purpose? ip nhrp responder

Hello,
I am wondering how to leverage this command. I have never used it. I understand that it is related to the NHS command, but is there an obvious use?

I think this is beyond the R&S exam, so maybe a INE  Security candidate/instructor can help me understand the purpose of this DMVPN (nhrp) command?   I need a better mental picture than the Cisco explanation. ;-)

Here is the Cisco explanation that I found.

Thanks for any help with this.

Specifying the NHRP Responder Address


If an NHRP requester wants to know which Next
Hop Server generates an NHRP reply packet, it can request that
information by including the responder address option in its NHRP
request packet. The Next Hop Server that generates the NHRP reply packet
then complies by inserting its own IP address in the NHRP reply. The
Next Hop Server uses the primary IP address of the specified interface.


To specify which interface the Next Hop Server
uses for the NHRP responder IP address, use the following command in
interface configuration mode:



Command



Purpose

Router(config-if)# ip nhrp responder type number

Specifies which interface the Next Hop Server uses to determine the NHRP responder address.

If an NHRP reply packet being forwarded by a
Next Hop Server contains the IP address of that server, the Next Hop
Server generates an error indication of type "NHRP Loop Detected" and
discards the reply.

 

 

 

Comments

  • This is what I have on my notes for this command -



    ip nhrp responder <interface> - ?Straight from the documentation "An NHRP requester that wants to know which Next Hop Server generates an NHRP reply packet can include the responder address option in its NHRP request packet. The Next Hop Server that generates the NHRP reply packet then complies by inserting its own IP address in the NHRP reply. The Next Hop Server uses the primary IP address of the specified interface."

    By default the responder client address uses the IP address of the interface (overlay) that the NHRP was received on - this can be change to any other interface.




  • JoeMJoeM ✭✭✭

    Thanks Welshy.

    That seems to match the CiscoDoc info I have above.  Have you played with this? What does it mean?  why would we use it? 

    Is this just a type of router ID?

     






  • Yes that is what tried. It a mechanism for loop avoidance.




    I didn't have any debug in my notes for this one.



    Of course NHRP isn't specific for DMVPN and originated in ATM networks.

    Sent from BlackBerry

     


    From: JoeM [mailto:[email protected]]


    Sent: Saturday, June 13, 2015 02:38 PM

    To: Patrick Barnes

    Subject: Re: [CCIE Sec] purpose? ip nhrp responder

     

    Yes, that seems to match the CiscoDoc info I have above.  Have you played with this? What does it mean?  why would we use it? 

    Is this just a type of router ID?

     








    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • JoeMJoeM ✭✭✭

    Thanks again for helping me with this.

    A type of loop prevention?  Interesting. Good situation for multiple hubs?

    I do not know how to test it. Not a lot of documentation for its use.

     

     

    Here is my last attempt at it.  ;-)

    I did a test, and changed the NHRP RESPONDER to a loopback on both SPOKE and HUB:

    I found something in the REPLY (hub) packet, but nothing in the IOS output to show that it is being used for anything.  Did not see anything in debug on the spoke.

     

    Packet Capture (registration reply from hub):

    Frame 60: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits)
    <snip>
    Internet Protocol Version 4, Src: 169.254.60.6 (169.254.60.6), Dst: 169.254.10.1 (169.254.10.1)
    Generic Routing Encapsulation (NHRP)
        Flags and Version: 0x0000
        Protocol Type: NHRP (0x2001)
    Next Hop Resolution Protocol (NHRP Registration Reply)
        NHRP Fixed Header
            Address Family Number: IPv4 (0x0001)
            Protocol Type (short form): IP (0x0800)
            Protocol Type (long form): 0000000000
            Hop Count: 255
            Packet Length: 112
            NHRP Packet Checksum: 0xa854 [correct]
            Extension Offset: 52
            Version: 1 (NHRP - rfc2332)
            NHRP Packet Type: NHRP Registration Reply (4)
            Source Address Type/Len: NSAP format/4
                .0.. .... = Type: NSAP format (0)
                ..00 0100 = Length: 4
            Source SubAddress Type/Len: NSAP format/0
                .0.. .... = Type: NSAP format (0)
                ..00 0000 = Length: 0
        NHRP Mandatory Part
            Source Protocol Len: 4
            Destination Protocol Len: 4
            Flags: 0x8002
            Request ID: 0x00010005 (65541)
            Source NBMA Address: 169.254.10.1 (169.254.10.1) <-spoke
            Source Protocol Address: 10.0.0.1 (10.0.0.1) <-spoke
            Destination Protocol Address: 10.0.0.6 (10.0.0.6) <-HUB
    <snip>
        Responder Address Extension
            1... .... .... .... = Compulsory Flag: True
                 <snip>
                Client NBMA Address: 169.254.60.6 (169.254.60.6)
                Client Protocol Address: 6.6.6.6 (6.6.6.6)
    <-ok. now what?
    <snip>
        Cisco NAT Address Extension
            0... .... .... .... = Compulsory Flag: False
             <snip>
                Client NBMA Address: 169.254.60.6 (169.254.60.6)
                Client Protocol Address: 10.0.0.6 (10.0.0.6)
    <-HUB

     

     

    DMVPN and NHRP output on spoke or HUB:

    • I do not see anything in the IOS output that shows it being used for anything.
    • IGP works normally off of the hub's NHS (tunnel endpoint)

     

    R1 (SPOKE)

    R1#sh ip nhrp tun 0 detail
    10.0.0.6/32 via 10.0.0.6
       Tunnel0 created 00:29:40, never expire
       Type: static, Flags: used
       NBMA address: 169.254.60.6



    R1#sh dmvpn int tun 0 detail
    <snip>
    Interface Tunnel0 is up/up, Addr. is 10.0.0.1, VRF ""
       Tunnel Src./Dest. addr: 169.254.10.1/MGRE, Tunnel VRF ""
       Protocol/Transport: "multi-GRE/IP", Protect ""
       Interface State Control: Disabled
       nhrp event-publisher : Disabled

    IPv4 NHS:
    10.0.0.6  RE priority = 0 cluster = 0
    Type:Spoke, Total NBMA Peers (v4/v6): 1

    # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
    ----- --------------- --------------- ----- -------- ----- -----------------
        1 169.254.60.6           10.0.0.6    UP 00:29:42    S        10.0.0.6/32

    R6 (HUB):

    R6-HUB-1# sh ip nhrp tun 0 detail
    10.0.0.1/32 via 10.0.0.1
       Tunnel0 created 00:54:21, expire 01:23:57
       Type: dynamic, Flags: unique registered
       NBMA address: 169.254.10.1



    R6-HUB-1#sh dmvpn int tun 0 detail
    <snip>
    Interface Tunnel0 is up/up, Addr. is 10.0.0.6, VRF ""
       Tunnel Src./Dest. addr: 169.254.60.6/MGRE, Tunnel VRF ""
       Protocol/Transport: "multi-GRE/IP", Protect ""
       Interface State Control: Disabled
       nhrp event-publisher : Disabled
    Type:Hub, Total NBMA Peers (v4/v6): 2

    # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
    ----- --------------- --------------- ----- -------- ----- -----------------
        1 169.254.10.1           10.0.0.1    UP 00:54:26    D        10.0.0.1/32

Sign In or Register to comment.