03-07-2019 06:27 AM
Hi there.
I am trying to configure a DMVPN overlay and want to create multiple VRFs in this overlay.
On the hub router are all the tunnels terminated on the same interface in Global Routing but with different network-ids.
But when I try and get the spokes to connect it seems like the tunnels are hitting the wrong VRFs.
Hub
vrf definition VRF-VARME-IC rd 180:180 ! address-family ipv4 exit-address-family ! vrf definition VRF-EL-IC rd 160:160 ! address-family ipv4 exit-address-family ! interface GigabitEthernet0/0/0 no ip address negotiation auto ! ! Interface towards a firewall in vrf VRF-EL-IC ! interface GigabitEthernet0/0/0.860 encapsulation dot1Q 860 vrf forwarding VRF-EL-IC ip address 10.66.160.2 255.255.255.0 ! ! Interface towards a firewall in vrf VRF-VARME-IC ! interface GigabitEthernet0/0/0.880 encapsulation dot1Q 880 vrf forwarding VRF-VARME-IC ip address 10.66.180.2 255.255.255.0 ! ! Interface in Global Routing used to terminated all tunnels from the spokes. ! interface GigabitEthernet0/0/1 ip address 10.66.60.198 255.255.255.0 negotiation auto ! interface Tunnel160 vrf forwarding VRF-EL-IC ip address 192.168.160.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password1 ip nhrp map multicast dynamic ip nhrp network-id 160 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1 tunnel mode gre multipoint ! interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast dynamic ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/0.880 tunnel mode gre multipoint !
on the spokes I have the following configuration, but it seems like the DMVPN doesn't match the correct tunnel on the hub end.
vrf definition VRF-VARME-IC rd 180:180 ! address-family ipv4 exit-address-family ! ! interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.79 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast 10.66.60.198 ip nhrp map 192.168.180.1 10.66.60.198 ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp nhs 192.168.180.1 ip nhrp shortcut ip tcp adjust-mss 1420 tunnel source Ethernet0 tunnel mode gre multipoint ! #ping vrf VRF-VARME-IC ip 192.168.180.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.180.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
On the hub I get the following error. telling me the tunnel is created in VRF-EL-IC and not VRF-VARME-IC:
#debug nhrp NHRP protocol debugging is on ! Mar 7 14:21:40.634: NHRP: Receive Registration Request via Tunnel160 vrf VRF-EL-IC(0x3), packet size: 105 Mar 7 14:21:40.634: NHRP: Registration request is being forwarded. Current NAT logic does'nt work for forwarded registrations Mar 7 14:21:40.634: NHRP: Attempting to forward to destination: 192.168.180.1 vrf: VRF-EL-IC(0x3) Mar 7 14:21:40.634: NHRP: IP route lookup(not mandatory idb) yielded Null0, nhop 192.168.180.1 for 192.168.180.1 vrf VRF-EL-IC(0x3) netid: 160 intf: 0 Mar 7 14:21:40.634: NHRP: NHRP Forward: unable to get NHRP IDB
I have read some places that it is not possible to terminate multiple VRF tunnels on the same Global Routing interface, but I have to run 2547oDMVPN to make it work.
By the way: Everything works if I only have one of the tunnels and VRFs active on the hub router. But everything breaks down when I create the second tunnel interface.
Solved! Go to Solution.
03-08-2019 11:57 PM
Hi,
Let's start some discussion on based on your configuration:
! Interface in Global Routing used to terminated all tunnels from the spokes. ! interface GigabitEthernet0/0/1 ip address 10.66.60.198 255.255.255.0 negotiation auto
Means Gig0/0/1 is the WAN interface. Let start the configuration based on your requirement.
HUB Router configuration:
interface Tunnel160 vrf forwarding VRF-EL-IC ip address 192.168.160.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password1 ip nhrp map multicast dynamic ip nhrp network-id 160 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1 tunnel mode gre multipoint
tunnel key 1
interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast dynamic ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 2
Spoke Router Configuration:
interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.79 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast 10.66.60.198 ip nhrp map 192.168.180.1 10.66.60.198 ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp nhs 192.168.180.1 ip nhrp shortcut ip tcp adjust-mss 1420 tunnel source Ethernet0 tunnel mode gre multipoint
tunnel key 2
Regards,
Deepak Kumar
03-07-2019 02:40 PM
Looking at high level, can you cross check below interfaces ?
interface Tunnel160 vrf forwarding VRF-EL-IC ip address 192.168.160.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password1 ip nhrp map multicast dynamic ip nhrp network-id 160 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1 <-------- this tunnel mode gre multipoint ! interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast dynamic ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/0.880 <---- This tunnel mode gre multipoint !
03-08-2019 05:19 AM
Hi there,
My mistake had it all configured for GI 0/0/1 as the source interface.
But read somewhere that it was not possible to have multiple tunnel VRFs terminated on the same interface in Global Routing and started to move the tunnel termination on tunnel 180 to a VRF interface.
But the result was the same.
So now it looks like this:
interface Tunnel160 vrf forwarding VRF-EL-IC ip address 192.168.160.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password1 ip nhrp map multicast dynamic ip nhrp network-id 160 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1 tunnel mode gre multipoint ! interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast dynamic ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1 tunnel mode gre multipoint !
03-08-2019 06:38 AM
check this thread may have similar solution what you looking ( when i get chance i will test and let you know over weekend)
https://community.cisco.com/t5/routing/gre-egress-interface-selection/td-p/2709472
03-08-2019 03:44 PM
You can make this work in below mentioned way, if possible:
1. Add a secondary IP on your interface GigabitEthernet0/0/1 in the same ISP pool(global vrf)
2. Source any one tunnel with that secondary IP address instead of GigabitEthernet0/0/1
3. Make changes on Spoke Multicast mapping accordingly.
03-08-2019 11:57 PM
Hi,
Let's start some discussion on based on your configuration:
! Interface in Global Routing used to terminated all tunnels from the spokes. ! interface GigabitEthernet0/0/1 ip address 10.66.60.198 255.255.255.0 negotiation auto
Means Gig0/0/1 is the WAN interface. Let start the configuration based on your requirement.
HUB Router configuration:
interface Tunnel160 vrf forwarding VRF-EL-IC ip address 192.168.160.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password1 ip nhrp map multicast dynamic ip nhrp network-id 160 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1 tunnel mode gre multipoint
tunnel key 1
interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.1 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast dynamic ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp shortcut ip nhrp redirect ip tcp adjust-mss 1420 tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 2
Spoke Router Configuration:
interface Tunnel180 vrf forwarding VRF-VARME-IC ip address 192.168.180.79 255.255.255.0 no ip redirects ip mtu 1460 ip nhrp authentication password2 ip nhrp map multicast 10.66.60.198 ip nhrp map 192.168.180.1 10.66.60.198 ip nhrp network-id 180 ip nhrp holdtime 60 ip nhrp nhs 192.168.180.1 ip nhrp shortcut ip tcp adjust-mss 1420 tunnel source Ethernet0 tunnel mode gre multipoint
tunnel key 2
Regards,
Deepak Kumar
03-11-2019 05:32 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide