08-11-2013 11:52 AM - edited 03-04-2019 08:43 PM
So, I have DMVPN Phase 1 network design with no IPSec protection on Tunnel interfaces.
In real net I have multiple spokes in dual cloud DMVPN with 2 DMVPN interfaces (2 ISPs) on one router. But for my problem it doesn't make sense, it exists on one cloud one spoke configuration too.
HUB:
interface Tunnel1
description =[DMVPN-Hub-Megafon]=
ip address 192.168.128.65 255.255.255.192
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
ip ospf network point-to-multipoint
ip ospf hello-interval 1
ip ospf dead-interval 15
ip ospf cost 10
load-interval 30
history BPS
tunnel source Port-channel1.550
tunnel mode gre multipoint
tunnel key 1
tunnel path-mtu-discovery
!
SPOKE:
interface Tunnel1
description =[DMVPN-Spoke-Megafon]=
ip address 192.168.128.70 255.255.255.192
no ip redirects
ip mtu 1400
ip nhrp map 192.168.128.65 X.X.X.X
ip nhrp map multicast X.X.X.X
ip nhrp network-id 1
ip nhrp holdtime 60
ip nhrp nhs 192.168.128.65
ip nhrp registration timeout 30
ip tcp adjust-mss 1360
ip ospf network point-to-multipoint
ip ospf hello-interval 1
ip ospf dead-interval 15
ip ospf cost 10
history BPS
if-state nhrp
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 1
tunnel route-via FastEthernet4 mandatory
tunnel path-mtu-discovery
!
ip route X.X.X.X 255.255.255.255 X.X.X.GW
Everything works fine. OSPF adjacency is stable. OSPF hello packet comes every second in both directions.
Then I manually flap a Tunnel interface on hub to test recovery process.
HUB:
conf t
int tun1
shut
no shut
end
After few seconds on spoke NHS entry becomes reachable. Hub becomes accessible from spoke through GRE without packet loss:
spoke#ping 192.168.128.65 re 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.128.65, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 8/49/220 ms
But... here is the problem. After spoke's OSPF neighbor state becomes FULL on hub, hub receives no hello packets from spoke.
After dead timeout expires OSPF spoke's state becomes DOWN, hub receives hello packet and process goes into loop.
hub#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
192.168.127.0 1 FULL/DR 00:00:39 192.168.128.6 Port-channel1.503
192.168.127.7 0 FULL/ - 00:00:13 192.168.128.70 Tunnel1
hub#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
192.168.127.0 1 FULL/DR 00:00:34 192.168.128.6 Port-channel1.503
192.168.127.7 0 FULL/ - 00:00:01 192.168.128.70 Tunnel1
debug ip ospf adj
debug ip ospf hello
HUB:
077702: Aug 10 23:48:18.797: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077703: Aug 10 23:48:18.865: OSPF-99 HELLO Tu1: Rcv hello from 192.168.127.7 area 0 192.168.128.70
077704: Aug 10 23:48:18.865: OSPF-99 ADJ Tu1: 2 Way Communication to 192.168.127.7, state 2WAY
077705: Aug 10 23:48:18.865: OSPF-99 ADJ Tu1: Nbr 192.168.127.7: Prepare dbase exchange
077706: Aug 10 23:48:18.865: OSPF-99 ADJ Tu1: Send DBD to 192.168.127.7 seq 0x92F opt 0x52 flag 0x7 len 32
077707: Aug 10 23:48:18.865: OSPF-99 HELLO Tu1: Send immediate hello to nbr 192.168.127.7, src address 192.168.128.70
077708: Aug 10 23:48:18.865: OSPF-99 HELLO Tu1: Send hello to 192.168.128.70 area 0 from 192.168.128.65
077709: Aug 10 23:48:18.925: OSPF-99 ADJ Tu1: Rcv DBD from 192.168.127.7 seq 0x23E opt 0x52 flag 0x7 len 32 mtu 1400 state EXSTART
077710: Aug 10 23:48:18.925: OSPF-99 ADJ Tu1: NBR Negotiation Done. We are the SLAVE
077711: Aug 10 23:48:18.925: OSPF-99 ADJ Tu1: Nbr 192.168.127.7: Summary list built, size 23
077712: Aug 10 23:48:18.925: OSPF-99 ADJ Tu1: Send DBD to 192.168.127.7 seq 0x23E opt 0x52 flag 0x2 len 492
077713: Aug 10 23:48:18.941: OSPF-99 ADJ Tu1: Rcv DBD from 192.168.127.7 seq 0x23F opt 0x52 flag 0x1 len 492 mtu 1400 state EXCHANGE
077714: Aug 10 23:48:18.941: OSPF-99 ADJ Tu1: Exchange Done with 192.168.127.7
077715: Aug 10 23:48:18.941: OSPF-99 ADJ Tu1: Synchronized with 192.168.127.7, state FULL
077716: Aug 10 23:48:18.941: %OSPF-5-ADJCHG: Process 99, Nbr 192.168.127.7 on Tunnel1 from LOADING to FULL, Loading Done
077717: Aug 10 23:48:18.941: OSPF-99 ADJ Tu1: Send DBD to 192.168.127.7 seq 0x23F opt 0x52 flag 0x0 len 32
077718: Aug 10 23:48:18.949: OSPF-99 ADJ Tu1: Rcv LS REQ from 192.168.127.7 length 36 LSA count 1
077719: Aug 10 23:48:19.733: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077721: Aug 10 23:48:20.713: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077722: Aug 10 23:48:21.673: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077723: Aug 10 23:48:22.637: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077724: Aug 10 23:48:23.573: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077726: Aug 10 23:48:24.477: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077727: Aug 10 23:48:25.445: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077728: Aug 10 23:48:26.433: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077729: Aug 10 23:48:27.393: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077730: Aug 10 23:48:28.333: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077731: Aug 10 23:48:29.309: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077733: Aug 10 23:48:30.225: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077734: Aug 10 23:48:31.185: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65
077735: Aug 10 23:48:31.241: OSPF-99 ADJ Tu1: 192.168.127.7 address 192.168.128.70 is dead
077736: Aug 10 23:48:31.241: OSPF-99 ADJ Tu1: 192.168.127.7 address 192.168.128.70 is dead, state DOWN
077737: Aug 10 23:48:31.241: %OSPF-5-ADJCHG: Process 99, Nbr 192.168.127.7 on Tunnel1 from FULL to DOWN, Neighbor Down: Dead timer expired
077738: Aug 10 23:48:31.241: OSPF-99 ADJ Tu1: Nbr 192.168.127.7: Clean-up dbase exchange
SPOKE:
Aug 10 23:48:18.666 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:18.838 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:18.838 MSK: OSPF-1 ADJ Tu1: Cannot see ourself in hello from 192.168.127.2, state INIT
Aug 10 23:48:18.838 MSK: OSPF-1 HELLO Tu1: Send immediate hello to nbr 192.168.127.2, src address 192.168.128.65
Aug 10 23:48:18.838 MSK: OSPF-1 HELLO Tu1: Send hello to 192.168.128.65 area 0 from 192.168.128.70
Aug 10 23:48:18.930 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:18.930 MSK: OSPF-1 ADJ Tu1: 2 Way Communication to 192.168.127.2, state 2WAY
Aug 10 23:48:18.930 MSK: OSPF-1 ADJ Tu1: Nbr 192.168.127.2: Prepare dbase exchange
Aug 10 23:48:18.930 MSK: OSPF-1 ADJ Tu1: Send DBD to 192.168.127.2 seq 0x23E opt 0x52 flag 0x7 len 32
Aug 10 23:48:18.930 MSK: OSPF-1 ADJ Tu1: Rcv DBD from 192.168.127.2 seq 0x92F opt 0x52 flag 0x7 len 32 mtu 1400 state EXSTART
Aug 10 23:48:18.930 MSK: OSPF-1 ADJ Tu1: First DBD and we are not SLAVE
Aug 10 23:48:18.958 MSK: OSPF-1 ADJ Tu1: Rcv DBD from 192.168.127.2 seq 0x23E opt 0x52 flag 0x2 len 492 mtu 1400 state EXSTART
Aug 10 23:48:18.958 MSK: OSPF-1 ADJ Tu1: NBR Negotiation Done. We are the MASTER
Aug 10 23:48:18.958 MSK: OSPF-1 ADJ Tu1: Nbr 192.168.127.2: Summary list built, size 23
Aug 10 23:48:18.958 MSK: OSPF-1 ADJ Tu1: Send DBD to 192.168.127.2 seq 0x23F opt 0x52 flag 0x1 len 492
Aug 10 23:48:18.970 MSK: OSPF-1 ADJ Tu1: Rcv DBD from 192.168.127.2 seq 0x23F opt 0x52 flag 0x0 len 32 mtu 1400 state EXCHANGE
Aug 10 23:48:18.970 MSK: OSPF-1 ADJ Tu1: Exchange Done with 192.168.127.2
Aug 10 23:48:18.970 MSK: OSPF-1 ADJ Tu1: Send LS REQ to 192.168.127.2 length 36 LSA count 1
Aug 10 23:48:18.982 MSK: OSPF-1 ADJ Tu1: Rcv LS UPD from 192.168.127.2 length 76 LSA count 1
Aug 10 23:48:18.982 MSK: OSPF-1 ADJ Tu1: Synchronized with 192.168.127.2, state FULL
Aug 10 23:48:18.982 MSK: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.127.2 on Tunnel1 from LOADING to FULL, Loading Done
Aug 10 23:48:18.982 MSK: OSPF-1 ADJ Tu1: Nbr 192.168.127.2: Clean-up dbase exchange
Aug 10 23:48:19.626 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:19.786 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:20.578 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:20.754 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:21.542 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:21.718 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:22.486 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:22.670 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:23.414 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:23.602 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:24.390 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:24.518 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:25.346 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:25.470 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:26.274 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:26.470 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:27.262 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:27.422 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:28.214 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:28.362 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:29.198 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:29.346 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:30.110 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:30.254 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:31.030 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Aug 10 23:48:31.230 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65
Aug 10 23:48:31.947 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70
Only way to make OSPF adjacency become stable is manually flap Tunnel interface on spoke.
Is there any mistake in my configuration?
08-11-2013 12:10 PM
hello i could be wrong but it looks like your vpn's over lap
your 192.168.10.65 is on the 64 sub
and your 192.168.10.70 is on the same sub of 64, maybe change that to 192.168.128.129 so it is on the 128 sub
then make sure you set up vtp for vlan communications
08-11-2013 01:35 PM
Chris, thank you for suggestion.
192.168.128.65/26 - on Tunnel1 interface on Hub router.
192.168.128.70/26 - on Tunnel1 interface on Spoke router.
So I think that is ok.
10-20-2016 10:56 AM
Hi,
I had the same problem but in a test environment, to solve the issue i change the network type on the interfaces to broadcast, just make sure that the hub router become the DR:
HUB configuration:
interface Tunnel0
description HUB-DMVPN
ip address 10.100.0.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf priority 255
ip ospf 1 area 51
tunnel source GigabitEthernet0/4
tunnel mode gre multipoint
tunnel key 100
end
SPOKE
interface Tunnel0
ip address 10.100.0.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 10.100.0.1 190.1.0.100
ip nhrp map multicast 190.1.0.100
ip nhrp network-id 100
ip nhrp nhs 10.100.0.1
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf priority 0
ip ospf 1 area 51
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 100
end
08-15-2013 02:06 AM
Problem already described as CSCug63013.
Solution to delete 'if-state nhrp' from interface configuration on spoke.
Thanks TAC for help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide