REal World DMVPN issue
Hello everybody,
I am posting this, as i have issue in the DMVPN in our network at my work.
the issue is that we have an HQ connected to 10 branhes using MPLS L3 as the underlay network.
last week we configured DMVPN as the overlay without doing any type of encryption.
the issue is that the HUB router keeps listing the spokes as the following output:
Core-Router-Branches#sho dmvopn
^
% Invalid input detected at '^' marker.
Core-Router-Branches#sho dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:6,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
0 0.0.0.0 10.10.253.2 NHRP xi
0 0.0.0.0 10.10.253.3 NHRP xi
0 0.0.0.0 10.10.253.4 NHRP xi
0 0.0.0.0 10.10.253.5 NHRP xi
0 0.0.0.0 10.10.253.7 NHRP xi
0 0.0.0.0 10.10.253.10 NHRP xi
The only way to fix this is to flap all the spokes tunnel interfaces. after a while the spokes gets diconnected and the above output appears again
When i dubug nhrp, the HUB seems to keep sending NHRP requests, where it only has recieve requests and send acknowlgements.
Below is the tunnel interface configuration of the HUB and one of the spokes:
====================================
HUB
====================================
interface Tunnel0
ip address 10.10.253.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 65535
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 10
==========================================
SPOKE
==========================================
Current configuration : 337 bytes
!
interface Tunnel0
ip address 10.10.253.10 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 10.10.253.1 172.16.34.2
ip nhrp map multicast 172.16.34.2
ip nhrp network-id 1
ip nhrp holdtime 65535
ip nhrp nhs 10.10.253.1
ip tcp adjust-mss 1300
tunnel source FastEthernet0/0/0
tunnel mode gre multipoint
tunnel key 10
end
I know that this forum is dedicated to those who are persuing CCIE , but i am one of those who are on the same persuite, and i think that DMVPN is on the outline of the exam and would like to share this strange behaviour of DMVPN as part of the preparation 
Best Regards
Ibraheemo
Comments
Hi,
I would try to tune down the holdtime timers, which by the way are necessary only on spokes.
Gabriel
thanks Gabriel,
what the timers has to do with this behaviour, the hub keeps sending NHRP requests
but i will try this anyways.
Regards
If it works and at some point it stops working and outputs look like that, i would say it's one of two cases based on the NHRP entries state on the hub which show up as "XI": you hit a bug or there is a routing problem and tunnel is looped.
Try enabling "logging dmvpn" and see if when the problem comes up, you see any relevant log messages.
Hello Gabriel
I tried to tune down the holdtime timers with no positive results the peers keeps going down.
THnks
Hello cristian,
the peers are suddenly stopped working, as i reviewd the routing configuration it seems that it is working fine.
I will try to ugrade the IOS and see what will happen.
THank you
Hello cristian,
the spokes suddenly stops working thi is true, thoiugh wi will try to upgrade the IOS based on yoyr recomnedation, hopfuly it may works.
THank you