02 September, 2014

Dynamic Multipoint VPN (DMVPN)


Mechanics of DMVPN
- mGRE Tunnel Interfaces
- Static Dynamic IPs
- Routing Protocols
- NHRP for Spoke Discovery (Next Hop Resolution Protocol)

 Configure R1: 
R1-Hub#conf terminal 
R1-Hub(config)#int tunnel 0 
R1-Hub(config-if)#tunnel source ser 1/0
R1-Hub(config-if)#tunnel mode gre multipoint
R1-Hub(config-if)#tunnel key 6783
R1-Hub(config-if)#ip nhrp network-id 1        
R1-Hub(config-if)#ip nhrp authentication cisco123
R1-Hub(config-if)#ip nhrp map multicast dynamic 
R1-Hub(config-if)#ip nhrp shortcut              
R1-Hub(config-if)#ip nhrp redirect
R1-Hub(config-if)#ip address 172.16.0.1 255.255.255.0
R1-Hub(config-if)#ip mtu 1400
R1-Hub(config-if)#ip tcp adjust-mss 1360

 Configure R2: 
R2-Spoke#conf terminal 
R2-Spoke(config)#interface tunnel 0
R2-Spoke(config-if)#tunnel mode gre multipoint
R2-Spoke(config-if)#tunnel source ser 1/0
R2-Spoke(config-if)#tunnel key 6783
R2-Spoke(config-if)#ip nhrp network-id 1
R2-Spoke(config-if)#ip nhrp authentication cisco123
R2-Spoke(config-if)#ip nhrp shortcut               
R2-Spoke(config-if)#ip nhrp nhs 172.16.0.1
R2-Spoke(config-if)#ip nhrp map 172.16.0.1 15.0.0.1
R2-Spoke(config-if)#ip nhrp map multicast 15.0.0.1
R2-Spoke(config-if)#ip address 172.16.0.2 255.255.255.0
R2-Spoke(config-if)#ip mtu 1400
R2-Spoke(config-if)#ip tcp adjust-mss 1360

 Configure R3: 
R3-Spoke#conf terminal 
R3-Spoke(config)#interface tunnel 0
R3-Spoke(config-if)#tunnel mode gre multipoint
R3-Spoke(config-if)#tunnel source ser 1/0
R3-Spoke(config-if)#tunnel key 6783
R3-Spoke(config-if)#ip nhrp network-id 1
R3-Spoke(config-if)#ip nhrp authentication cisco123
R3-Spoke(config-if)#ip nhrp shortcut               
R3-Spoke(config-if)#ip nhrp nhs 172.16.0.1
R3-Spoke(config-if)#ip nhrp map 172.16.0.1 15.0.0.1
R3-Spoke(config-if)#ip nhrp map multicast 15.0.0.1
R3-Spoke(config-if)#ip address 172.16.0.3 255.255.255.0
R3-Spoke(config-if)#ip mtu 1400
R3-Spoke(config-if)#ip tcp adjust-mss 1360

 Configure R4: 
R4-Spoke#conf terminal 
R4-Spoke(config)#interface tunnel 0
R4-Spoke(config-if)#tunnel mode gre multipoint
R4-Spoke(config-if)#tunnel source ser 1/0
R4-Spoke(config-if)#tunnel key 6783
R4-Spoke(config-if)#ip nhrp network-id 1
R4-Spoke(config-if)#ip nhrp authentication cisco123
R4-Spoke(config-if)#ip nhrp shortcut               
R4-Spoke(config-if)#ip nhrp nhs 172.16.0.1
R4-Spoke(config-if)#ip nhrp map 172.16.0.1 15.0.0.1
R4-Spoke(config-if)#ip nhrp map multicast 15.0.0.1
R4-Spoke(config-if)#ip address 172.16.0.4 255.255.255.0
R4-Spoke(config-if)#ip mtu 1400
R4-Spoke(config-if)#ip tcp adjust-mss 1360

 ! Verify NHRP Configuration 
R1-Hub#show ip nhrp summary 
IP NHRP cache 4 entries, 1248 bytes
    0 static  4 dynamic  0 incomplete

 R1-Hub#show ip nhrp 
0.0.0.0/32 via 0.0.0.0
   Tunnel0 created 00:09:15, expire 01:51:25
   Type: dynamic, Flags: unique registered 
   NBMA address: 25.0.0.2 
172.16.0.2/32 via 172.16.0.2
   Tunnel0 created 00:07:44, expire 01:52:15
   Type: dynamic, Flags: unique registered 
   NBMA address: 25.0.0.2 
172.16.0.3/32 via 172.16.0.3
   Tunnel0 created 00:03:23, expire 01:56:37
   Type: dynamic, Flags: unique registered 
   NBMA address: 35.0.0.3 
172.16.0.4/32 via 172.16.0.4
   Tunnel0 created 00:01:44, expire 01:58:16
   Type: dynamic, Flags: unique registered 
   NBMA address: 45.0.0.4

 R2-Spoke#show ip nhrp summary 
IP NHRP cache 1 entry, 312 bytes
    1 static  0 dynamic  0 incomplete

R2-Spoke#show ip nhrp         
172.16.0.1/32 via 172.16.0.1
   Tunnel0 created 00:56:09, never expire 
   Type: static, Flags: used 
   NBMA address: 15.0.0.1

! Configure Routing Protocol (EIGRP AS 1)
Configure R1:
R1-Hub#conf terminal 
R1-Hub(config)#router eigrp 1
R1-Hub(config-router)#no auto-summary
R1-Hub(config-router)#network 10.1.1.1 0.0.0.0
R1-Hub(config-router)#network 172.16.0.1 0.0.0.0
Configure R2:
R2-Spoke#conf terminal 
R2-Spoke(config)#router eigrp 1
R2-Spoke(config-router)#no auto-summary
R2-Spoke(config-router)#network 10.2.2.2 0.0.0.0
R2-Spoke(config-router)#network 172.16.0.2 0.0.0.0
Configure R3:
R3-Spoke#conf terminal 
R3-Spoke(config)#router eigrp 1
R3-Spoke(config-router)#no auto-summary
R3-Spoke(config-router)#network 10.3.3.3 0.0.0.0
R3-Spoke(config-router)#network 172.16.0.3 0.0.0.0
Configure R4:
R4-Spoke#conf terminal 
R4-Spoke(config)#router eigrp 1
R4-Spoke(config-router)#no auto-summary
R4-Spoke(config-router)#network 10.4.4.4 0.0.0.0
R4-Spoke(config-router)#network 172.16.0.4 0.0.0.0

 ! Disable EIGRP Services on Hub Router
R1-Hub(config)#in tunnel 0 
R1-Hub(config-if)#no ip next-hop-self eigrp 1
R1-Hub(config-if)#no ip split-horizon eigrp 1

 ! Verify EIGRP Configuration
R1-Hub#show ip eigrp neighbors 
EIGRP-IPv4 Neighbors for AS(1)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.0.2              Tu0               14 00:06:44   98  1362  0  16
2   172.16.0.4              Tu0               14 00:13:56  109  1362  0  12
1   172.16.0.3              Tu0               13 00:15:10  143  1362  0  13

 R1-Hub#show ip route eigrp 
D        10.2.2.0/24 [90/27008000] via 172.16.0.2, 00:09:45, Tunnel0
D        10.3.3.0/24 [90/27008000] via 172.16.0.3, 00:18:07, Tunnel0
D        10.4.4.0/24 [90/27008000] via 172.16.0.4, 00:16:54, Tunnel0

 R2-Spoke#show ip route eigrp 
D        10.1.1.0/24 [90/27008000] via 172.16.0.1, 00:10:56, Tunnel0
D        10.3.3.0/24 [90/28288000] via 172.16.0.3, 00:10:56, Tunnel0
D        10.4.4.0/24 [90/28288000] via 172.16.0.4, 00:10:56, Tunnel0 

 R2-Spoke#show ip route 10.4.4.4
Routing entry for 10.4.4.0/24
  Known via "eigrp 1", distance 90, metric 28288000, type internal
  Redistributing via eigrp 1
  Last update from 172.16.0.4 on Tunnel0, 00:12:29 ago
  Routing Descriptor Blocks:
  * 172.16.0.4, from 172.16.0.1, 00:12:29 ago, via Tunnel0
      Route metric is 28288000, traffic share count is 1
      Total delay is 105000 microseconds, minimum bandwidth is 100 Kbit
      Reliability 255/255, minimum MTU 1400 bytes
      Loading 1/255, Hops 2
 
! Check How NHRP Works
R2-Spoke#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details 
IPv4 NHS: 172.16.0.1 RE
Type:Spoke, Total NBMA Peers (v4/v6): 2

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1       15.0.0.1      172.16.0.1    UP 03:00:01    S      172.16.0.1/32

 R2-Spoke#debug nhrp 
NHRP protocol debugging is on

 R2-Spoke#ping 10.4.4.4 repeat 2 source 10.2.2.2
Sending 2, 100-byte ICMP Echos to 10.4.4.4,
Packet sent with a source address of 10.2.2.2 
!!
Success rate is 100 percent (2/2)

 Debug :
*Sep  2 21:24:55.291: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel0 netid-out 1
*Sep  2 21:24:55.295: NHRP: Sending packet to NHS 172.16.0.1 on Tunnel0
*Sep  2 21:24:55.299: NHRP: NHRP successfully resolved 172.16.0.1 to NBMA 15.0.0.1
*Sep  2 21:24:55.299: NHRP: Checking for delayed event /172.16.0.4 on list (Tunnel0).
*Sep  2 21:24:55.303: NHRP: No node found.
*Sep  2 21:24:55.303: NHRP: Enqueued NHRP Resolution Request for destination: 172.16.0.4
*Sep  2 21:24:55.319: NHRP: Checking for delayed event /172.16.0.4 on list (Tunnel0).
*Sep  2 21:24:55.319: NHRP: No node found.
*Sep  2 21:24:55.319: NHRP: Sending NHRP Resolution Request for dest: 172.16.0.4 to NHS: 172.16.0.1 using our src: 172.16.0.2
*Sep  2 21:24:55.319: NHRP: Attempting to send packet via DEST 172.16.0.1
*Sep  2 21:24:55.319: NHRP: NHRP successfully resolved 172.16.0.1 to NBMA 15.0.0.1
*Sep  2 21:24:55.323: NHRP: Encapsulation succeeded.  Tunnel IP addr 15.0.0.1
*Sep  2 21:24:55.323: NHRP: Send Resolution Request via Tunnel0 vrf 0, packet size: 88
*Sep  2 21:24:55.323: NHRP: 116 bytes out Tunnel0 
*Sep  2 21:24:55.335: NHRP: Receive Traffic Indication via Tunnel0 vrf 0, packet size: 100
*Sep  2 21:24:55.339: NHRP: netid_in = 1, to_us = 0
*Sep  2 21:24:55.343: NHRP: nhrp_rtlookup yielded Loopback0
*Sep  2 21:24:55.347: NHRP: netid_out 0, netid_in 1
*Sep  2 21:24:55.371: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel0 netid-out 1
*Sep  2 21:24:55.375: NHRP: Sending packet to NHS 172.16.0.1 on Tunnel0
*Sep  2 21:24:55.379: NHRP: NHRP successfully resolved 172.16.0.1 to NBMA 15.0.0.1
*Sep  2 21:24:55.379: NHRP: Checking for delayed event /172.16.0.4 on list (Tunnel0).
*Sep  2 21:24:55.383: NHRP: No node found.
*Sep  2 21:24:55.391: NHRP: Checking for delayed event /10.4.4.4 on list (Tunnel0).
*Sep  2 21:24:55.395: NHRP: No node found.
*Sep  2 21:24:55.399: NHRP: Enqueued NHRP Resolution Request for destination: 10.4.4.4
*Sep  2 21:24:55.403: NHRP: Receive Resolution Reply via Tunnel0 vrf 0, packet size: 136
*Sep  2 21:24:55.407: NHRP: netid_in = 0, to_us = 1
*Sep  2 21:24:55.411: NHRP: Checking for delayed event /172.16.0.4 on list (Tunnel0).
*Sep  2 21:24:55.411: NHRP: No node found.
*Sep  2 21:24:55.415: NHRP: No need to delay processing of resolution event nbma src:25.0.0.2 nbma dst:45.0.0.4
*Sep  2 21:24:55.419: NHRP: Adding Tunnel Endpoints (VPN: 172.16.0.4, NBMA: 45.0.0.4)
*Sep  2 21:24:55.447: NHRP: Successfully attached NHRP subblock for Tunnel Endpoints (VPN: 172.16.0.4, NBMA: 45.0.0.4)
*Sep  2 21:24:55.471: NHRP: Checking for delayed event /10.4.4.4 on list (Tunnel0).
*Sep  2 21:24:55.471: NHRP: No node found.
*Sep  2 21:24:55.475: NHRP: Sending NHRP Resolution Request for dest: 10.4.4.4 to NHS: 172.16.0.1 using our src: 172.16.0.2
*Sep  2 21:24:55.479: NHRP: Attempting to send packet via DEST 172.16.0.1
*Sep  2 21:24:55.487: NHRP: NHRP successfully resolved 172.16.0.1 to NBMA 15.0.0.1
*Sep  2 21:24:55.487: NHRP: Encapsulation succeeded.  Tunnel IP addr 15.0.0.1
*Sep  2 21:24:55.491: NHRP: Send Resolution Request via Tunnel0 vrf 0, packet size: 88
*Sep  2 21:24:55.495: NHRP: 116 bytes out Tunnel0 
*Sep  2 21:24:55.587: NHRP: Receive Resolution Reply via Tunnel0 vrf 0, packet size: 136
*Sep  2 21:24:55.591: NHRP: netid_in = 0, to_us = 1
*Sep  2 21:24:55.595: NHRP: Checking for delayed event /10.4.4.4 on list (Tunnel0).
*Sep  2 21:24:55.599: NHRP: No node found.
*Sep  2 21:24:55.603: NHRP: No need to delay processing of resolution event nbma src:25.0.0.2 nbma dst:45.0.0.4
*Sep  2 21:24:55.607: NHRP: Adding Tunnel Endpoints (VPN: 172.16.0.4, NBMA: 45.0.0.4)

 ! Verify DMVPN
R2-Spoke#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details 
IPv4 NHS: 172.16.0.1 RE
Type:Spoke, Total NBMA Peers (v4/v6): 2

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1       15.0.0.1      172.16.0.1    UP 03:00:01    S      172.16.0.1/32

    1       45.0.0.4      172.16.0.4    UP 01:31:28    D      172.16.0.4/32

 R2-Spoke#traceroute 10.4.4.4 source lo 0 
Tracing the route to 10.4.4.4
  1 172.16.0.4 132 msec 88 msec 72 msec
*Sep  2 22:10:13.923: NHRP: NHRP successfully resolved 172.16.0.4 to NBMA 45.0.0.4

 R2-Spoke#un all 
All possible debugging has been turned off
! Note: Wireshark Captured File Link: Here
At
Tags:: , , , , ,