DMVPN Phase 3 - Spoke to Spoke not working?

Hello everyone,

 

I have been trying to get my Phase 3 DMVPN working on the racks with my own config built with help of only the cisco documentation - However I can't get the spoke to spoke NHRP traffic to work any ideas folks as I am drawing a blank - R5 is the hub and R1 and R2 are spokes and I am trying to get R1 to ping R2 Loopback.

Many thanks

 

****R5 - HUB*****

interface Loopback0

 ip address 150.1.5.5 255.255.255.255

 ipv6 address 2001:150:5:5::5/128

!

interface Tunnel0

 bandwidth 1000

 ip address 155.1.0.5 255.255.255.0

 no ip redirects

 ip mtu 1400

 no ip split-horizon eigrp 1

 ip nhrp authentication donttell

 ip nhrp map multicast dynamic

 ip nhrp network-id 99

 ip nhrp holdtime 300

 ip nhrp shortcut

 ip nhrp redirect

 ip tcp adjust-mss 1360

 delay 1000

 tunnel source GigabitEthernet1.100

 tunnel mode gre multipoint

 tunnel key 100000

!

interface GigabitEthernet1.100

 encapsulation dot1Q 100

 ip address 169.254.100.5 255.255.255.0

 ipv6 address 2001:169:254:100::5/64

!

router eigrp A

 !

 address-family ipv4 unicast autonomous-system 1

  !       

  topology base

  exit-af-topology

  network 0.0.0.0

  network 150.1.0.0

  network 155.1.0.0

  eigrp router-id 5.5.5.5

 exit-address-family

 

**** R1 Spoke ****

interface Loopback0

 ip address 150.1.1.1 255.255.255.255

 ipv6 address 2001:150:1:1::1/128

!

interface Tunnel0

 bandwidth 1000

 ip address 155.1.0.1 255.255.255.0

 no ip redirects

 ip mtu 1400

 ip nhrp authentication donttell

 ip nhrp map multicast dynamic

 ip nhrp map 155.1.0.5 169.254.100.5

 ip nhrp map multicast 169.254.100.5

 ip nhrp network-id 99

 ip nhrp holdtime 300

 ip nhrp nhs 155.1.0.5

 ip nhrp shortcut

 ip tcp adjust-mss 1360

 delay 1000

 tunnel source GigabitEthernet1.100

 tunnel mode gre multipoint

 tunnel key 100000

!

interface GigabitEthernet1.100

 encapsulation dot1Q 100

 ip address 169.254.100.1 255.255.255.0

 ipv6 address 2001:169:254:100::1/64

!

router eigrp A

 !

 address-family ipv4 unicast autonomous-system 1

  !

  topology base

  exit-af-topology

  network 150.1.0.0

  network 155.1.0.0

  eigrp router-id 1.1.1.1

 exit-address-family

 

*** R2 Spoke ****

interface Loopback0

 ip address 150.1.2.2 255.255.255.255

 ipv6 address 2001:150:2:2::2/128

!

interface Tunnel0

 bandwidth 1000

 ip address 155.1.0.2 255.255.255.0

 no ip redirects

 ip mtu 1400

 ip nhrp authentication donttell

 ip nhrp map multicast dynamic

 ip nhrp map 155.1.0.5 169.254.100.5

 ip nhrp map multicast 169.254.100.5

 ip nhrp network-id 99

 ip nhrp holdtime 300

 ip nhrp nhs 155.1.0.5

 ip nhrp shortcut

 ip tcp adjust-mss 1360

 delay 1000

 tunnel source GigabitEthernet1.100

 tunnel mode gre multipoint

 tunnel key 100000

!

interface GigabitEthernet1.100

 encapsulation dot1Q 100

 ip address 169.254.100.2 255.255.255.0

 ipv6 address 2001:169:254:100::2/64

!

router eigrp A

 !

 address-family ipv4 unicast autonomous-system 1

  !

  topology base

  exit-af-topology

  network 150.1.0.0

  network 155.1.0.0

  eigrp router-id 2.2.2.2

 exit-address-family

 

 

Comments

  • Your configs look solid. Can you ping the VPN addresses between spokes? Did you debug dmvpn nhrp packet to see if your getting registration and resolution outputs? Do you see the EIGRP peers in the topology table and in the routing table? What does a trace route look like for you?

    Since your using Named EIGRP, on the hub, on the tunnel you need to use the AF-interface and use the no ip split horizon command. Try that and see if it works.

    HTH
    Rob




    On Thursday, September 4, 2014 10:40 AM, djjohnmerry <[email protected]>
    wrote:


    Hello everyone,

     

    I have been trying to get my Phase 3 DMVPN working on the racks with my own config built with help of only the cisco documentation - However I can get the spoke to spoke NHRP to work any ideas folks as I am drawing a blank - R5 is the hub and R1 and R2 are spokes and I am trying to get R1 to ping R2 Loopback.

    Many thanks

     

    ****R5 - HUB*****

    interface Loopback0

     ip address 150.1.5.5 255.255.255.255

     ipv6 address 2001:150:5:5::5/128

    !

    interface Tunnel0

     bandwidth 1000

     ip address 155.1.0.5 255.255.255.0

     no ip redirects

     ip mtu 1400

     no ip split-horizon eigrp 1

     ip nhrp authentication donttell

     ip nhrp map multicast dynamic

     ip nhrp network-id 99

     ip nhrp holdtime 300

     ip nhrp shortcut

     ip nhrp redirect

     ip tcp adjust-mss 1360

     delay 1000

     tunnel source GigabitEthernet1.100

     tunnel mode gre multipoint

     tunnel key 100000

    !

    interface GigabitEthernet1.100

     encapsulation dot1Q 100

     ip address 169.254.100.5 255.255.255.0

     ipv6 address 2001:169:254:100::5/64

    !

    router eigrp A

     !

     address-family ipv4 unicast autonomous-system 1

      !       

      topology base

      exit-af-topology

      network 0.0.0.0

      network 150.1.0.0

      network 155.1.0.0

      eigrp router-id 5.5.5.5

     exit-address-family

     

    **** R1 Spoke ****

    interface Loopback0

     ip address 150.1.1.1 255.255.255.255

     ipv6 address 2001:150:1:1::1/128

    !

    interface Tunnel0

     bandwidth 1000

     ip address 155.1.0.1 255.255.255.0

     no ip redirects

     ip mtu 1400

     ip nhrp authentication donttell

     ip nhrp map multicast dynamic

     ip nhrp map 155.1.0.5 169.254.100.5

     ip nhrp map multicast 169.254.100.5

     ip nhrp network-id 99

     ip nhrp holdtime 300

     ip nhrp nhs 155.1.0.5

     ip nhrp shortcut

     ip tcp adjust-mss 1360

     delay 1000

     tunnel source GigabitEthernet1.100

     tunnel mode gre multipoint

     tunnel key 100000

    !

    interface GigabitEthernet1.100

     encapsulation dot1Q 100

     ip address 169.254.100.1 255.255.255.0

     ipv6 address 2001:169:254:100::1/64

    !

    router eigrp A

     !

     address-family ipv4 unicast autonomous-system 1

      !

      topology base

      exit-af-topology

      network 150.1.0.0

      network 155.1.0.0

      eigrp router-id 1.1.1.1

     exit-address-family

     

    *** R2 Spoke ****

    interface Loopback0

     ip address 150.1.2.2 255.255.255.255

     ipv6 address 2001:150:2:2::2/128

    !

    interface Tunnel0

     bandwidth 1000

     ip address 155.1.0.2 255.255.255.0

     no ip redirects

     ip mtu 1400

     ip nhrp authentication donttell

     ip nhrp map multicast dynamic

     ip nhrp map 155.1.0.5 169.254.100.5

     ip nhrp map multicast 169.254.100.5

     ip nhrp network-id 99

     ip nhrp holdtime 300

     ip nhrp nhs 155.1.0.5

     ip nhrp shortcut

     ip tcp adjust-mss 1360

     delay 1000

     tunnel source GigabitEthernet1.100

     tunnel mode gre multipoint

     tunnel key 100000

    !

    interface GigabitEthernet1.100

     encapsulation dot1Q 100

     ip address 169.254.100.2 255.255.255.0

     ipv6 address 2001:169:254:100::2/64

    !

    router eigrp A

     !

     address-family ipv4 unicast autonomous-system 1

      !

      topology base

      exit-af-topology

      network 150.1.0.0

      network 155.1.0.0

      eigrp router-id 2.2.2.2

     exit-address-family

     

     



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • JoeMJoeM ✭✭✭

    Since your using Named EIGRP, on the hub, on the tunnel you need to use the AF-interface and use the no ip split horizon command. Try that and see if it works.

    This.

     

    router eigrp A

           address-family ipv4 auton 1

                    af-interface tun0

                                  no split-horizon

                                  no next-hop-self

  • Added the following and also I can ping all the VPN addresses

     

    router eigrp A

     !

     address-family ipv4 unicast autonomous-system 1

      !

      af-interface Tunnel0

       no next-hop-self

       no split-horizon

      exit-af-interface

      !

      topology base

      exit-af-topology

      network 0.0.0.0

      network 150.1.0.0

      network 155.1.0.0

      eigrp router-id 5.5.5.5

     exit-address-family

     

    Also the debug seems fine?

    NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 108

     (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

         shtl: 4(NSAP), sstl: 0(NSAP)

         pktsz: 108 extoff: 52

     (M) flags: "unique nat ", reqid: 57 

         src NBMA: 169.2

    R5#54.100.2

         src protocol: 155.1.0.2, dst protocol: 155.1.0.5

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 300

           addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

    Responder Address Extension(3):

    Forward Transit NHS Record Extension(4):

    Reverse Transit NHS Record Extension(5):

    Authentication Extension(7):

      type:Cleartext(1), data:donttell    

    NAT address Extension(9):

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 0

           addr_len: 4(NSAP

    R5#), subaddr_len: 0(NSAP), proto_len: 4, pref: 0

           client NBMA: 169.254.100.5

           client protocol: 155.1.0.5

    NHRP: netid_in = 99, to_us = 1

    NHRP: No NHRP subblock found in packet

    NHRP: Tunnels gave us pak src: 169.254.100.2

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: if_in: Tunnel0, nhrp_cache_pak.

    NHRP-CTS: CTS capability negotiation negative

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: swidb Tunnel0, nhrp_cache_update

    NHRP-MPLS:  tableid:

    R5# 0 vrf: 

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: Tunnel0: Cache update for target 155.1.0.2/32 next-hop 155.1.0.2

               169.254.100.2

    NHRP: Adding Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: NHRP subblock already exists for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: Peer capability:0

    NHRP: Cache already has a subblock node attached for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: swidb Tunnel0, nhrp_cache_update

    NHRP-MPLS:  tableid: 0

    R5# vrf: 

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: Tunnel0: Cache update for target 155.1.0.2/32 next-hop 155.1.0.2

               169.254.100.2

    NHRP: Adding Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: NHRP subblock already exists for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: Peer capability:0

    NHRP: Cache already has a subblock node attached for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: nhrp_subblock_c

    R5#heck_for_map() - Map Already Exists

    NHRP: Updating our cache with NBMA: 169.254.100.5, NBMA_ALT: 169.254.100.5

    NHRP: New mandatory length: 32

    NHRP: Attempting to send packet through interface Tunnel0 via DEST  dst 155.1.0.2

    NHRP: Send Registration Reply via Tunnel0 vrf 0, packet size: 128

     src: 155.1.0.5, dst: 155.1.0.2

     (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

         shtl: 4(NSAP), sstl: 0(NSAP)

         pktsz: 128 extoff: 52

     (M) flags: "unique nat ", reqid: 57 

         src NBMA: 169.254.100.2

    R5#

         src protocol: 155.1.0.2, dst protocol: 155.1.0.5

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 300

           addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

    Responder Address Extension(3):

     (C) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 300

           addr_len: 4(NSAP), subaddr_len: 0(NSAP), proto_len: 4, pref: 0

           client NBMA: 169.254.100.5

           client protocol: 155.1.0.5

    Forward Transit NHS Record Extension(4):

    Reverse Transit NHS Record Ex

    R5#tension(5):

    Authentication Extension(7):

      type:Cleartext(1), data:donttell    

    NAT address Extension(9):

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 0

           addr_len: 4(NSAP), subaddr_len: 0(NSAP), proto_len: 4, pref: 0

           client NBMA: 169.254.100.5

           client protocol: 155.1.0.5

    NHRP: No NHRP subblock found in packet

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: Setting 'used' flag on cache entry with nhop: 155.1.0.2

    NHRP: NHRP successfully mapped '155.1.0.2' to 

    R5#NBMA 169.254.100.2

    NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 169.254.100.2

    NHRP: 156 bytes out Tunnel0 

     

    Thanks for you help so far :-) 

  • Remove the no next hop self command. This isn't needed for phase 3, in phase 3 you will see a % beside the route that is being forwarded via phase 3. The redirect on the hub and the shortcut on the spokes replace no next hop self. When I had no next hop self configured with the redirect the % sign never showed up as expected. The CEF process also didn't change. If you have a route to the loopback via EIGRP and you trace to it pre NHRP redirect, there will be a delay after the hub receives the first hop for the resolution, after the resolution it should be immediate. Then you'll be able to check the routing table and the CEF table to verify. 


    On Thursday, September 4, 2014 11:28 AM, djjohnmerry <bou[email protected]> wrote:


    Added the following and also I can ping all the VPN addresses

     

    router eigrp A

     !

     address-family ipv4 unicast autonomous-system 1

      !

      af-interface Tunnel0

       no next-hop-self

       no split-horizon

      exit-af-interface

      !

      topology base

      exit-af-topology

      network 0.0.0.0

      network 150.1.0.0

      network 155.1.0.0

      eigrp router-id 5.5.5.5

     exit-address-family

     

    Also the debug seems fine?

    NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 108

     (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

         shtl: 4(NSAP), sstl: 0(NSAP)

         pktsz: 108 extoff: 52

     (M) flags: "unique nat ", reqid: 57 

         src NBMA: 169.2

    R5#54.100.2

         src protocol: 155.1.0.2, dst protocol: 155.1.0.5

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 300

           addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

    Responder Address Extension(3):

    Forward Transit NHS Record Extension(4):

    Reverse Transit NHS Record Extension(5):

    Authentication Extension(7):

      type:Cleartext(1), data:donttell    

    NAT address Extension(9):

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 0

           addr_len: 4(NSAP

    R5#), subaddr_len: 0(NSAP), proto_len: 4, pref: 0

           client NBMA: 169.254.100.5

           client protocol: 155.1.0.5

    NHRP: netid_in = 99, to_us = 1

    NHRP: No NHRP subblock found in packet

    NHRP: Tunnels gave us pak src: 169.254.100.2

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: if_in: Tunnel0, nhrp_cache_pak.

    NHRP-CTS: CTS capability negotiation negative

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: swidb Tunnel0, nhrp_cache_update

    NHRP-MPLS:  tableid:

    R5# 0 vrf: 

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: Tunnel0: Cache update for target 155.1.0.2/32 next-hop 155.1.0.2

               169.254.100.2

    NHRP: Adding Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: NHRP subblock already exists for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: Peer capability:0

    NHRP: Cache already has a subblock node attached for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: swidb Tunnel0, nhrp_cache_update

    NHRP-MPLS:  tableid: 0

    R5# vrf: 

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: Tunnel0: Cache update for target 155.1.0.2/32 next-hop 155.1.0.2

               169.254.100.2

    NHRP: Adding Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: NHRP subblock already exists for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: Peer capability:0

    NHRP: Cache already has a subblock node attached for Tunnel Endpoints (VPN: 155.1.0.2, NBMA: 169.254.100.2)

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: nhrp_subblock_c

    R5#heck_for_map() - Map Already Exists

    NHRP: Updating our cache with NBMA: 169.254.100.5, NBMA_ALT: 169.254.100.5

    NHRP: New mandatory length: 32

    NHRP: Attempting to send packet through interface Tunnel0 via DEST  dst 155.1.0.2

    NHRP: Send Registration Reply via Tunnel0 vrf 0, packet size: 128

     src: 155.1.0.5, dst: 155.1.0.2

     (F) afn: AF_IP(1), type: IP(800), hop: 255, ver: 1

         shtl: 4(NSAP), sstl: 0(NSAP)

         pktsz: 128 extoff: 52

     (M) flags: "unique nat ", reqid: 57 

         src NBMA: 169.254.100.2

    R5#

         src protocol: 155.1.0.2, dst protocol: 155.1.0.5

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 300

           addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0

    Responder Address Extension(3):

     (C) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 300

           addr_len: 4(NSAP), subaddr_len: 0(NSAP), proto_len: 4, pref: 0

           client NBMA: 169.254.100.5

           client protocol: 155.1.0.5

    Forward Transit NHS Record Extension(4):

    Reverse Transit NHS Record Ex

    R5#tension(5):

    Authentication Extension(7):

      type:Cleartext(1), data:donttell    

    NAT address Extension(9):

     (C-1) code: no error(0)

           prefix: 32, mtu: 9972, hd_time: 0

           addr_len: 4(NSAP), subaddr_len: 0(NSAP), proto_len: 4, pref: 0

           client NBMA: 169.254.100.5

           client protocol: 155.1.0.5

    NHRP: No NHRP subblock found in packet

    NHRP: nhrp_ifcache: Avl Root:7F1142857F50

    NHRP: Setting 'used' flag on cache entry with nhop: 155.1.0.2

    NHRP: NHRP successfully mapped '155.1.0.2' to 

    R5#NBMA 169.254.100.2

    NHRP: Encapsulation succeeded.  Sending NHRP Control Packet  NBMA Address: 169.254.100.2

    NHRP: 156 bytes out Tunnel0 

     

    Thanks for you help so far :-) 



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • Technically you just need ip nhrp redirect on the hub and ip nhrp shortcut on the spokes.

  • JoeMJoeM ✭✭✭


    Remove the no next hop self command. This isn't needed for phase 3, in phase 3 you will see a % beside the route that is being forwarded via phase 3. The redirect on the hub and the shortcut on the spokes replace no next hop self. When I had no next hop self configured with the redirect the % sign never showed up as expected. The CEF process also didn't change. If you have a route to the loopback via EIGRP and you trace to it pre NHRP redirect, there will be a delay after the hub receives the first hop for the resolution, after the resolution it should be immediate. Then you'll be able to check the routing table and the CEF table to verify. 

    Excellent.  This solved a problem for me. I was never able to see the % sign.

    To make sure I get this correct, we only use the no next-hop-self for the 2nd phase.  Correct?

    Thanks. 

  • To make sure I get this correct, we only use the no next-hop-self for the 2nd phase.  Correct?

    Correct, for phase 2, you don't want the hub to change the next-hop to itself, you want the next-hop to be the spoke's next-hop to trigger nhrp; for phase 3 nhrp redirects and shortcut will take care of forcing traffic from spoke to spoke

     

    HTH

     

  • To my knowledge yes. I accidentally left phase 2 config in and then tried phase 3. It worked but based on following documentation and Brian's example I received mixed results. I then realized the no next hop self, removed it and then I saw the % sign there. Although the config is straightforward It doesn't make sense the difference between phase 2 and 3. No next hop self in phase 2 seems to have the same result as the redirect and shortcut in phase 3. I can't explain it, I wasn't able to ask the difference in class either. I guess knowing there is a config difference may be the difference in the lab. But who knows. In the 3 networks I've deployed DMVPN into none of them use phase 3, either phase 1 or 2. 2 of them use phase 1 as they don't need spoke to spoke communication. The config
    for IPsec seems to be easier with the IPsec profile rather than using crypto maps. That's just me though. 


    On Thursday, September 4, 2014 12:19 PM, JoeM <[email protected]> wrote:


    image rriker:

    Remove the no next hop self command. This isn't needed for phase 3, in phase 3 you will see a % beside the route that is being forwarded via phase 3. The redirect on the hub and the shortcut on the spokes replace no next hop self. When I had no next hop self configured with the redirect the % sign never showed up as expected. The CEF process also didn't change. If you have a route to the loopback via EIGRP and you trace to it pre NHRP redirect, there will be a delay after the hub receives the first hop for the resolution, after the resolution it should be immediate. Then you'll be able to check the routing table and the CEF table to verify. 


    Excellent.  This solved a problem for me. I was never able to see the % sign.

    To make sure I get this correct, we only use the no next-hop-self for the 2nd phase.  Correct?

    Thanks. 



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • That makes sense. Thanks for the clarification!


    On Thursday, September 4, 2014 12:32 PM, qqabdal <[email protected]> wrote:


    image JoeM:
    To make sure I get this correct, we only use the no next-hop-self for the 2nd phase.  Correct?
    Correct, for phase 2, you don't want the hub to change the next-hop to itself, you want the next-hop to be the spoke's next-hop to trigger nhrp; for phase 3 nhrp redirects and shortcut will take care of forcing traffic from spoke to spoke

     

    HTH

     



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • Just a quick update:  What I did - Fired up GNS3 with c7200-adventerprisek9-mz.152-4.M6 add re-looked at my code and I had this working for phase 3 DMVPN with named EIGRP - In case this helps anyone:

    ***HUB***

    interface Loopback0

     ip address 150.1.5.5 255.255.255.255

    !

    interface Tunnel0

     bandwidth 1000

     ip address 155.1.0.5 255.255.255.0

     no ip redirects

     ip mtu 1400

     ip nhrp authentication donttell

     ip nhrp map multicast dynamic

     ip nhrp network-id 99

     ip nhrp holdtime 300

     ip nhrp shortcut

     ip nhrp redirect

     ip tcp adjust-mss 1360

     delay 1000

     tunnel source FastEthernet0/0

     tunnel mode gre multipoint

     tunnel key 100000

    !

    interface FastEthernet0/0

     ip address 169.254.100.5 255.255.255.0

    !

    router eigrp A

     !

     address-family ipv4 unicast autonomous-system 1

      !

      af-interface Tunnel0

       summary-address 0.0.0.0 0.0.0.0

      exit-af-interface

      !

      topology base

      exit-af-topology

      network 0.0.0.0

      network 150.1.0.0

      network 155.1.0.0

      eigrp router-id 5.5.5.5

     exit-address-family


    ***Spokes***


    interface Loopback0

     ip address 150.1.1.1 255.255.255.255

    !

    interface Tunnel0

     bandwidth 1000

     ip address 155.1.0.1 255.255.255.0

     no ip redirects

     ip mtu 1400

     ip nhrp authentication donttell

     ip nhrp map multicast dynamic

     ip nhrp map 155.1.0.5 169.254.100.5

     ip nhrp map multicast 169.254.100.5

     ip nhrp network-id 99

     ip nhrp holdtime 300

     ip nhrp nhs 155.1.0.5

     ip nhrp shortcut

     ip tcp adjust-mss 1360

     delay 1000

     tunnel source FastEthernet0/0

     tunnel mode gre multipoint

     tunnel key 100000

    !

    interface FastEthernet0/0

     ip address 169.254.100.1 255.255.255.0

    !

    router eigrp A

     !

     address-family ipv4 unicast autonomous-system 1

      !

      topology base

      exit-af-topology

      network 150.1.0.0

      network 155.1.0.0

      eigrp router-id 1.1.1.1

     exit-address-family


    !

    *** OUTPUT ***



    R1#sh ip rout

    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

           E1 - OSPF external type 1, E2 - OSPF external type 2

           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

           ia - IS-IS inter area, * - candidate default, U - per-user static route

           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

           + - replicated route, % - next hop override


    Gateway of last resort is 155.1.0.5 to network 0.0.0.0


    D*    0.0.0.0/0 [90/10240640] via 155.1.0.5, 00:11:53, Tunnel0

          150.1.0.0/32 is subnetted, 1 subnets

    C        150.1.1.1 is directly connected, Loopback0

          155.1.0.0/16 is variably subnetted, 2 subnets, 2 masks

    C        155.1.0.0/24 is directly connected, Tunnel0

    L        155.1.0.1/32 is directly connected, Tunnel0

          169.254.0.0/16 is variably subnetted, 2 subnets, 2 masks

    C        169.254.100.0/24 is directly connected, FastEthernet0/0

    L        169.254.100.1/32 is directly connected, FastEthernet0/0

    R1#ping 150.1.2.2

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 150.1.2.2, timeout is 2 seconds:

    !!!!!

    Success rate is 100 percent (5/5), round-trip min/avg/max = 176/410/616 ms

    R1#sh ip route

    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

           E1 - OSPF external type 1, E2 - OSPF external type 2

           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

           ia - IS-IS inter area, * - candidate default, U - per-user static route

           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

           + - replicated route, % - next hop override


    Gateway of last resort is 155.1.0.5 to network 0.0.0.0


    D*    0.0.0.0/0 [90/10240640] via 155.1.0.5, 00:12:09, Tunnel0

          150.1.0.0/32 is subnetted, 2 subnets

    C        150.1.1.1 is directly connected, Loopback0

    H        150.1.2.2 [250/1] via 155.1.0.2, 00:00:05, Tunnel0

          155.1.0.0/16 is variably subnetted, 2 subnets, 2 masks

    C        155.1.0.0/24 is directly connected, Tunnel0

    L        155.1.0.1/32 is directly connected, Tunnel0

          169.254.0.0/16 is variably subnetted, 2 subnets, 2 masks

    C        169.254.100.0/24 is directly connected, FastEthernet0/0

    L        169.254.100.1/32 is directly connected, FastEthernet0/0


Sign In or Register to comment.