Solved: Re: phase1 Vs phase2

miracle_david@yahoo.com · ‎06-11-2020

Hi gentlemen,

What's the difference between DMVPN phases 1 & 2 in all terms including EIGRP & OSPF dynamic routing protocols.

Thanks

Deepak Kumar · ‎06-11-2020

HI,

Phase 1:- Communication between Spoke to Spoke via hub only. the means routing protocol will advertise next-hope self as Hub interface IP address to spokes.

Phase2: Communication between spoke to spoke directly and the only first packet will transmit through the hub. We will disable "Next Hope Self" (if using EIGRP) for routing protocol on the Hub router.

as

interface Tunnel0
ip address 172.16.1.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 111
no ip split-horizon eigrp 111

For the OSPF: To Enable Phase 2 with OSPF, Use broadcast network type on all routers.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Giuseppe Larosa · ‎06-11-2020

Hello miracle_david@yahoo.com ,

as clearly explained by @Deepak Kumar the configuration of routing protocol is different in DMVPN Phase 1 from DMVPN phase 2.

More specifically in Phase 1 there cannot be any dynamic spoke to spoke direct tunnel so there is no need to disable next-hop self in EIGRP and also the hub may send a summary route to spoke like a default route because there is no advantage in knowing the details of remote subnets of other spokes because traffic has to go trough the HUB anyway.

In DMVPN Phase 2 the HUB needs to :

disable the use of its own next-hop and to keep the original other spoke next-hop

the HUB cannot perform any type of route summarization on routes originated by other spokes to avoid to prevent the setup of dynamic spoke to spoke tunnels.

The HUB can still summarize all routes coming from the backbone = routes that would point to itself in any case.

For OSPF there are less parameters / features to play with in DMVPN just the choice of network type between broacast and point to multipoint.

Hope to help

Giuseppe

View solution in original post

Deepak Kumar · ‎06-11-2020

HI,

Phase 1:- Communication between Spoke to Spoke via hub only. the means routing protocol will advertise next-hope self as Hub interface IP address to spokes.

Phase2: Communication between spoke to spoke directly and the only first packet will transmit through the hub. We will disable "Next Hope Self" (if using EIGRP) for routing protocol on the Hub router.

as

interface Tunnel0
ip address 172.16.1.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 111
no ip split-horizon eigrp 111

For the OSPF: To Enable Phase 2 with OSPF, Use broadcast network type on all routers.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

miracle_david@yahoo.com · ‎06-11-2020

Are configs for both routing protocols the same in both phases?

Giuseppe Larosa · ‎06-11-2020

Hello miracle_david@yahoo.com ,

as clearly explained by @Deepak Kumar the configuration of routing protocol is different in DMVPN Phase 1 from DMVPN phase 2.

More specifically in Phase 1 there cannot be any dynamic spoke to spoke direct tunnel so there is no need to disable next-hop self in EIGRP and also the hub may send a summary route to spoke like a default route because there is no advantage in knowing the details of remote subnets of other spokes because traffic has to go trough the HUB anyway.

In DMVPN Phase 2 the HUB needs to :

disable the use of its own next-hop and to keep the original other spoke next-hop

the HUB cannot perform any type of route summarization on routes originated by other spokes to avoid to prevent the setup of dynamic spoke to spoke tunnels.

The HUB can still summarize all routes coming from the backbone = routes that would point to itself in any case.

For OSPF there are less parameters / features to play with in DMVPN just the choice of network type between broacast and point to multipoint.

Hope to help

Giuseppe

miracle_david@yahoo.com · ‎06-12-2020

Thanks for your great reply. Could u please send me hub- spoke config for Dual hub-Dual DMVPN topology?

Giuseppe Larosa · ‎06-12-2020

Hello miracle_david@yahoo.com ,

I would recommend you the following design guide

https://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/dmvpn_design_guide.pdf

see pag 43 for recommendations on dual HUB dual DMVPN clouds.

You have two design options: using a single DMVPN with two HUBs or using two distinct DMVPN clouds each of them with a single HUB.

This second choice allows for example to use two different ISPs for interconnection of branch routers to the hub routers. In this case each spoke will have two different mGRE tunnels protected by IPsec profile shared.

One DMVPN will be carried over ISP1 and the second DMVPN will be carried over ISP2.

Hope to help

Giuseppe

miracle_david@yahoo.com · ‎06-12-2020

Does phase 3 have any benefit over 2?

miracle_david@yahoo.com · ‎06-13-2020

How many routers as hub are needed for Dual site-Dual DMVPN scenario?

Georg Pauwen · ‎06-11-2020

Hello,

here is a pretty good link to a site with sample configs for all phases and routing protocols...

https://www.grandmetric.com/knowledge-base/design_and_configure/1305/

miracle_david@yahoo.com · ‎06-12-2020

Thanks sir for your nice reply. How many HUBs I should have for Dual hub-Dual DMVPN scenario?

Deepak Kumar · ‎06-12-2020

Hi,
You have given answer in the Question itself. 2 Hub (Dual Hub) is recommended. But if your design with Hierarchical DMVPN Phase 3 then it may be more as per requirements.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!