CCNP-Studies
Routing
6-DMVPN
7 Dmvpn Phase Ii

DMVPN Phase 2

Cisco Network Features

  • Available in IOS 12.3(4)T: This feature is available in Cisco IOS version 12.3(4)T.

  • SPOKE-to-SPOKE capabilities: This feature allows direct communication between spoke routers in a network, bypassing the hub router. It enhances the efficiency of data exchange within the network.

  • NO summarization allowed: Summarization, which is the process of aggregating routes to reduce routing table size, is not permitted in this context. Each route should be advertised individually.

  • NO default route origination allowed from HUB: The hub router is not allowed to originate a default route. A default route typically serves as a gateway of last resort, but in this setup, it must not be generated by the hub router.

  • SPOKE-to-SPOKE tunnel initiated by SPOKE: Spoke routers are responsible for initiating the creation of tunnels between them. This means that the spoke routers establish direct communication links without relying on the hub router to initiate the connection.

Phase 2 Enhancements

  • Removes burden from HUB in terms of CPU and bandwidth: Phase 2 enhancements are designed to alleviate the hub router's load, reducing the demand on its CPU and bandwidth resources.

  • Next hop value MUST be the tunnel interface IP of the originating router: In this phase, it's mandatory that the next hop value for routing purposes corresponds to the tunnel interface IP of the router that originated the traffic.

  • SPOKES now have mGRE interface just like HUB: Spoke routers now have mGRE (Multipoint Generic Routing Encapsulation) interfaces, similar to the hub router. This likely simplifies and standardizes the network architecture, enabling spokes to participate in routing more effectively.

NHRP Flow: Establishing SPOKE-to-SPOKE Communication

In a network utilizing NHRP (Next Hop Resolution Protocol), the process of establishing SPOKE-to-SPOKE communication involves the following steps:

  • NHRP Resolution Request initiated by SPOKE: The process begins with a SPOKE router initiating an NHRP Resolution Request.

    • SPOKE looks up next hop address (tunnel IP) for destination network & sees it is out the mGRE tu0 interface: The SPOKE router first examines the next hop address (tunnel IP) for the destination network. If this address is associated with the mGRE tu0 interface, it indicates the traffic should be sent via a multipoint Generic Routing Encapsulation tunnel.

    • SPOKE looks into local NHRP database for mapping: The SPOKE router checks its local NHRP database to see if there is an existing mapping for this destination. If the mapping is found, the SPOKE router has all the necessary information to route the traffic and proceeds to do so.

    • If it does not find a mapping, it sends the NHRP Resolution Request to its NHS: In cases where there is no existing mapping in the local database, the SPOKE router sends an NHRP Resolution Request to its Next Hop Server (NHS). The NHS is responsible for maintaining mappings between destination network addresses and tunnel IP addresses.

    • The HUB (who knows everyone) forwards to owner of network we are trying to reach: The hub router, acting as a central point in the network, receives the NHRP Resolution Request from the SPOKE. It knows the network topology and forwards this request to the owner of the destination network.

    • Owner responds directly to the requesting SPOKE: The owner of the destination network directly responds to the SPOKE that initiated the NHRP Resolution Request. This response includes the necessary information to establish a direct communication link.

    • Requestor adds NHRP mapping to local database, and SPOKE-to-SPOKE communications are established: The SPOKE that initiated the request adds the NHRP mapping to its local database. With this mapping in place, SPOKE-to-SPOKE communications are established, and the routers can communicate directly without relying on the hub router.

This NHRP flow significantly improves the efficiency of communication in a network by allowing direct SPOKE-to-SPOKE connections when needed.

Additional NHRP Configuration

In addition to the Phase-specific NHRP enhancements, there are additional NHRP configurations to consider in your network setup:

  • mGRE interface on SPOKES: The network should include mGRE (Multipoint Generic Routing Encapsulation) interfaces on SPOKE routers. These interfaces are essential for establishing efficient communication between routers in the network.

  • We will also add in (not Phase-specific):

    • ip nhrp authentication [password]: This configuration introduces NHRP authentication, enhancing the security of NHRP communications. The "[password]" should be replaced with the actual authentication password you intend to use.

    • ip nhrp registration non-unique: Enabling this option allows multiple hosts to register under the same NHRP mapping, simplifying the network configuration.

    • ip nhrp holdtime 600: A recommended value from the Cisco Validated Design (CVD) guide is to set the NHRP holdtime to 600 seconds. The holdtime defines the duration for which NHRP mappings are considered valid.

On the Hub (NHS - R7):

interface Tunnel0 ip address 10.0.0.7 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp map multicast dynamic ip nhrp network-id 99 ip tcp adjust-mss 1360 tunnel source g0/0 tunnel mode gre multipoint tunnel key 99

On the SPOKE(s) (NHC - R1-R4):

interface Tunnel0 ip address 10.0.0.2 255.255.255.0 ip nhrp map multicast 198.51.99.7 ip nhrp network-id 99 ip nhrp nhs 10.0.0.7 ip tcp adjust-mss 1360 ip mtu 1400 tunnel source GigabitEthernet0/0 tunnel destination 198.51.99.7 tunnel key 99 end

show and debug for NHRP and DMVPN

  • Show Commands:

    • Show dmvpn [detail]: The "Show dmvpn" command, when used with the "detail" extension, provides a detailed view of the DMVPN configuration. This includes information about the DMVPN phases, NHRP mappings, and additional settings.

    • Show ip nhrp [detail]: When combined with the "detail" extension, the "Show ip nhrp" command offers a comprehensive overview of NHRP operations. It provides detailed information about the NHRP registration table, including mappings and flags.

  • Debug Commands:

    • Debug dmvpn [events]: The "Debug dmvpn" command, with the "events" extension, allows for real-time debugging of specific DMVPN events. It's especially useful for focusing on particular DMVPN-related activities, such as NHRP registrations or mapping updates.

    • Debug ip nhrp [packets]: By adding the "packets" extension to "Debug ip nhrp," you can concentrate on the debugging of NHRP packets. This is helpful for capturing and analyzing NHRP packet exchanges, which is essential for troubleshooting NHRP issues.

These commands, along with their extensions, are essential for configuring, monitoring, and troubleshooting DMVPN networks. They provide granular control over the information and events you need to ensure the efficient and secure operation of your DMVPN infrastructure.

6 Dmvpn Phase I with Bgp8 Dmvpn Phase Ii Eigrp