Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
5
Replies

DMVPN OSPF - Wrong prefix getting NHRP overriden

char0051
Level 1
Level 1

‎12-05-2023 04:29 PM - edited ‎12-05-2023 04:34 PM

So,I have OSPF running on the overlay on 192.168.100.x/24.I have static defaults pointing to ISP for underlay reachability.

Hub is .1,Spoke 1 is .2 and Spoke 2 is .3.

char0051_0-1701822632257.png

 

I have loopbacks 10.3.3.1/24 and 10.4.4.1/24 respectively on Spoke 1 and Spoke 2,which I am advertising in OSPF.This is Phase 3 DMVPN,I can ping everything,but when I do a trace from 10.3.3.1 to 10.4.4.1,the trace is going via the Hub.Other thing I noticed is,when I check the RIB after sending data traffic between 10.3.3.1 and 10.4.4.1,I see the (%-NHO) on the Tunnel IP of Spoke 2,and not on the 10.4.4.1/24 prefix ,and this is why the traffic keeps going via the hub for that trace,How do I fix this ?

When I did the same thing,but with EIGRP overlay,I had no issues,10.4.4.1 prefix in the RIP had an NHRP override,and trace went directly to Spoke2

Spoke 1 Config -

interface Loopback0
ip address 10.3.3.1 255.255.255.0
ip ospf 1 area 0
!
interface Tunnel1
ip address 192.168.100.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp network-id 10
ip nhrp nhs 192.168.100.1 nbma 172.16.11.1 multicast
ip tcp adjust-mss 1360

ip nhrp shortcut
ip ospf network point-to-multipoint
ip ospf 1 area 123
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 10
!
interface GigabitEthernet0/0
ip address 172.16.31.1 255.255.255.0
duplex auto
speed auto
media-type rj45

 

Spoke 2

 

interface Loopback0
ip address 10.4.4.1 255.255.255.0
ip ospf 1 area 0
!
interface Tunnel0
no ip address
!
interface Tunnel1
ip address 192.168.100.3 255.255.255.0
no ip redirects
ip mtu 1400

ip nhrp shortcut
ip nhrp network-id 10
ip nhrp nhs 192.168.100.1 nbma 172.16.11.1 multicast
ip tcp adjust-mss 1360
ip ospf network point-to-multipoint
ip ospf 1 area 123
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint

tunnel key 10

Hub

interface Loopback0
ip address 10.1.1.1 255.255.255.0
ip ospf 1 area 0
!
interface Tunnel1
ip address 192.168.100.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp network-id 10
no ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
ip ospf network point-to-multipoint
ip ospf 1 area 123
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 10

 

RIB after sending data traffic from 10.3.3.1 to 10.4.4.1 on Spoke 1 - 

 

Gateway of last resort is 172.16.31.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 172.16.31.2
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA 10.1.1.1/32 [110/1001] via 192.168.100.1, 00:26:57, Tunnel1
C 10.3.3.0/24 is directly connected, Loopback0
L 10.3.3.1/32 is directly connected, Loopback0
O IA 10.4.4.1/32 [110/2001] via 192.168.100.1, 00:26:47, Tunnel1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.31.0/24 is directly connected, GigabitEthernet0/0
L 172.16.31.1/32 is directly connected, GigabitEthernet0/0
192.168.100.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Tunnel1
O 192.168.100.1/32 [110/1000] via 192.168.100.1, 00:26:57, Tunnel1
L 192.168.100.2/32 is directly connected, Tunnel1
O % 192.168.100.3/32 [110/2000] via 192.168.100.1, 00:26:47, Tunnel1

I don't understand why my 10.4.4.1 prefix doesn't have %*(NHO),and based on my understanding 192.168.100.3 should just be NHOP,and be indicated by H in the RIB

 

Thanks in advance

 

Labels:
0 Helpful
5 Replies 5

char0051
Level 1
Level 1

‎12-05-2023 07:00 PM

I put everything (Loopbacks and Tunnel interfaces in Area 1,and I see the RIB and the NHO as expected)-So I think OSPF might be causing the above,but I can't seem to figure out why.

OSPF Database on Spoke 2(Loopbacks and Tunnel int in different areas) -

SPOKE_2#show ip ospf database

OSPF Router with ID (10.4.4.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.4.4.1 10.4.4.1 758 0x80000003 0x0009EC 1

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
192.168.100.1 10.4.4.1 758 0x80000002 0x00135B
192.168.100.2 10.4.4.1 758 0x80000002 0x003C45
192.168.100.3 10.4.4.1 758 0x80000002 0x00CA8D

Router Link States (Area 123)

Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 759 0x80000004 0x007C14 3
10.3.3.1 10.3.3.1 746 0x80000003 0x00184F 2
10.4.4.1 10.4.4.1 758 0x80000003 0x00164B 2

Summary Net Link States (Area 123)

Link ID ADV Router Age Seq# Checksum
10.1.1.1 10.1.1.1 759 0x80000002 0x007EA2
10.3.3.1 10.3.3.1 746 0x80000002 0x0032E6
10.4.4.1 10.4.4.1 758 0x80000002 0x000C09

0 Helpful

char0051
Level 1
Level 1

‎12-05-2023 08:44 PM - edited ‎12-06-2023 06:24 AM

SPOKE_2(config-if)#
*Dec 6 04:41:36.800: NHRP-RT: Attempting to create instance PDB for vrf global(0x0)(0x0)
*Dec 6 04:41:36.825: NHRP-RT: Adding route entry for 10.3.3.0/24 (Tunnel1 vrf:global(0x0)) to RIB
*Dec 6 04:41:36.825: NHRP-RT: Route addition to RIB Successful
*Dec 6 04:41:36.826: NHRP-RT: Route watch started for 10.3.2.0/23
*Dec 6 04:41:36.826: NHRP-RT: Adding route entry for 192.168.100.2/32 (Tunnel1 vrf:global(0x0)) to RIB
*Dec 6 04:41:36.827: NHRP-RT: Route addition failed (admin-distance)
*Dec 6 04:41:36.827: NHRP-RT: nexthop-override added to RIB
*Dec 6 04:41:36.827: NHRP-RT: Route watch started for 192.168.100.2/32
*Dec 6 04:41:36.832: NHRP-RT: Received route watch notification for 10.3.3.0/24
*Dec 6 04:41:36.832: NHRP-RT: Covering prefix is 10.3.3.0/0
*Dec 6 04:41:36.832: NHRP-RT: Next-hop interface mismatch  ---Why does this happen ?
*Dec 6 04:41:36.833: NHRP-RT: Deleting route entry for 10.3.3.0/24 (Tunnel1 vrf global(0x0)) from RIB
*Dec 6 04:41:36.833: NHRP-RT: Route entry for 10.3.3.0/24 (Tunnel1 vrf global(0x0)) deleted from RIB
*Dec 6 04:41:36.834: NHRP-RT: Route watch stopped for 10.3.3.0/24 interface Tunnel1
*Dec 6 04:41:36.834: NHRP-RT: Received route watch notification for 192.168.100.2/32
*Dec 6 04:41:36.835: NHRP-RT: Covering prefix is 192.168.100.2/32
*Dec 6 04:41:36.835: NHRP-RT: Path (1) for 192.168.100.2/32 - Gateway:192.168.100.1(110) -> Final Gateway:192.168.100.1(110), Tunnel1
*Dec 6 04:41:36.836: NHRP-RT: Path (2) for 192.168.100.2/32 - Gateway:192.168.100.2(110) -> Final Gateway:192.168.100.2(110), Tunnel1
*Dec 6 04:41:36.836: NHRP-RT: Got NHO from RIB interface Tunnel1 vrf global(0x0)

0 Helpful

MHM Cisco World
VIP
VIP

‎12-05-2023 09:51 PM

Try below

1-Config tunnel in hub and spoke with 

Area0

P2MP

2-redistrubte connect subnet in each spoke 

3- add summary address in Hub with 10.0.0.0/8 ( since loopback is 10.4.x.x and 10.3.x.x)

Do above and see result 

MHM

0 Helpful

char0051
Level 1
Level 1

‎12-06-2023 06:29 AM - edited ‎12-06-2023 06:29 AM

Hey,I can get it to work as expected,But I am trying to find out why it doesn't work with what i did,the way I had my OSPF areas,and in the debug,I see NHRP initially added the remote loopback and removed it because of "Next-Hop Interface Mismatch" and why the override wasn't added.

0 Helpful

MHM Cisco World
VIP
VIP
In response to char0051

‎12-06-2023 06:45 AM

Do you review my answer, 

Let explain 

First spoke know hub but dont know other spokes. 

We need to make hub push summary to both spoke (you need static route to null in hub to make summary work) 

The spoke know have summary from hub

When it want to connect to other spokes the hub send redirect and here the route appear in spokes point to correct next hop not to hub. 

MHM

 

0 Helpful
Customers Also Viewed These Support Documents