DMVPN Notes – Phase 1 Dynamic Mappings

  • The hub router must be configured with multipoint.
  • The spokes must be configured with point-to-point.
  • The hub router must be configured to perform dynamic mappings.

Dynamic mappings allow for a much more scalable configuration.

How does this work?

  • When a spoke initially connects to the DMVPN network, it registers its tunnel-IP-address-to-NBMA-IP (PUBLIC IP) mapping with the hub router.
  • The hub will acknowledge the registration by sending back the registration message that was initiated by the spoke with a success code.
  • The registration enables the mGRE interface on the hub router to build a dynamic GRE tunnel back to the router(s) that is trying to register.
  • The spoke routers must be configured with the tunnel IP address of the hub; otherwise, they will not know where to register their tunnel IP to PUBLIC mapping.


R5 HUB

R5(config-if)#do show run int t0

interface Tunnel0
 ip address 172.16.0.5 255.255.255.0
 no ip redirects
 ip nhrp network-id 5
 tunnel source 169.1.100.5
 tunnel mode gre multipoint
end

R1 Spoke

R1(config-if)#do show run int t0

interface Tunnel2023
 ip mtu 1476
 ip tcp adjust-mss 1436
 ip address 172.16.0.1 255.255.255.0
 ip nhrp network-id 1
 ip nhrp nhs 172.16.0.5
 tunnel source 169.1.100.1
 tunnel destination 169.1.100.5

R2 Spoke

R2#show run int t0

interface Tunnel0
 ip address 172.16.0.2 255.255.255.0
 ip mtu 1476
 ip nhrp network-id 1
 ip nhrp nhs 172.16.0.5
 ip tcp adjust-mss 1436
 tunnel source 169.1.100.2
 tunnel destination 169.1.100.5
end

R3 Spoke

R3#show run int t0


interface Tunnel0
 ip address 172.16.0.3 255.255.255.0
 ip mtu 1476
 ip nhrp network-id 1
 ip nhrp nhs 172.16.0.5
 ip tcp adjust-mss 1436
 tunnel source 169.1.100.3
 tunnel destination 169.1.100.5
end

R4 Spoke

R4#show run int t0

interface Tunnel0
 ip address 172.16.0.4 255.255.255.0
 ip mtu 1476
 ip nhrp network-id 1
 ip nhrp nhs 172.16.0.5
 ip tcp adjust-mss 1436
 tunnel source 169.1.100.4
 tunnel destination 169.1.100.5
end

R5 Hub Verification

R5#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:4, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 169.1.100.1          172.16.0.1    UP 00:14:56     D
     1 169.1.100.2          172.16.0.2    UP 00:10:24     D
     1 169.1.100.3          172.16.0.3    UP 00:08:48     D
     1 169.1.100.4          172.16.0.4    UP 00:07:09     D


R5#show ip nhrp 
172.16.0.1/32 via 172.16.0.1
   Tunnel0 created 00:14:58, expire 01:47:15
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 169.1.100.1 
172.16.0.2/32 via 172.16.0.2
   Tunnel0 created 00:10:26, expire 01:49:33
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 169.1.100.2 
172.16.0.3/32 via 172.16.0.3
   Tunnel0 created 00:08:50, expire 01:51:09
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 169.1.100.3 
172.16.0.4/32 via 172.16.0.4
   Tunnel0 created 00:07:11, expire 01:52:48
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 169.1.100.4 
R5#

Wireshark verification

Spokes TO R5 Hub


R1 – R4 Verify IP connectivity to the tunnel IP

R1#tclsh
R1(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1 
+>(tcl)# 172.16.0.2 
+>(tcl)# 172.16.0.3 
+>(tcl)# 172.16.0.4 
+>(tcl)#} { puts [exec "ping  $VAR"] }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/11 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/10 ms

R1(tcl)#
R1(tcl)#tclquit
R1#
R2#tclsh
R2(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1 
+>(tcl)# 172.16.0.2 
+>(tcl)# 172.16.0.3 
+>(tcl)# 172.16.0.4 
+>(tcl)#} { puts [exec "ping  $VAR"] }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/11 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/10 ms

R2(tcl)#
R2(tcl)#tclquit

R3#tclsh
R3(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1 
+>(tcl)# 172.16.0.2 
+>(tcl)# 172.16.0.3 
+>(tcl)# 172.16.0.4 
+>(tcl)#} { puts [exec "ping  $VAR"] }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/5/8 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/11 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/5 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/11 ms

R3(tcl)#
R3(tcl)#tclquit
R3#
R4#tclsh
R4(tcl)#foreach VAR {
+>(tcl)# 172.16.0.1 
+>(tcl)# 172.16.0.2 
+>(tcl)# 172.16.0.3 
+>(tcl)# 172.16.0.4 
+>(tcl)#} { puts [exec "ping  $VAR"] }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/12 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/10 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms

R4(tcl)#
R4(tcl)#tclquit
R4#

Traceroute from R1 to R2

Traffic from each spoke will still traverse the hub.

R1#traceroute 172.16.0.2 numeric 
Type escape sequence to abort.
Tracing the route to 172.16.0.2
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.0.5 7 msec 2 msec 2 msec
  2 172.16.0.2 4 msec *  4 msec
R1#traceroute 172.16.0.2 numeric 
Type escape sequence to abort.
Tracing the route to 172.16.0.2
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.0.5 4 msec 3 msec 2 msec
  2 172.16.0.2 4 msec *  4 msec
R1#traceroute 172.16.0.2 numeric 
Type escape sequence to abort.
Tracing the route to 172.16.0.2
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.0.5 2 msec 2 msec 2 msec
  2 172.16.0.2 4 msec *  4 msec

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.