CCNP-Studies
Routing
1-EIGRP
21 Eigrp and Dmvpn

Dynamic Multipoint VPN (DMVPN) and EIGRP

Dynamic Multipoint VPN (DMVPN) is a VPN technology with three phases that focuses on optimizing the next hop for routing. It is designed to simplify the creation of secure, scalable, and efficient VPNs over existing service provider (SP) infrastructure or the Internet. DMVPN removes the SP from the routing equation, making it a valuable solution for various networking scenarios.

Three Phases of DMVPN

DMVPN deployment consists of three phases:

  1. Hub-and-Spoke (Phase 1): Initial setup with a central hub and remote spokes.
  2. Hub-to-Hub (Phase 2): Direct communication between remote hubs.
  3. Hub-to-Spoke on Demand (Phase 3): Efficient spoke-to-spoke communication, initiated when needed.

All About Next Hop

In DMVPN, the focus is on optimizing the next hop for routing, making it an ideal solution for complex network topologies.

Removing the SP from the Equation

DMVPN allows secure tunneling over the SP infrastructure or the Internet, reducing the reliance on the service provider for connectivity.

Considerations and Challenges

While implementing DMVPN, be mindful of the following considerations:

  • Split Horizon: Prevents a router from advertising routes back to the interface from which they were received.
  • Next Hop: Optimizing the next hop is essential for efficient routing in DMVPN scenarios.

EIGRP in DMVPN

EIGRP (Enhanced Interior Gateway Routing Protocol) is an optimal Layer 3 protocol choice for DMVPN deployments. Distance vector protocols like EIGRP are preferred over link-state protocols in DMVPN scenarios.

DMVPN Hub Configuration Example

Tunnel46 Interface Configuration (Hub)

interface tunnel46
 ip address 192.168.1.10 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 90
 ip nhrp server-only
 ip tcp adjust-mss 1360
 tunnel source Loopback 0
 tunnel mode gre multipoint
 tunnel key 90
interface tunnel46
 ip address 192.168.1.11 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco123
 ip nhrp map multicast 200.2.2.2
 ip hrp map 192.168.1.10 200.2.2.2
 ip nhrp network-id 90
 ip nhrp hold-time 600
 ip nhrp nhs 192.168.1.10
 ip nhrp registration no-unique
 ip hhrp registration timeout 60
 ip nhrp shortcut 
 ip nhrp server-only
 ip tcp adjust-mss 1360
 tunnel source Loopback 0
 tunnel mode gre multipoint
 tunnel key 90

Verification

To ensure the proper configuration of DMVPN and EIGRP, use the following commands for verification:

  1. show dmvpn: This command displays detailed information about the DMVPN setup, allowing you to verify its configuration and operational status.

  2. show ip eigrp neighbor: Use this command to check the status of EIGRP neighbors. It provides information about neighboring routers, their addresses, and their EIGRP routing relationships.

  3. show ip nhrp: The show ip nhrp command is used to examine the Next Hop Resolution Protocol (NHRP) status and mappings. It helps confirm the proper functioning of NHRP in the DMVPN network.

These verification commands play a crucial role in ensuring the correct operation and troubleshooting of your DMVPN and EIGRP configurations.

20 Mpls Layer3 Vpn1 Ospf Packet Header