03-23-2022 02:48 AM
Our DMVPN phase 3 was configured a long time ago and I have just been looking at an issue.
If a spoke is configured as 'ip nhrp redirect' Will it act as a hub ? All our spokes (over 100) have this command.
One thing I see quite a lot in 'show dmvpn' is host IPs from other sites. Like this -
UNKNOWN 10.84.14.142 NHRP never IX 10.84.14.142/32
UNKNOWN 10.84.14.165 NHRP never IX 10.84.14.165/32
UNKNOWN 10.84.14.169 NHRP never IX 10.84.14.169/32
UNKNOWN 10.84.14.170 NHRP never IX 10.84.14.170/32
03-23-2022 02:59 AM
@Richard Tapp no the spokes won't act as a hub, because the spoke routers are configured with the NHS and NBMA addresses of the actual hub.
03-23-2022 03:02 AM
Thanks Rob, but coud this be why we are seeing lots of these messages ?
UNKNOWN 10.84.14.170 NHRP never IX 10.84.14.170/32
03-23-2022 03:20 AM
Can you post hub side config and 1 spoke side config to understand the issue here.
03-23-2022 03:30 AM - edited 03-23-2022 03:32 AM
HUB
interface Tunnel0
bandwidth 102400
ip address 10.105.0.1 255.255.0.0
no ip redirects
no ip proxy-arp
ip mtu 1400
no ip split-horizon eigrp 10
ip nhrp authentication cccccccccc
ip nhrp map 10.105.0.2 xx.xx.xx.xx
ip nhrp map multicast xx.xx.xx.xx
ip nhrp network-id 1
ip nhrp nhs 10.105.0.2
ip nhrp redirect
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key xxxxxxx
tunnel protection ipsec profile yyyyyyyy
Spoke
interface Tunnel10
ip address 10.105.5.4 255.255.0.0
no ip redirects
no ip proxy-arp
ip mtu 1400
ip nhrp authentication ccccccccc
ip nhrp map 10.105.0.1 xx.xx.xx.xx
ip nhrp map multicast xx.xx.xx.xx
ip nhrp network-id 1
ip nhrp holdtime 900
ip nhrp nhs 10.105.0.1
ip nhrp redirect
ip nhrp shortcut
zone-member security DMVPN
ip tcp adjust-mss 1250
delay 100
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key xxxxxxxxx
tunnel protection ipsec profile yyyyyyyyy
03-23-2022 06:06 AM
Why you want spoke to be hub?
03-23-2022 12:08 PM
If a spoke is configured as 'ip nhrp redirect' Will it act as a hub ? All our spokes (over 100) have this command.
-I am with @Rob Ingram on this one. That command will not make any of your spokes act as the hub. The hub is determined via the ip nhs server command. In regard to phase3, nhrp indication messages are used to inform spokes of better paths via nhrp redirect command. On your spokes you would enable nhrp shortcut. The redirect command is essentially triggering the hub to tell the spoke there is a better path & here is the route, and the shortcut command triggers the spoke to accept this redirect route and install the shortcut.
03-23-2022 12:33 PM - edited 03-23-2022 06:00 PM
HUB
interface Tunnel0
ip address 10.105.0.1 255.255.0.0<-OK
ip nhrp map 10.105.0.2 xx.xx.xx.xx<- no need since it HUB
ip nhrp map multicast xx.xx.xx.xx<- change to be map multicast dynamic
ip nhrp ohs 10.105.0.2<- no need since it HUB
!
Spoke
interface Tunnel10
ip address 10.105.5.4 255.255.0.0<-OK
ip nhrp map 10.105.0.1 xx.xx.xx.xx<-OK
ip nhrp map multicast xx.xx.xx.xx<-OK
ip nhrp ohs 10.105.0.1<-OK
this change must be config UNLESS you have two Hub and this one is redundancy for first one, are you use this design ? if yes then
add the
Spoke
ip nhrp map 10.105.0.1 y.y.y.y
ip nhrp map multicast y.y.y.y
ip nhrp ohs 10.105.0.2
try this and see result.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: