Solved: Re: DMVPN- correct procedure to migrate network from phase 2 to 3?

jmaxwellUSAF · ‎06-28-2023

Hello.

INTENT: migrate the DMVPN routers (fifteen of them) from phase 2 to phase 3.

-I tried to do this migration a few at a time, but this process is failing.

-I first inserted on the hub "ip nhrp redirect". Then on three spokes I definitely inserted "ip nhrp shortcut" with no error symptoms at all. A half hour later I checked the config on these three spoke tunnel interfaces-- there was no evidence of the command "ip nhrp shortcut.", as if it was never entered. The hub does still show the "ip nhrp redirect" command.

-Additionally, right now there are flapping spoke to spoke tunnels (but they are working after each flap).

So then, if when I config a spoke for phase 3, and command never sticks, what is the correct procedure to convert this DMVPN environment to phase 3?

Thank you.

Rob Ingram · ‎06-28-2023

@jmaxwellUSAF

What IOS/IOS-XE image are you running on all the spoke routers? Run "show run all" and check the configuration of the tunnel interfaces to see if the "ip nhrp shortcut" command is present as default.

The phase 3 configured spoke routers will not attempt to use a more specific (shortcut) route if the hub is not sending a redirect message, so I'd not configure the "ip nhrp redirect" command on the hub until you are sure of the spoke configuration on all the routers. That way you should not expect any issues with some spokes to communicating with other spokes that are not configured for shortcut.

View solution in original post

MHM Cisco World · ‎06-28-2023

one command in hub and one command in spoke that what you need,
ip nhrp redirect <<- hub
ip nhrp shortcut <<- in Spoke

notice:- the phase3 support summary, phase2 not support summary address in Hub

that it

View solution in original post

Rob Ingram · ‎06-28-2023

@jmaxwellUSAF

What IOS/IOS-XE image are you running on all the spoke routers? Run "show run all" and check the configuration of the tunnel interfaces to see if the "ip nhrp shortcut" command is present as default.

The phase 3 configured spoke routers will not attempt to use a more specific (shortcut) route if the hub is not sending a redirect message, so I'd not configure the "ip nhrp redirect" command on the hub until you are sure of the spoke configuration on all the routers. That way you should not expect any issues with some spokes to communicating with other spokes that are not configured for shortcut.

MHM Cisco World · ‎06-28-2023

one command in hub and one command in spoke that what you need,
ip nhrp redirect <<- hub
ip nhrp shortcut <<- in Spoke

notice:- the phase3 support summary, phase2 not support summary address in Hub

that it

jmaxwellUSAF · ‎06-28-2023

"notice:- the phase3 support summary, phase2 not support summary address in Hub "

I don't understand what you are communicating above. Please clarify?

MHM Cisco World · ‎06-28-2023

Spoke-to-Spoke NHRP Summary Maps

In DMVPN phase 3, route summarization is performed at a hub. The hub is the next-hop for any spoke to reach any network behind a spoke. On receiving a packet, the hub sends a redirect message to a local spoke and indicates the local spoke to send Next Hop Resolution Protocol (NHRP) resolution request for the destination network. The resolution request is forwarded by the hub to a remote spoke with the destination LAN network. The remote spoke responds to the resolution request and initiates a tunnel with the local spoke.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-summ-maps.html