Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2854
Views
3
Helpful
10
Replies

DMVPN nhrp redirect

gdy1039
Level 1
Level 1

‎05-14-2023 06:44 PM

Hello

Good day to you. Could you please help my DMVPN question.

R1 is hub, R3, R4, R5 is spoke. my lab is run in PNET, Configuration had attached.

Q1. ip nhrp redirect should input at hub or all spoke?

Q2. before I input "ip nhrp redirect" and "ip nhrp shortcut", I found R3 and R4 can direct communicate. No different after these 2 command. May you provide some explain to help me understand 2 command. I had read command reference but not help.

Q3. in fact, R3 can direct ping R4 in phase 1 setup which is no OSPF. Prove by packet capture. OSPF just provide route for backend subnet. Does my understand is true?

Thanks for your time.

 

Best Regards.

Scott

 

gdy1039_0-1684115000353.png

 

Labels:
DMVPN.zip
_Exports_pnetlab_export-20230514-145408.zip
10 Replies 10

M02@rt37
VIP
VIP

‎05-15-2023 07:47 AM

Hello @gdy1039,

Q1--The "ip nhrp redirect" command is typically configured on the hub router in a DMVPN setup. It enables the hub to inform the spokes of a more efficient path to reach a particular destination, redirecting traffic to a better next-hop router. This command is not required on the spoke routers.

Q2--The "ip nhrp shortcut" command is used to optimize traffic flow between DMVPN spokes. It allows spokes to communicate directly with each other, bypassing the hub router whenever possible. The command is configured on the spoke routers. After configuring "ip nhrp shortcut," the spokes can establish direct tunnels between each other, improving performance by avoiding unnecessary traffic traversal through the hub. This command should be used with caution, as it may increase the complexity of the network and require careful design and testing.

Q3--In a DMVPN Phase 1 setup without OSPF, it is possible for spoke routers to communicate with each other directly, as they can establish spoke-to-spoke tunnels. The DMVPN overlay network allows dynamic tunnel establishment between spokes, even without a dynamic routing protocol like OSPF. However, OSPF provides additional benefits such as automatic route distribution and the ability to dynamically adapt to changes in the network topology.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

gdy1039
Level 1
Level 1
In response to M02@rt37

‎06-10-2023 06:00 AM

Hello M02@rt37

Thanks for your reply. After more lab, I have more understanding. Could you please correct me if I am wrong.

1.  For Q3, spoke can not communicate with each other. Because of in phase 1, spoke use "tunnel destination " rather than " tunnel mode gre multipoint".  This will limit that all traffic need go through hub, no other choose.

2. For phase 2, "tunnel mode gre multipoint" will allow spoke direct build tunnel each other. if use ospf, use broadcast type and set spoke  priority to 0 to prevent spoke work as DR.

3. For phase 3, let's start from static router. I set route for each spoke one by one in hub, use this to reach each PC behind router in above diagram. In spoke, I put a default route or summary route point to hub, then first packet will go to hub to initial nhrp redirect. If everything working, I will got a route for PC 4 at R3 point to R4, this route is under summary route and tag as H - NHRP.   If I manually write same route point R4 or anywhere, I will got route tag as % - next hop override. By my thinking, H route should be correct for phase 3, and % is not a correct present. If this is true, why all sample in Youtube is tag as %? How could I have correct ospf setup to have result like above previous static route in this segment?

Thank you.

Best Regards.

Scott Gao

MHM Cisco World
VIP
VIP
In response to gdy1039

‎06-10-2023 06:33 AM

I will share lab for phase III of DMVPN later today 

0 Helpful

gdy1039
Level 1
Level 1

‎06-10-2023 09:59 PM - edited ‎06-10-2023 10:02 PM

Hello MHM

Thanks for your time.

I have new finding would like to share.

gdy1039_0-1686455544513.png

gdy1039_1-1686455549424.png

Below is static route test without override.

gdy1039_2-1686455575393.png

below is override test. From it, I know % sign is correct and normal result.

gdy1039_3-1686455588052.png

 

Below is OSPF test.

gdy1039_4-1686458855620.png

gdy1039_5-1686458864009.png

From guide "IP Address - NHRP configuration Guide",  spoke just need have summary route point to hub. I fail to achieve this by OSPF. I try to use "area 1 range 10.100.0.0 255.255.0.0", spoke will have summary route, but also will have specify route for each backend subnet.

Another key point is Phase 3 allow hierachical (Greater than one level) and more complex tree-base DMVPN network topologies. I had never seen example for this on internet. Maybe I will try it or forget it.

Thank you.

Best Regards.

Scott Gao

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to gdy1039

‎06-11-2023 12:31 AM

the route before ping from Spoke1 to Spoke2

Screenshot (777).pngScreenshot (778).pngScreenshot (779).png

0 Helpful

MHM Cisco World
VIP
VIP

‎06-11-2023 12:55 AM - edited ‎06-11-2023 01:12 AM

this after ping from Spoke1 to Spoke2 

you can see the phaseIII work fine 
what I run in my lab 
config static route as you for underlay, you use EIGRP that fine 
config EIGRP (not ospf) for overlay for tunnel, you use OSPF that fine 
you can see as I suggest in your other post you need summary in PhaseIII and I run summary command under tunnel interface (because it is EIGRP) 

NOW return to summary in OSPF, this issue I deal with it NOW and find solution, update you soon 
MHM

Screenshot (780).pngScreenshot (781).pngScreenshot (782).png

0 Helpful

MHM Cisco World
VIP
VIP

‎06-11-2023 05:44 PM

there s no problem, I run lab make all DMVPN tunnel and LAN behind Spoke in same Area (Area0) and I get % next-hop override when ping from spoke to spoke 

Screenshot (783).pngScreenshot (784).png

0 Helpful

gdy1039
Level 1
Level 1
In response to MHM Cisco World

‎06-15-2023 02:17 AM

Dear MHM

 

Thanks for your help to spend so much time to have lab. You lab still not show any summary route and not limit individual route of spoke.

I trying to achieve benefit 1, but end of benefit 3 said not possible to have summary by OSPF. I think I need to forget it.

Reference "IP Addressing - NHRP Configuration Guide".

On the other hand, did you achieve by EIGRP?   Would you mind point out which picture? I read carefully but still not found.

Thank you.

 

Best Regards.

Scott Gao

gdy1039_0-1686820248509.png

 

2480 KB
2480 KB
0 Helpful

MHM Cisco World
VIP
VIP
In response to gdy1039

‎06-18-2023 03:01 AM

Sorry for late reply but I so busy.

Now the eigrp not like opsf' ospf need all router in same area have same ospf db' so this make all hub and spoke know all prefix connect or learn from other IGP.

You want summary' I dont mention that you can't config summary in dmvpn with ospf but it useless not like eigrp.

To config summary in ospf you need router to be asbr' and that what I do

I make hub as asbr and redistrubte connected with route map then summary this address to advertise to all spokes.

0 Helpful

MHM Cisco World
VIP
VIP

‎06-17-2023 03:02 PM


IOU6#show run
IOU6#show running-config
Building configuration...

Current configuration : 2532 bytes
!
! Last configuration change at 21:58:57 UTC Sat Jun 17 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IOU6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!


!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 22.3.0.1 255.255.0.0
!
interface Tunnel0
ip address 5.0.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 5
ip nhrp redirect
ip ospf network point-to-multipoint
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 5
!
interface Ethernet0/0
ip address 100.0.0.6 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
!
router ospf 5
summary-address 22.0.0.0 255.0.0.0
redistribute connected subnets route-map MHM
network 5.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 100.0.0.20
!
!
ip prefix-list 22.3.0.0 seq 5 permit 22.3.0.0/16
!
route-map MHM permit 10
match ip address prefix-list 22.3.0.0
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
!
end

Hub config for summary 
Screenshot (799).pngScreenshot (801).png

0 Helpful
Customers Also Viewed These Support Documents