I am using DMVPN before but I never studied it (run debug, wireshark, etc). Now I am going into the details. I started with a very simple topolgy using DMVPN phase 1 configuration without IPSec. My first question is about the NHRP network-ID. Apparently without it the NHRP process doesn't start. However the configured ID is not in the NHRP registration request or reply messages that I captured. In addition, spoke still registers with hub even with the wrong ID. Any ideas why? What is the purpose of the network ID?
It defines part of NHRP domain.
You can configure, for example, two interfaces with same NHRP domain allowing those packets to flow between those two interfaces. Useful in phase 3.
You are correct the value is locally significant, although for sake of consitency and troubleshootability we recommend using same value.
Hi Marcin, thanks for the reply and sorry for the late response. I just tried on phase 3, however it still doesn't seem to matter.. My hub and two spokes all have the different valus and they still process NHRP packets correctly and route injected properly as well... I guess it is just a local number to differentiate in case you have more than one DMVPNs configured, correct...? Thanks
as I said the number is locally significant. DMVPN design will not change this. It is however required (AFAIR) for hierarchical hub design.
I am pretty much confused with this NHRP ID as well.
This is what I found from NHRP document.
"Enabling NHRP on an Interface The NHRP network ID is used to define the NHRP domain for an NHRP interface and differentiate between multiple NHRP domains or networks, when two or more NHRP domains (GRE tunnel interfaces) are available on the same NHRP node (router). The NHRP network ID is used to help keep two NHRP networks (clouds) separate from each other when both are configured on the same router. The NHRP network ID is a local only parameter. It is significant only to the local router and it is not transmitted in NHRP packets to other NHRP nodes. For this reason the actual value of the NHRP network ID configured on a router need not match the same NHRP network ID on another router where both of these routers are in the same NHRP domain. As NHRP packets arrive on a GRE interface, they are assigned to the local NHRP domain in the NHRP network ID that is configured on that interface."
And this is what I have on DMVPN Guide.
"To participate in one NHRP registration process, all routers must belong to the same NHRP network by a network ID. The NHRP network ID defines an NHRP domain."
Both of the documents are from Cisco.
So what I am thinking is that different DMVPN domains are being classified on a single router through the NHRP ID. If a router do have two tunnel interfaces then the distinguishing factor on what tunnel interface it would be classified is by tunnel key, not NHRP ID, when it is sharing the same NBMA interface. If the two tunnels were mapped on different physical interfaces then it chooses the NHRP ID on which tunnel interface the packet landed.
We've discussed this in comments underneath.
Let me add to a few things.
NHRP is not used to (de)multiplex multiple connections, as you pointed out GRE's tunnel key is doing that.
NHRP rides on top of GRE. And GRE (typically) rides on top of IPsec.
NHRP ID is only locally significant, it is not sent in any NHRP message (at least in case of DMVPN). You can confirm it by using debugs.
NHRP ID is used to carve local domains on a router it is configured.
Using same network ID across the board, in a domain, makes troubleshooting easier and a more straight forward configuration.
Using a different ID, on same router(!), will separate the two domains.