On this post, I’m going to explore the basics of DMVPN and will show how to configure Phase 1 DMVPN. So the first question we need to ask is what is DMVPN and what it is used for. DMVPM is basically a hub and spoke tunneling technology. In fact, it is one form of a VPN that allows spoke to communicate with other spoke sites without going through the Hub.
To understand DMVPN, there are other important protocols to learned such as GRE, dynamic routing protocol such as OSPF and BGP and Next Hop Redundancy Protocol. DMVPN is not secured as their is no encryption involved but we could run IPSec on top of DMVPN to encrypted our data.
On this particular post, I’m gonna explain DMVPN in action and I will go through the details on each configuration steps.
But before moving forward, as mentioned, we need to understand how GRE works. I have a good explanation on configuring GRE Tunnel on this post. GRE tunnel could be built between two distant sites via the WAN or Internet links. We could build GRE over the internet and adding IPSEC to encrypt data or we could also built a GRE Tunnels via an MPLS link. The thing to note here is GRE Tunnel is built between two peers (two devices). But with DMVPN, multipoint-GRE will be introduced.
This means that our hub could built a separate GRE tunnels to two different spokes. In my lab, I will be showing some good examples with multipoint-GRE Tunnels which I built on the hub.
Next thing thing to understand is “Next Hop Redundancy Protocol (NHRP)”. So what is the purpose of NHRP. I’m gonna answer this with some scenario. Example we have a HUB router that is connected to two different spokes. The Hub router will be able to communicate directly with the two spokes as it was able to build the GRE tunnels. But what about if the two spokes want to reach each other. This will not be possible as we only built the GRE Tunnels between the Hub and the Spokes.
So NHRP is our hero. Some concepts to understand here:
- We need to have a NHRP Server which is usually the Hub
- The Spokes will be considered as NHRP Client.
- The NHRP clients will need to informed the NHRP server of their public IP address or the NBMA address. This could be done using NHRP registration request.
- The NHRP server will build a mapping between the Tunnel IP address of the spokes against the NBMA address.
- The NHRP resolution request will happen if the spokes desires to reach each other. The NHRP resolution request will be sent out by NHRP client to NHRP server and asking for the NBMA address of the other spoke router.
- The NHRP resolution reply will be send out by the NHRP server towards the spokes providing the NBMA address of the other spoke routers.
In short, what NHRP does is it maps the Tunnel IP address to the NMBA address of the spokes.
Below configurations will established my layer 2 connectivity
Thats a quick summary of DMVPN but I would go to the exciting part which is the configurations.
On my lab, I will focus on configuring Phase 1 DMVPN. So what is Phase 1 DMVPN? My answer to this is simple, all traffic between Spokes have to go through the Hub. The Hub router will be responsible for routing the traffic towards the spoke. Mainly, this type of DMVPN is used just to have a control of traffic between Spokes. No direct GRE tunnel is built between spokes.
So here’s my lab topology:
Based on my topology, I have the basic details as follows:
- I’m running BGP on my ISP to established the connection between Hub and Spoke. This simulate an actual environment where main HQ and Branch offices are connected through the internet. The ISP are connecting to the HQ and Spokes via BGP.
- BGP have to be established between the HUb and spokes in order to build the GRE Tunnels.
Key task for this lab:
1. Configure layer 2 trunking to used a single interface using dot1q encapsulation between Hub and Spokes. This will established the layer 2 connectivity which formed the underlay network.
2. To established layer 3 connectivity on the underlay network, configure iBGP.
3. Build the GRE tunnels between the Hub and Spokes. This will be the starting point of building the overlay network.
4. Enable OSPF between the Hub and Spokes and advertise the loopback on each router.
5. Verify the connectivity.
Legends:
R1 = Hub , R2 = Spoke 1, R3 = Spoke 2
Below configurations will established my layer 2 connectivity
R1 configurations:
interface GigabitEthernet0/0
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
R1 –> R2
interface GigabitEthernet0/0.12
encapsulation dot1Q 12
ip address 100.1.12.1 255.255.255.0
R1 –> R3
interface GigabitEthernet0/0.13
encapsulation dot1Q 13
ip address 100.1.13.1 255.255.255.0
R2 configurations:
interface GigabitEthernet0/0
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
R2 –> R1
interface GigabitEthernet0/0.12
encapsulation dot1Q 12
ip address 100.1.12.2 255.255.255.0
!
R3 configurations:
interface GigabitEthernet0/0
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
R3 –> R1
interface GigabitEthernet0/0.13
encapsulation dot1Q 13
ip address 100.1.13.3 255.255.255.0
Now let’s check whether the physical link are up on the three routers:
R1#show ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 unassigned YES NVRAM up up
GigabitEthernet0/0.12 100.1.12.1 YES NVRAM up up
GigabitEthernet0/0.13 100.1.13.1 YES NVRAM up up
R2#show ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 unassigned YES NVRAM up up
GigabitEthernet0/0.12 100.1.12.2 YES NVRAM up up
R3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 unassigned YES NVRAM up up
GigabitEthernet0/0.13 100.1.13.3 YES NVRAM up up
Now lets’ enable iBGP between R1 towards R2 and R1 towards R3:
R1:
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 100.1.12.2 remote-as 123
neighbor 100.1.13.3 remote-as 123
no auto-summary
R2:
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 100.1.12.1 remote-as 123
no auto-summary
R3:
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 100.1.13.1 remote-as 123
no auto-summary
Now lets verify the BGP sessions:
R1#show ip bgp summary
BGP router identifier 172.16.13.1, local AS number 123
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.1.12.2 4 123 113 115 1 0 0 01:41:49 0
100.1.13.3 4 123 114 114 1 0 0 01:41:47 0
R1#
R2#show ip bgp summary
BGP router identifier 172.16.12.2, local AS number 123
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.1.12.1 4 123 115 114 1 0 0 01:42:01 0
R2#
R3#show ip bgp summary
BGP router identifier 172.16.13.3, local AS number 123
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.1.13.1 4 123 115 114 1 0 0 01:42:04 0
R3#
🔺So as seen above L3 connectivity is working with all the established BGP sessions.
Next is build the GRE Tunnels.
R1:
interface Tunnel0
ip address 172.16.12.1 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source GigabitEthernet0/0.12
tunnel mode gre multipoint
!
!
interface Tunnel1
ip address 172.16.13.1 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp network-id 2
tunnel source GigabitEthernet0/0.13
tunnel mode gre multipoint
So let me go through the details above:
1. Tunnel IP address is assigned for each tunnel between R1 and R2 and R1 and R3.
2. NHRP authentication is enabled
3. NHRP mapping is configured as multicast dynamic. Dynamic is used in Hub as it does not know the IP address of the spokes and with the NHRP registration request when the tunnel is build, it will automatically add the IP addresses to the multicast destination list when the spokes register themselves.
4. NHRP network-id is used to distinguished the GRE Tunnels if there are one or more tunnels to build.
5. We have set the tunnel source with the sub-interface GigabitEthernet0/0.13 and
GigabitEthernet0/0.12
6. We have changed the gre mode into multipoint as by default GRE is point-to-point.
e.g.
R1(config-if)#tunnel mode gre ?
ip over IP
ipv6 over IPv6
multipoint over IP (multipoint)
R2:
interface Tunnel0
ip address 172.16.12.2 255.255.255.0
ip nhrp authentication CISCO
ip nhrp map multicast 100.1.12.1
ip nhrp map 172.16.12.1 100.1.12.1
ip nhrp network-id 1
ip nhrp nhs 172.16.12.1
tunnel source GigabitEthernet0/0.12
tunnel destination 100.1.12.1
R3:
interface Tunnel0
ip address 172.16.13.3 255.255.255.0
ip nhrp authentication CISCO
ip nhrp map 172.16.13.1 100.1.13.1
ip nhrp map multicast 100.1.13.1
ip nhrp network-id 2
ip nhrp nhs 172.16.13.1
tunnel source GigabitEthernet0/0.13
tunnel destination 100.1.13.1
As seen above, what was change on the spoke configuration are as follows:
1. NHRP mapping is configured statically ( Tunnel IP address is map to the NBMA address)
2. NHRP multicast ismap with the NHRP server Tunnel IP address.
3. Network ID is configured based on the network id assigned by the Hub router.
4. NHRP Next Hop Server ( NHS) is assigned statically with the Tunnel IP address of the Hub router.
Now lets verify if the spokes are registered with the Hub:
R1#show dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding
UpDn Time –> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1 100.1.12.2 172.16.12.2 UP 02:04:29 D
Interface: Tunnel1, IPv4 NHRP Details
Type:Hub, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1 100.1.13.3 172.16.13.3 UP 02:04:26 D
R2#show dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding
UpDn Time –> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1 100.1.12.1 172.16.12.1 UP 02:01:42 S
R3#show dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding
UpDn Time –> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1 100.1.13.1 172.16.13.1 UP 02:04:28 S
So the mapping of the NBMA address with the Peer Tunnel IP address is available on the Hub as well as on the spokes.
A detailed look as well using “show ip nhrp” ppovide the NBMA address.
R3#show ip nhrp
172.16.13.1/32 via 172.16.13.1
Tunnel0 created 02:08:30, never expire
Type: static, Flags:
NBMA address: 100.1.13.1
Now we need to enable OSPF between the HUB and spokes and advertise the Loopback:
R1:
router ospf 1
log-adjacency-changes
network 10.10.10.10 0.0.0.0 area 0
network 172.16.12.0 0.0.0.255 area 0
network 172.16.13.0 0.0.0.255 area 0
R2:
router ospf 1
log-adjacency-changes
network 20.20.20.20 0.0.0.0 area 0
network 172.16.12.0 0.0.0.255 area 0
R3:
router ospf 1
log-adjacency-changes
network 30.30.30.30 0.0.0.0 area 0
network 172.16.13.0 0.0.0.255 area 0
By default OSPF network types is POINT_TO_POINT. Let’s change this to Broadcast .
R1#show ip ospf interface tunnel 0
Tunnel0 is up, line protocol is up
Internet Address 172.16.12.1/24, Area 0
Process ID 1, Router ID 172.16.13.1, Network Type POINT_TO_POINT, Cost: 1000
Topology-MTID Cost Disabled Shutdown Topology Name
0 1000 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 4 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.12.2
Suppress hello for 0 neighbor(s)
!
R1#show run int tunnel 0
Building configuration…
Current configuration : 258 bytes
!
interface Tunnel0
ip address 172.16.12.1 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip ospf network broadcast
tunnel source GigabitEthernet0/0.12
tunnel mode gre multipoint
R2#show run int tunnel 0
Building configuration…
Current configuration : 328 bytes
!
interface Tunnel0
ip address 172.16.12.2 255.255.255.0
ip nhrp authentication CISCO
ip nhrp map multicast 100.1.12.1
ip nhrp map 172.16.12.1 100.1.12.1
ip nhrp network-id 1
ip nhrp nhs 172.16.12.1
ip ospf network broadcast
ip ospf priority 0
tunnel source GigabitEthernet0/0.12
tunnel destination 100.1.12.1
R3#show run int tunnel 0
Building configuration…
Current configuration : 328 bytes
!
interface Tunnel0
ip address 172.16.13.3 255.255.255.0
ip nhrp authentication CISCO
ip nhrp map 172.16.13.1 100.1.13.1
ip nhrp map multicast 100.1.13.1
ip nhrp network-id 2
ip nhrp nhs 172.16.13.1
ip ospf network broadcast
ip ospf priority 0
tunnel source GigabitEthernet0/0.13
tunnel destination 100.1.13.1
I also need to ensure that R2 and R3 will not be participating in DR/BDR elections. I will set R1 as the DR and R2 and R3 as DROTHER by setting the OSPF Priority. An OSPF Priority of “0” means the router is not participating in the DR and BDR election and will be set as DROTHER.
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int tunnel 0
R1(config-if)#ip ospf priority ?
Priority
R1(config-if)#ip ospf priority 100
R1(config-if)#int tun1
R1(config-if)#ip ospf priority 100
R1(config-if)#
Let verify this with the “show ip ospf interface ” command.
R1#show ip ospf interface tunnel 0
Tunnel0 is up, line protocol is up
Internet Address 172.16.12.1/24, Area 0
Process ID 1, Router ID 172.16.13.1, Network Type BROADCAST, Cost: 1000
Topology-MTID Cost Disabled Shutdown Topology Name
0 1000 no no Base
Transmit Delay is 1 sec, State DR, Priority 100
Designated Router (ID) 172.16.13.1, Interface address 172.16.12.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.12.2
Suppress hello for 0 neighbor(s)
R1#show ip ospf interface tunnel 1
Tunnel1 is up, line protocol is up
Internet Address 172.16.13.1/24, Area 0
Process ID 1, Router ID 172.16.13.1, Network Type BROADCAST, Cost: 1000
Topology-MTID Cost Disabled Shutdown Topology Name
0 1000 no no Base
Transmit Delay is 1 sec, State DR, Priority 100
Designated Router (ID) 172.16.13.1, Interface address 172.16.13.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:00
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.13.3
Suppress hello for 0 neighbor(s)
R2#show ip ospf interface tunnel 0
Tunnel0 is up, line protocol is up
Internet Address 172.16.12.2/24, Area 0
Process ID 1, Router ID 172.16.12.2, Network Type BROADCAST, Cost: 1000
Topology-MTID Cost Disabled Shutdown Topology Name
0 1000 no no Base
Transmit Delay is 1 sec, State DROTHER, Priority 0
Designated Router (ID) 172.16.13.1, Interface address 172.16.12.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.13.1 (Designated Router)
Suppress hello for 0 neighbor(s)
R3#show ip ospf interface tunnel 0
Tunnel0 is up, line protocol is up
Internet Address 172.16.13.3/24, Area 0
Process ID 1, Router ID 172.16.13.3, Network Type BROADCAST, Cost: 1000
Topology-MTID Cost Disabled Shutdown Topology Name
0 1000 no no Base
Transmit Delay is 1 sec, State DROTHER, Priority 0
Designated Router (ID) 172.16.13.1, Interface address 172.16.13.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 4 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.13.1 (Designated Router)
Suppress hello for 0 neighbor(s)
We can check the status from here,
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.13.3 0 FULL/DROTHER 00:00:35 172.16.13.3 Tunnel1
172.16.12.2 0 FULL/DROTHER 00:00:38 172.16.12.2 Tunnel0
R1#
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.13.1 100 FULL/DR 00:00:39 172.16.12.1 Tunnel0
R2#
R3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.13.1 100 FULL/DR 00:00:33 172.16.13.1 Tunnel0
R3#
Now, lets check the routes :
R1#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route
Gateway of last resort is not set
20.0.0.0/32 is subnetted, 1 subnets
O 20.20.20.20 [110/1001] via 172.16.12.2, 00:14:06, Tunnel0
30.0.0.0/32 is subnetted, 1 subnets
O 30.30.30.30 [110/1001] via 172.16.13.3, 00:14:16, Tunnel1
R1#
R2#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 1 subnets
O 10.10.10.10 [110/1001] via 172.16.12.1, 00:14:27, Tunnel0
30.0.0.0/32 is subnetted, 1 subnets
O 30.30.30.30 [110/2001] via 172.16.12.1, 00:14:27, Tunnel0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 172.16.13.0/24 [110/2000] via 172.16.12.1, 00:14:27, Tunnel0
R2#
R3#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, + – replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 1 subnets
O 10.10.10.10 [110/1001] via 172.16.13.1, 00:13:59, Tunnel0
20.0.0.0/32 is subnetted, 1 subnets
O 20.20.20.20 [110/2001] via 172.16.13.1, 00:13:49, Tunnel0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 172.16.12.0/24 [110/2000] via 172.16.13.1, 00:13:59, Tunnel0
R3#
And Finally lets verify dataplane connectivity,
R1#ping 20.20.20.20 source 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/16 ms
*May 5 01:32:43.643: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:32:43.651: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:32:43.667: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:32:43.675: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:32:43.687: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
R1#ping 30.30.30.30 source 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.30.30.30, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/20 ms
R1#
*May 5 01:32:55.151: NHRP: NHRP successfully resolved 172.16.13.3 to NBMA 100.1.13.3
*May 5 01:32:55.163: NHRP: NHRP successfully resolved 172.16.13.3 to NBMA 100.1.13.3
*May 5 01:32:55.187: NHRP: NHRP successfully resolved 172.16.13.3 to NBMA 100.1.13.3
*May 5 01:32:55.203: NHRP: NHRP successfully resolved 172.16.13.3 to NBMA 100.1.13.3
*May 5 01:32:55.215: NHRP: NHRP successfully resolved 172.16.13.3 to NBMA 100.1.13.3
R1#
R1#traceroute 30.30.30.30 source 10.10.10.10
Type escape sequence to abort.
Tracing the route to 30.30.30.30
1 172.16.13.3 20 msec 20 msec 16 msec
R1#
Just to elaborate a bit about the various stages of NHRP , I have tried to run a debug on R1 and shutdown the links on R2 (spoke1).
R1#debug nhrp
NHRP protocol debugging is on
R1#
*May 5 01:36:30.575: NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 105
*May 5 01:36:30.579: NHRP: netid_in = 1, to_us = 1
*May 5 01:36:30.579: NHRP: Adding Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
*May 5 01:36:30.583: NHRP: Cache already has a subblock node attached for
Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
*May 5 01:36:30.583: NHRP: Tu0: Found and skipping dynamic multicast mapping NBMA: 100.1.12.2
*May 5 01:36:30.587: NHRP: Added dynamic multicast mapping for
NBMA: 100.1.12.2
*May 5 01:36:30.587: NHRP: New mandatory length: 32
*May 5 01:36:30.587: NHRP:
R1#Attempting to send packet via DEST 172.16.12.2
*May 5 01:36:30.591: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:30.591: NHRP: Encapsulation succeeded. Tunnel IP addr 100.1.12.2
*May 5 01:36:30.591: NHRP: Send Registration Reply via Tunnel0 vrf 0, packet size: 125
*May 5 01:36:30.591: NHRP: 149 bytes out Tunnel0
*May 5 01:36:31.379: NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 105
*May 5 01:36:31.379: NHRP: netid_in = 1, to_us = 1
*May 5 01:36:31.383: NHRP: Adding Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
*May 5 01:36:31.383: NHRP: Cache already has a subblock node attached for
Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
*May 5 01:36:31.387: NHRP: Tu0: Found and skipping dynamic multicast mapping NBMA: 100.1.12.2
*May 5 01:36:31.387: NHRP: Added dynamic multicast mapping for
NBMA: 100.1.12.2
*May 5 01:36:31.387: NHRP: New mand
R1#atory length: 32
*May 5 01:36:31.387: NHRP: Attempting to send packet via DEST 172.16.12.2
*May 5 01:36:31.387: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:31.387: NHRP: Encapsulation succeeded. Tunnel IP addr 100.1.12.2
*May 5 01:36:31.387: NHRP: Send Registration Reply via Tunnel0 vrf 0, packet size: 125
*May 5 01:36:31.387: NHRP: 149 bytes out Tunnel0
*May 5 01:36:31.651: NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 105
*May 5 01:36:31.651: NHRP: netid_in = 1, to_us = 1
*May 5 01:36:31.655: NHRP: Adding Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
*May 5 01:36:31.655: NHRP: Cache already has a subblock node attached for
Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
*May 5 01:36:31.659: NHRP: Tu0: Found and skipping dynamic multicast mapping NBMA: 100.1.12.2
*May 5 01:36:31.659: NHRP: Added dynamic multicast mapping for
NBMA: 10
R1#0.1.12.2
*May 5 01:36:31.663: NHRP: New mandatory length: 32
*May 5 01:36:31.663: NHRP: Attempting to send packet via DEST 172.16.12.2
*May 5 01:36:31.663: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:31.667: NHRP: Encapsulation succeeded. Tunnel IP addr 100.1.12.2
*May 5 01:36:31.667: NHRP: Send Registration Reply via Tunnel0 vrf 0, packet size: 125
*May 5 01:36:31.671: NHRP: 149 bytes out Tunnel0
*May 5 01:36:31.715: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:31.835: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:31.867: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:31.887: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:31.903: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.12.2 on Tunnel0 from LOADING to FULL, Loading Done
R1#
*May 5 01:36:37.319: NHRP: NHRP successfully resolved 172.16.13.3 to NBMA 100.1.13.3
R1#
Summarising how NHRP works follow:
- We have seen the first NHRP Registration request received by NHRP server
*May 5 01:36:30.575: NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 105
- We also see the NHRP network-id which is 1 as i shutdown the tunnel between R1 –> R2
*May 5 01:36:30.579: NHRP: netid_in = 1, to_us = 1
- We have seen the tunnel endpoints has been added by the NHRP server.
*May 5 01:36:30.579: NHRP: Adding Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
- We have also observed that NHRP server have added on it cache the Tunnel endpoints
*May 5 01:36:30.583: NHRP: Cache already has a subblock node attached for
Tunnel Endpoints (VPN: 172.16.12.2, NBMA: 100.1.12.2)
- NHRP server added the multicast mapping for trhe NBMA address of R2.
*May 5 01:36:30.587: NHRP: Added dynamic multicast mapping for
NBMA: 100.1.12.2
- We can also see that NHRP server have successfully resolved the the mapping required, the encapsulation is completed and thus NHRP server have notified R2 with the registration reply.
*May 5 01:36:30.591: NHRP: NHRP successfully resolved 172.16.12.2 to NBMA 100.1.12.2
*May 5 01:36:30.591: NHRP: Encapsulation succeeded. Tunnel IP addr 100.1.12.2
*May 5 01:36:30.591: NHRP: Send Registration Reply via Tunnel0 vrf 0, packet size: 125
NETWORK LESSON 
Leave a comment