cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
325
Views
25
Helpful
5
Replies
MikeAW2010
Beginner

EIGRP / DMVPN - EIGRP fails to establish neighborship - CCNP lab

So I am having problems getting EIGRP to establish neighborship for a CCNP based lab. I have the WAN side configured for eBGP and also have a static default route pointing at the cloud (which is actually a router running eBGP.) but EIGRP fails to establish neighborship. I pasted all the configs, can anyone tell me what I'm doing wrong? I kind of feel that the Cloud (since its a router) needs to tunnel network added to the BGP table but what doesn't make sense is how does DMVPN work in the real world with real ISP's without advertising someone's corporate VPN Tunnel network?

 

eBGP-Pings.png

CLOUD (Router running eBGP)

Building configuration...

Current configuration : 1673 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cloud
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 172.16.11.2 255.255.255.252
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 ip address 172.16.31.2 255.255.255.252
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Ethernet2/0
 ip address 172.16.41.2 255.255.255.252
!
interface Ethernet2/1
 no ip address
 shutdown
!
interface Ethernet2/2
 no ip address
 shutdown
!
interface Ethernet2/3
 no ip address
 shutdown
!
router bgp 100
 bgp log-neighbor-changes
 network 172.16.11.0 mask 255.255.255.252
 network 172.16.31.0 mask 255.255.255.252
 network 172.16.41.0 mask 255.255.255.252
 neighbor 172.16.11.1 remote-as 11
 neighbor 172.16.31.1 remote-as 31
 neighbor 172.16.41.1 remote-as 41
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

R11

Building configuration...

Current configuration : 1397 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R11
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.0
!
interface Tunnel100
 bandwidth 4000
 ip address 192.168.100.11 255.255.255.0
 no ip redirects
 ip mtu 1400
 no ip split-horizon eigrp 100
 ip nhrp map multicast dynamic
 ip tcp adjust-mss 1360
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel key 100
!
interface Ethernet0/0
 ip address 172.16.11.1 255.255.255.252
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
!
router eigrp 100
 network 10.0.0.0
 network 192.168.100.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.11.2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

 

R31

 

Building configuration...

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R31
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.3.3.1 255.255.255.0
!
interface Tunnel100
 bandwidth 4000
 ip address 192.168.100.31 255.255.255.0
 ip mtu 1400
 ip nhrp map multicast 172.16.11.1
 ip nhrp map 192.168.100.11 172.16.11.1
 ip nhrp network-id 100
 ip nhrp nhs 192.168.100.31
 ip tcp adjust-mss 1360
 tunnel source Ethernet0/0
 tunnel destination 172.16.11.1
 tunnel key 100
!
interface Ethernet0/0
 ip address 172.16.31.1 255.255.255.252
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
!
router eigrp 100
 network 10.0.0.0
 network 192.168.100.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.31.2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

R41

Building configuration...

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R41
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.4.4.1 255.255.255.0
!
interface Tunnel100
 bandwidth 4000
 ip address 192.168.100.41 255.255.255.0
 ip mtu 1400
 ip nhrp map 192.168.100.11 172.16.11.1
 ip nhrp map multicast 172.16.11.1
 ip nhrp network-id 100
 ip nhrp nhs 192.168.100.11
 ip tcp adjust-mss 1360
 tunnel source Ethernet0/0
 tunnel destination 172.16.11.1
 tunnel key 100
!
interface Ethernet0/0
 ip address 172.16.41.1 255.255.255.252
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
!
router eigrp 100
 network 10.0.0.0
 network 192.168.100.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.41.2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Georg Pauwen
VIP Expert

Hello,

 

I rebuilt your topology and found a number of crucial things, the most important being the no BGP at all is configured on any of the DMVPN routers. There was also a missing network ID on R11.

 

Make sure the configs look exactly like below (important parts marked in bold

 

Cloud

 

Current configuration : 1673 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cloud
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Ethernet0/0
ip address 172.16.11.2 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
ip address 172.16.31.2 255.255.255.252
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Ethernet2/0
ip address 172.16.41.2 255.255.255.252
!
interface Ethernet2/1
no ip address
shutdown
!
interface Ethernet2/2
no ip address
shutdown
!
interface Ethernet2/3
no ip address
shutdown
!
router bgp 100
bgp log-neighbor-changes
neighbor 172.16.11.1 remote-as 11
neighbor 172.16.31.1 remote-as 31
neighbor 172.16.41.1 remote-as 41
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

 

R11

 

Current configuration : 1397 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R11
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.11 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 100
no ip split-horizon eigrp 100
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.11.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 11
neighbor 172.16.11.2 remote-as 100
!
router eigrp 100
network 10.1.1.0 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.11.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

 

R31

 

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R31
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.3.3.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.31 255.255.255.0
ip mtu 1400
ip nhrp map multicast 172.16.11.1
ip nhrp map 192.168.100.11 172.16.11.1
ip nhrp network-id 100
ip nhrp nhs 192.168.100.31
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
tunnel destination 172.16.11.1
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.31.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 31
neighbor 172.16.31.2 remote-as 100
!
router eigrp 100
network 10.3.3.1 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.31.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end

 

R41

 

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R41
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.4.4.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.41 255.255.255.0
ip mtu 1400
ip nhrp map 192.168.100.11 172.16.11.1
ip nhrp map multicast 172.16.11.1
ip nhrp network-id 100
ip nhrp nhs 192.168.100.11
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
tunnel destination 172.16.11.1
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.41.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 41
neighbor 172.16.41.2 remote-as 100
!
router eigrp 100
network 10.4.4.1 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.41.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

View solution in original post

5 REPLIES 5
ngkin2010
Enthusiast

Hi,

 

1. First to verify the DMVPN is correctly formed or not, according to the given configuration. The 'network-id' is incorrect on DMVPN's Hub:

 

interface Tunnel100
  ip nhrp network-id 100  <Missing command>

2. After fixing the DMVPN, verify the status by 'show dmvpn'

 

# show dmvpn
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 172.16.31.1      192.168.100.31    UP 00:00:13     D
     1 172.16.41.1      192.168.100.41    UP 00:00:32     D

3. Then, verify the tunnel is UP by pinging to DMVPN hub

ping 192.168.100.11 source tunnel100

4. then verify the EIGRP status over the DMVPN tunnel by 'show ip eigrp neighbor'

 

5. Finally verify the EIGRP by pinging to DMVPN Spoke from Spoke

ping 192.168.100.31 source tunnel100
ping 192.168.100.41 source tunnel100

 

6. Verify the NHS on DMVPN hub by 'show ip nhrp'

192.168.100.11/32
Tunnel100 created 00:02:28, expire 00:00:36
Type: incomplete, Flags: negative
Cache hits: 2
192.168.100.31/32 via 192.168.100.31
Tunnel100 created 00:04:44, expire 01:55:37
Type: dynamic, Flags: unique registered used nhop
NBMA address: 172.16.31.1
192.168.100.41/32 via 192.168.100.41
Tunnel100 created 00:04:42, expire 01:55:19
Type: dynamic, Flags: unique registered used nhop
NBMA address: 172.16.41.1

7. Verify trace route to see if DMVPN is working as expected (phase 1 DMVPN; traffic first sent to hub)

traceroute 192.168.100.31 source 192.168.100.41
Type escape sequence to abort.
Tracing the route to 192.168.100.31
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.100.11 1 msec 0 msec 0 msec
  2 192.168.100.31 1 msec 1 msec 0 msec

 

 

Therefore, resolving the 'network-id' on DMVPN hub should help you to solve the problem.

 

But the BGP (underlay network) configuration was not correctly configured, you currently rely on static default route to form the DMVPN tunnel. 

 

Regarding to your last question below:

 I kind of feel that the Cloud (since its a router) needs to tunnel network added to the BGP table but what doesn't make sense is how does DMVPN work in the real world with real ISP's without advertising someone's corporate VPN Tunnel network?

The cloud (or the ISP) as a underlay network only need to advertise (& route) the traffic between physical interfaces (e.g. e0/0 in our lab). All Corp's traffic leaving the DMVPN tunnel will be encapsulated by additional IP header (with the source IP address of e0/0). Therefore, in the view of ISP, they see the Corp's traffic is sourcing from 172.16.41.1 to 172.16.11.1.  After the packet has routed to remote router, router will decapsulate the packet accordingly. 

Georg Pauwen
VIP Expert

Hello,

 

BGP is just the underlying WAN protocol, as long as all your neighbors are up, that is, as long as WAN connectivity is established, you don't need to advertise any other networks.

 

With regard to your (phase 2) DMVPN, make the changes/additions marked in bold:

 

R11

Current configuration : 1397 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R11
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.11 255.255.255.0
no ip redirects
ip mtu 1400
--> no ip next-hop-self eigrp 100
no ip split-horizon eigrp 100
ip nhrp map multicast dynamic
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.11.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router eigrp 100
--> network 10.1.1.1 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.11.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

 

R31

 

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R31
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.3.3.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.31 255.255.255.0
ip mtu 1400
ip nhrp map multicast 172.16.11.1
ip nhrp map 192.168.100.11 172.16.11.1
ip nhrp network-id 100
ip nhrp nhs 192.168.100.31
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
--> tunnel mode gre multipoint
tunnel destination 172.16.11.1
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.31.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router eigrp 100
--> network 10.3.3.1 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.31.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end


R41

 

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R41
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.4.4.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.41 255.255.255.0
ip mtu 1400
ip nhrp map 192.168.100.11 172.16.11.1
ip nhrp map multicast 172.16.11.1
ip nhrp network-id 100
ip nhrp nhs 192.168.100.11
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
--> tunnel mode gre multipoint
tunnel destination 172.16.11.1
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.41.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router eigrp 100
--> network 10.4.4.1 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.41.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

 

 

MHM Cisco World
Rising star

tunnel mode multipoint need on all Spoke Router, 
you don't config the tunnel destination in PhaseII of DMVPN. 

all other config is OK. no need to change 

Georg Pauwen
VIP Expert

Hello,

 

I rebuilt your topology and found a number of crucial things, the most important being the no BGP at all is configured on any of the DMVPN routers. There was also a missing network ID on R11.

 

Make sure the configs look exactly like below (important parts marked in bold

 

Cloud

 

Current configuration : 1673 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cloud
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Ethernet0/0
ip address 172.16.11.2 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
ip address 172.16.31.2 255.255.255.252
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Ethernet2/0
ip address 172.16.41.2 255.255.255.252
!
interface Ethernet2/1
no ip address
shutdown
!
interface Ethernet2/2
no ip address
shutdown
!
interface Ethernet2/3
no ip address
shutdown
!
router bgp 100
bgp log-neighbor-changes
neighbor 172.16.11.1 remote-as 11
neighbor 172.16.31.1 remote-as 31
neighbor 172.16.41.1 remote-as 41
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

 

R11

 

Current configuration : 1397 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R11
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.11 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 100
no ip split-horizon eigrp 100
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.11.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 11
neighbor 172.16.11.2 remote-as 100
!
router eigrp 100
network 10.1.1.0 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.11.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

 

R31

 

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R31
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.3.3.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.31 255.255.255.0
ip mtu 1400
ip nhrp map multicast 172.16.11.1
ip nhrp map 192.168.100.11 172.16.11.1
ip nhrp network-id 100
ip nhrp nhs 192.168.100.31
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
tunnel destination 172.16.11.1
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.31.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 31
neighbor 172.16.31.2 remote-as 100
!
router eigrp 100
network 10.3.3.1 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.31.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end

 

R41

 

Current configuration : 1449 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R41
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
interface Loopback0
ip address 10.4.4.1 255.255.255.0
!
interface Tunnel100
bandwidth 4000
ip address 192.168.100.41 255.255.255.0
ip mtu 1400
ip nhrp map 192.168.100.11 172.16.11.1
ip nhrp map multicast 172.16.11.1
ip nhrp network-id 100
ip nhrp nhs 192.168.100.11
ip tcp adjust-mss 1360
tunnel source Ethernet0/0
tunnel destination 172.16.11.1
tunnel key 100
!
interface Ethernet0/0
ip address 172.16.41.1 255.255.255.252
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router bgp 41
neighbor 172.16.41.2 remote-as 100
!
router eigrp 100
network 10.4.4.1 0.0.0.0
network 192.168.100.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.41.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
end

View solution in original post

It was the missing BGP configs on the spokes. I didn't notice that wasn't configured.

 

R31 came up immediately.

R41 oddly took several minutes before it came up but it eventually did.