OSPF priority of 255 and the other 253.  All spoke routers form an adjancency (FULL/DR) with the router with a priority of 255.  All routers trying to form an adjacency with the other hub stay stuck in the EXSTART/BDR state and eventually transition to DOWN/DROTHER due to "too many retransmissions."

I have tried using the ip ospf mtu-ignore on both the hub and spoke router.  I have ran debug ip ospf adj on both hub and spoke and I don't see any error signifying mtu mismatch.  I have also tried increasing the retransmit-interval on the spoke.  I've verified that the hello, dead, wait, and retransmit timers are the same.  Below is the config for the hub (priority 253) and a spoke tunnel configuration.  Please help.

SPOKE

ip mtu 1400 

ip nhrp map 172.17.168.2 172.16.192.42

ip nhrp map multicast 172.16.192.42

ip nhrp map172.17.168.3 172.16.192.22

ip nhrp map multicast 172.16.194.22

ip nhrp map172.17.168.1 172.16.198.30

ip nhrp map multicast 172.16.198.30

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 172.17.168.2

ip nhrp nhs 172.17.168.3

ip nhrp nhs 172.17.168.1

ip tcp adjust-mss 1360

ip ospf message-digest-key 1 md5 xxxxxxxx

ip policy route-map clear df

ip ospf network broadcast

ip ospf priority 0

ip ospf mtu-ignore

tunnel source gigabitEthernet0/0

tunnel mode gre multipoint

tunnel protection ipsec profile ddmvpn

HUB

ip mtu 1400 

ip nhrp map multicast dynamic

ip nhrp map 172.17.168.1 172.16.198.30

ip nhrp map multicast 172.16.198.30

ip nhrp map 172.17.168.2 172.16.192.42

ip nhrp map multicast 172.16.192.42

ip nhrp map172.17.168.1 172.16.198.30

ip nhrp map multicast 172.16.198.30

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 172.17.168.1

ip nhrp nhs 172.17.168.2

ip tcp adjust-mss 1360

ip ospf message-digest-key 1 md5 xxxxxxxx

ip ospf network broadcast

ip ospf priority 253

ip ospf mtu-ignore

tunnel source gigabitEthernet0/0

tunnel mode gre multipoint

tunnel protection ipsec profile ddmvpn

Labels:
0 Helpful
3 Replies 3

Eugene Khabarov
Level 7
Level 7

‎10-28-2011 12:40 AM

Can you please add "tunnel path-mtu-discovery" on all of your interfaces.

Another possible reasons for stuck on EXSTART phase is:

  • MTU problem, meaning the routers can only ping a packet of a certain length.

  • Access list is blocking the unicast packet.

  • NAT is running on the router and is translating the unicast packet.

  • Both routers have the same router ID           (mis-configuration).

This is according to

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0d.shtml

___

HTH. Please rate this post if it was helpful. If this solves your problem, please mark this post as "Correct Answer"

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Eugene Khabarov

‎10-28-2011 06:08 AM

could be that your nhrp maps and/or you nhs configs are a bit off.   double check them making sure they are correct.

Also, you can do a debug ip ospf events on both routers and see who is not sending the hellos.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

c.registration
Level 1
Level 1
In response to Marius Gunnerud

‎03-09-2018 06:10 AM

What was the resolution to this issue?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card