07-24-2019 08:36 AM
Hello colleagues,
the history - we had DMVPN configured on different models 800, 2800, 2900 series with different IOS versions. Everything works quite good.
Recently we added two new routers - c1111-4p, with different IOS versions - 16.8.1 and 16.9.3 as spokes. Then we found a strange issue. For all old spokes, if there is a new spoke-spoke traffic, the first several packets go through the hub and after establishing a spoke-spoke direct tunnel it goes directly. There is no any packet loss.
For these new c1111-4p situation is different. Looks like if there is a packet to another spoke and there is no nhrp entry then the first spoke is trying to resolve nhrp and until then for the first seconds all packets are dropped and traffic doesn't goes through the hub.
R2#ping 10.99.99.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.99.40, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 92/101/112 ms
R2#traceroute 10.99.99.40
Type escape sequence to abort.
Tracing the route to 10.99.99.40
VRF info: (vrf in name/id, vrf out name/id)
1 *
10.99.99.40 136 msec *
If I block the direct traffic between spokes by access-list, it is the same, first packets are dropped until nhrp resolve and after traffic successfully goes through the hub.
As I understand, at the beginning in cef we have incomplete entry and first packets should be process switched, so maybe there is some platform-related difference for c1111 routers? For example, I cannot disable route-cache cef on the tunnel interface.
Also, I the only difference I found is that in 16.x versions "ip nhrp shortcut" command is enabled by default, so I have added "no ip nhrp shortcut", but it didn't help.
07-24-2019 08:38 AM
forgot to add, I captured traffic from tunnel interface and it is clear that the spoke doesn't send the first packet to the hub, so it is not dropped on the hub of further.
07-24-2019 02:57 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide