- The hub router must be configured with multipoint.
- The spokes must be configured with point-to-point.
- The hub router must be configured to perform dynamic mappings.
Dynamic mappings allow for a much more scalable configuration.
How does this work?
- When a spoke initially connects to the DMVPN network, it registers its tunnel-IP-address-to-NBMA-IP (PUBLIC IP) mapping with the hub router.
- The hub will acknowledge the registration by sending back the registration message that was initiated by the spoke with a success code.
- The registration enables the mGRE interface on the hub router to build a dynamic GRE tunnel back to the router(s) that is trying to register.
- The spoke routers must be configured with the tunnel IP address of the hub; otherwise, they will not know where to register their tunnel IP to PUBLIC mapping.
R5 HUB
R5(config-if)#do show run int t0
interface Tunnel0
ip address 172.16.0.5 255.255.255.0
no ip redirects
ip nhrp network-id 5
tunnel source 169.1.100.5
tunnel mode gre multipoint
end
R1 Spoke
R1(config-if)#do show run int t0
interface Tunnel2023
ip mtu 1476
ip tcp adjust-mss 1436
ip address 172.16.0.1 255.255.255.0
ip nhrp network-id 1
ip nhrp nhs 172.16.0.5
tunnel source 169.1.100.1
tunnel destination 169.1.100.5
R2 Spoke
R2#show run int t0
interface Tunnel0
ip address 172.16.0.2 255.255.255.0
ip mtu 1476
ip nhrp network-id 1
ip nhrp nhs 172.16.0.5
ip tcp adjust-mss 1436
tunnel source 169.1.100.2
tunnel destination 169.1.100.5
end
R3 Spoke
R3#show run int t0
interface Tunnel0
ip address 172.16.0.3 255.255.255.0
ip mtu 1476
ip nhrp network-id 1
ip nhrp nhs 172.16.0.5
ip tcp adjust-mss 1436
tunnel source 169.1.100.3
tunnel destination 169.1.100.5
end
R4 Spoke
R4#show run int t0
interface Tunnel0
ip address 172.16.0.4 255.255.255.0
ip mtu 1476
ip nhrp network-id 1
ip nhrp nhs 172.16.0.5
ip tcp adjust-mss 1436
tunnel source 169.1.100.4
tunnel destination 169.1.100.5
end
R5 Hub Verification
R5#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:4,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 169.1.100.1 172.16.0.1 UP 00:14:56 D
1 169.1.100.2 172.16.0.2 UP 00:10:24 D
1 169.1.100.3 172.16.0.3 UP 00:08:48 D
1 169.1.100.4 172.16.0.4 UP 00:07:09 D
R5#show ip nhrp
172.16.0.1/32 via 172.16.0.1
Tunnel0 created 00:14:58, expire 01:47:15
Type: dynamic, Flags: unique registered used nhop
NBMA address: 169.1.100.1
172.16.0.2/32 via 172.16.0.2
Tunnel0 created 00:10:26, expire 01:49:33
Type: dynamic, Flags: unique registered used nhop
NBMA address: 169.1.100.2
172.16.0.3/32 via 172.16.0.3
Tunnel0 created 00:08:50, expire 01:51:09
Type: dynamic, Flags: unique registered used nhop
NBMA address: 169.1.100.3
172.16.0.4/32 via 172.16.0.4
Tunnel0 created 00:07:11, expire 01:52:48
Type: dynamic, Flags: unique registered used nhop
NBMA address: 169.1.100.4
R5#
Wireshark verification
Spokes TO R5 Hub
R1 – R4 Verify IP connectivity to the tunnel IP
R1#tclsh
R1(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1
+>(tcl)# 172.16.0.2
+>(tcl)# 172.16.0.3
+>(tcl)# 172.16.0.4
+>(tcl)#} { puts [exec "ping $VAR"] }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/11 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/10 ms
R1(tcl)#
R1(tcl)#tclquit
R1#
R2#tclsh
R2(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1
+>(tcl)# 172.16.0.2
+>(tcl)# 172.16.0.3
+>(tcl)# 172.16.0.4
+>(tcl)#} { puts [exec "ping $VAR"] }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/11 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/10 ms
R2(tcl)#
R2(tcl)#tclquit
R3#tclsh
R3(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1
+>(tcl)# 172.16.0.2
+>(tcl)# 172.16.0.3
+>(tcl)# 172.16.0.4
+>(tcl)#} { puts [exec "ping $VAR"] }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/5/8 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/11 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/5 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/11 ms
R3(tcl)#
R3(tcl)#tclquit
R3#
R4#tclsh
R4(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1
+>(tcl)# 172.16.0.2
+>(tcl)# 172.16.0.3
+>(tcl)# 172.16.0.4
+>(tcl)#} { puts [exec "ping $VAR"] }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/12 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/10 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
R4(tcl)#
R4(tcl)#tclquit
R4#
Traceroute from R1 to R2
Traffic from each spoke will still traverse the hub.
R1#traceroute 172.16.0.2 numeric
Type escape sequence to abort.
Tracing the route to 172.16.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.0.5 7 msec 2 msec 2 msec
2 172.16.0.2 4 msec * 4 msec
R1#traceroute 172.16.0.2 numeric
Type escape sequence to abort.
Tracing the route to 172.16.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.0.5 4 msec 3 msec 2 msec
2 172.16.0.2 4 msec * 4 msec
R1#traceroute 172.16.0.2 numeric
Type escape sequence to abort.
Tracing the route to 172.16.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.0.5 2 msec 2 msec 2 msec
2 172.16.0.2 4 msec * 4 msec