Официален блог на WebEKM EKM очаквайте сайта онлайн скоро.

Download Free Templates http://bigtheme.net/ free full Wordpress, Joomla, Mgento - premium themes.

DMVPN Phase 3 configuration.
NHRP Shortcut and Redirect explanation

The difference between phase 2 and 3 regarding DMVPN is slight at a first glance. In this article we will find out how to properly configure Phase 3, especially we focus on  NHRP protocol and its role. At the end we will establish full reachability between 2 spokes with utilization of EIGRP.

Talking LAB over
The lab consists of 3 sites, 2 Branches as a Spokes and HQ as a Hub. Behind each of the edge router there is a router with running EIGRP process with edge router. Our goal is achieving full direct connectivity between loopbacks 5.5.5.5 Branch-A and 5.5.5.2 Branch-B without a command “ip next-hop-self eigrp xxx” on the hub and its gonna happen thanks to DMVPN Phase 3. The advantage of this soultion is scalability, we may deploy another branches without “touching” the HQ router, also we need only the ONE static IP address on the HUB!

The topology of our Lab  looks like this:

 

Here is the link to download empty lab 

https://mega.nz/#!jn4QCQoK

the key to decrypt to decrypt
uHEkvwC6QlHiQU0QxmrF9WXTbfEYCdo7LeUs3S3LEo
to unrar the file use the password : www.itbundle.net

 

Firstly we have to deploy EIGRP on the Spokes and Hub ( on routers behind them EIGRP is deployed already)

Spoke1

router eigrp 128
no auto-summary
network 10.10.11.0 0.0.0.255
network 128.128.128.0 0.0.0.255

Spoke2

router eigrp 128
no auto-summary
network 10.10.22.0 0.0.0.255
network 128.128.128.0 0.0.0.255

Hub
router eigrp 128
no auto-summary
network 172.16.10.0 0.0.0.255
network 128.128.128.0 0.0.0.255

 

Now we may proceed to the proper configuration of DMVPN Phase 3, but firstly let’s learn some theory.

mGRE tunnels

Firstly we create well known logical tunnels interfaces on each of the sites. The first thing, we have to configure ‘tunnel mode GRE multipoint‘. We don’t specify destination address on any of the routers regardless it is a HUB or Spoke. NHRP protocol is responsible for NBMA addresses resolution.

NHRP
NHRP protocol enables us direct connection between 2 Spokes without utilization of the Hub. The Hub takes part only slightly in the first phase of communication. If Spoke1 wants to send the packet to Spoke2, firstly has to get to know what is an ip address of Spoke2. In order to achieve this, the first packet destined to Spoke 2 is sent to the Hub. The Hub redirects this packet to the Spoke2 and in the meantime sends information about an IP address of Spoke2 to Spoke1. From now on Spoke1 may send the remained packets of the flow directly to the Spoke2 with omitting the Hub.

Ip nhrp map multicast dynamic‘ on the HUB allows NHRP to automatically add spoke routers to the multicast NHRP mappings, when Spokes routers initiate the mGRE tunnel and register their unicast NHRP mappings. Without this command we would have to manually map NBMA addresses of the Spokes to the tunnel addresses. Also on the spokes we have to configure mapping of NHS (Next Hop Server – the HUB) tunnel address to the NBMA address.

Instead of use one line command ‘ip nhrp nhs 128.128.128.8 nbma 136.1.38.8 multicast‘,  we could use old fashion configuration syntax:
ip nhrp map multicast 136.1.38.8
ip nhrp map 128.128.128.8 136.1.38.8
ip nhrp nhs 128.128.128.8

Shortcut and Redirect

ip nhrp shortcut‘ on the SPOKES and ‘ip nhrp redirect‘ on the HUB. These 2 commands are crucial regarding Phase 3 DMVPN. The difference between Phase 2 and Phase 3 i lack of availability of summarization on the HUB. In Phase 2, the Spokes had to maintain the full routing tables with the next hop addresses pointing exactly the tunnel interface of the remote Spokes.This limitation makes  summarization impossible on the Hub, where the next hop after  summarization is the tunnel interface of the HUB. Now, the ‘ip nhrp redirect‘ command sends the message to the Spokes that says “there is a better route to the destination Spoke then via the Hub” and ‘ip nhrp shortcut‘ imposes installation this route in the FIB on the Spokes. Very often engineers think they deployed Phase 3 but they stuck on Phase 2 especially if you migrate from Phase 2 into Phase 3. If you properly deployed Phase 3 then command ‘ip next-hop-self eigrp 128‘ has to be removed only ‘no ip split-horizon eigrp 128′  remains, also in the routing table you gonna see routes installed by NHRP with “N” letter. The best way to check how particular route has been installed in the FIB is … by checking the FIB table with ‘show ip cef x.x.x.x’ command.

At the end of this article we see how ‘ip cef’ entry in FIB looks like with shortcut and redirect disabled (next hop 128.128.128.8 – HUB ) and with shortcut and redirect (next hop 128.128.128.2 –  Spoke 2) enabled.

Configuration

HUB

interface tunnel 28
ip address 128.128.128.8 255.255.255.0
tunnel mode gre multipoint
tunnel source Gigabitethernet0/0
tunnel key 00000

no ip split-horizon eigrp 128
ip next-hop-self eigrp 128

ip nhrp network-id 8
ip nhrp map multicast dynamic
ip nhrp redirect
ip nhrp authentication itbundle

SPOKE 2

interface tunnel 28
ip address 128.128.128.2 255.255.255.0
tunnel mode gre multipoint
tunnel source gigabitethernet0/0
tunnel key 00000

ip nhrp network-id 1
ip nhrp nhs 128.128.128.8 nbma 136.1.38.8 multicast
ip nhrp shortcut
ip nhrp authentication itbundle

SPOKE 1

interface tunnel 28
ip address 128.128.128.1 255.255.255.0
tunnel mode gre multipoint
tunnel source gigabitethernet0/0
tunnel key 00000

ip nhrp network-id 1
ip nhrp nhs 128.128.128.8 nbma 136.1.38.8 multicast
ip nhrp shortcut
ip nhrp authentication itbundle

 

Verification
Firstly let’s check if NHRP and DMVPN are configured :

 

Now, let’s make traceroute from 5.5.5.5 (Site-A) to 5.5.5.2 (Site-B) in order to trigger the NHRP. What we see, the first traceroute triggered the NHRP, next NHRP has worked properly and sent to the Spoke1 “better” next hope (Spoke2 tunnel interface).

Now, let’s check the RIB table on Spoke1. We see route learnt via NHRP 128.128.128.2, also there is a route to the 5.5.5.5 that next hope has been changed by NHRP, “%” symbol indicates this.

Now I am going to summarize “everything” on the HUB router

and check on the Spoke1 the RIB table. As we see despite we summarized everything on the HUB we still get the “better” route to 5.5.5.5 thanks to NHRP with next hop 128.128.128.2

At the end let’s play a little bit with ‘ip nhrp shortcut’ and ‘ip nhrp redirect’ commands to see their influence on routing on Spoke1.  First ‘show ip cef’ command is without running shortcut and redirect on Spoke and Hub respectively. We see the next hop is Hub 128.128.128.8. After implementation of these 2 commands the next hop got changed to 128.128.128.2

,

Onlain bookmaker bet365.com - the best bokie

Menu