Home > DMVPN Tutorial

DMVPN Tutorial

February 14th, 2015 in ROUTE Knowledge Go to comments

Configuring DMVPN

DMVPN can be configured in three different methods, each method is often called a “phase”:

1) DMVPN Phase I (Spoke-to-Hub only):
+ mGRE is configured on Hub, p2p GRE is configured on Spokes
+ Traffic flows between Spoke & Hub only (Spokes talk to each other through hub). No spoke-to-spoke direct communication

DMVPN_Topo_Configuration_Phase_1.jpg

DMVPN Phase I

DMVPN Phase I – Static Mapping
Hub
interface tunnel 1
ip address 192.168.100.254 255.255.255.0
tunnel source 44.44.44.4
tunnel mode gre multipoint
ip nhrp network 10
ip nhrp map 192.168.100.1 11.11.11.1
ip nhrp map 192.168.100.2 12.12.12.2
Spoke 1
interface tunnel 1
ip address 192.168.100.1 255.255.255.0
tunnel source 11.11.11.1
tunnel destination 44.44.44.4
ip nhrp network 10
ip nhrp map 192.168.100.254 44.44.44.4
!
!
!
Spoke 2
interface tunnel 1
ip address 192.168.100.2 255.255.255.0
tunnel source 12.12.12.2
tunnel destination 44.44.44.4
ip nhrp network 10
ip nhrp map 192.168.100.254 44.44.44.4
DMVPN Phase I – Dynamic Mapping
Hub
interface tunnel 1
ip address 192.168.100.254 255.255.255.0
tunnel source 44.44.44.4
tunnel mode gre multipoint
ip nhrp network 10
(Notice there are no “ip nhrp map …” commands in Hub, since
mapping will be dynamic)
Spoke 1
interface tunnel 1
ip address 192.168.100.1 255.255.255.0
tunnel source 11.11.11.1
tunnel destination 44.44.44.4
ip nhrp network 10
ip nhrp map 192.168.100.254 44.44.44.4
ip nhrp nhs 192.168.100.254
(“ip nhrp nhs …” command send registration request to hub,
tells our spoke router who the Next Hop Server is)
Spoke 2
interface tunnel 1
ip address 192.168.100.2 255.255.255.0
tunnel source 12.12.12.2
tunnel destination 44.44.44.4
ip nhrp network 10
ip nhrp map 192.168.100.254 44.44.44.4
ip nhrp nhs 192.168.100.254

First we notice in the Hub configuration there is no “tunnel destination” command because the tunnel destination is derived from NHRP database. If we are running dynamic routing protocols based on multicast (like RIP, OSPF, EIGRP …) we have to add the command “ip nhrp map multicast dynamic” in Hub to replicate all multicast traffic to all dynamic entries in the NHRP table (multicast will be proceeded as unicast traffic).

“ip nhrp network 10” uniquely identifies the DMVPN network; tunnels will not form between routers with different NHRP network IDs.

2) DMVPN Phase II (Spoke-to-Spoke):

In this phase every hub and spoke is configured with mGRE interface so we can create dynamic spoke-to-spoke connectivity, no more static tunnel destination’s will be configured.

+ Hub use mGRE tunnel
+ Spokes use mGRE tunnel
+ Spokes talk to each other directly

DMVPN_Topo_Configuration_Phase_2.jpg

DMVPN Phase II

DMVPN Phase II Configuration

DMVPN Phase II – Static Mapping
Hub
interface tunnel 1
ip address 192.168.100.254 255.255.255.0
tunnel source 44.44.44.4
tunnel mode gre multipoint
ip nhrp network 10
ip nhrp map 192.168.100.1 11.11.11.1
ip nhrp map 192.168.100.2 12.12.12.2
Spoke 1
interface tunnel 1
ip address 192.168.100.1 255.255.255.0
tunnel source 11.11.11.1
tunnel mode gre multipoint
ip nhrp network 10
ip nhrp map 192.168.100.1 11.11.11.1
ip nhrp map 192.168.100.2 12.12.12.2
ip nhrp map 192.168.100.254 44.44.44.4
Spoke 2
interface tunnel 1
ip address 192.168.100.2 255.255.255.0
tunnel source 12.12.12.2
tunnel mode gre multipoint
ip nhrp network 10
ip nhrp map 192.168.100.1 11.11.11.1
ip nhrp map 192.168.100.2 12.12.12.2
ip nhrp map 192.168.100.254 44.44.44.4
DMVPN Phase II – Dynamic Mapping
Hub
interface tunnel 1
ip address 192.168.100.254 255.255.255.0
tunnel source 44.44.44.4
tunnel mode gre multipoint
ip nhrp network 10
!
!
Spoke 1
interface tunnel 1
ip address 192.168.100.1 255.255.255.0
tunnel source 11.11.11.1
tunnel mode gre multipoint
ip nhrp network 10
ip nhrp map 192.168.100.254 44.44.44.4
ip nhrp nhs 192.168.100.254
!
Spoke 2
interface tunnel 1
ip address 192.168.100.2 255.255.255.0
tunnel source 12.12.12.2
tunnel mode gre multipoint
ip nhrp network 10
ip nhrp map 192.168.100.254 44.44.44.4
ip nhrp nhs 192.168.100.254

Note: Although Phase II – Dynamic Mapping is “dynamic” but we still need to add a static entry for the hub because without that entry, the NHRP registration cannot be sent.

To verify the DMVPN configuration we can use the “show dmvpn” or “show ip nhrp” command. The outputs of these commands are shown below:

On Hub:

Hub#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel1, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 11.11.11.1          192.168.100.1  UP 00:03:08     D
     1 12.12.12.2          192.168.100.2  UP 00:03:16     D
Hub#show ip nhrp
192.168.100.1/32 via 192.168.100.1
   Tunnel1 created 00:28:51, expire 01:48:59
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 11.11.11.1
192.168.100.2/32 via 192.168.100.2
   Tunnel1 created 00:26:47, expire 01:48:57
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 12.12.12.2 

On Spoke:

Spoke1#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel1, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add    State  UpDn Tm Attrb
 ----- --------------- ---------------    ----- -------- -----
     1 44.44.44.4          192.168.100.254   UP 00:03:40     S
     1 12.12.12.2          192.168.100.2     UP 00:03:20     D
Spoke1#show ip nhrp
192.168.100.254/32 via 192.168.100.254
   Tunnel1 created 00:11:35, never expire 
   Type: static, Flags: used 
   NBMA address: 44.44.44.4 
192.168.100.2/32 via 192.168.100.2
   Tunnel1 created 00:11:16, expire 01:48:43
   Type: dynamic, Flags: router used nhop 
   NBMA address: 12.12.12.2
192.168.100.1/32 via 192.168.100.1
   Tunnel1 created 00:11:16, expire 01:48:45
   Type: dynamic, Flags: router unique local 
   NBMA address: 11.11.11.1 
    (no-socket)

3) DMVPN Phase III:

Same as Phase 2 but removes some restrictions and complexities of Phase 2. Also allows greater variety of DMVPN network designs we use:
+ ip nhrp redirect in hub: tells the initiator spoke to look for a better path to the destination spoke than through the Hub. Upon receiving the NHRP redirect message the spokes communicate with each other over the hub and they have their NHRP replies for the NHRP Resolution Requests that they sent out.
+ ip nhrp shortcut in spokes: overwrite the CEF table on the spoke. It basically overrides the next-hop value for a remote spoke network from the default initial hub tunnel IP address to the NHRP resolved remote spoke tunnel IP address)

Note: From the configuration above we can quickly find out which phase of DMVPN is being used when checking an existing DMVPN configuration by looking at the Spoke configuration. If the Spoke’s tunnel is configured as mGRE (with the command “tunnel mode gre multipoint”) then it is using DMVPN Phase II or Phase III. Next check if the Spokes has the command “ip nhrp shortcut” then it is running DMVPN Phase III.

————————————–

Reference and good resources:

http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html

http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/prod_presentation0900aecd80313c9d.pdf

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html

Comments
Comment pages
1 2 1024
  1. anonymous
    November 26th, 2017

    thank you

  2. anonymous
    November 26th, 2017

    thank you so much fella

  3. Micheal
    December 21st, 2017

    This isn’t a quote from Taylor Swift pku. None of the things you’re claiming she’s said are true. What is wrong with you? What enjoyment do you receive out of spreading false information? ced ALL White people are fcking racist PEDOPHILES oci i will kill white people, you are all racist this is SEWER 2154 baedd {email not allowed}

    eaujib

  4. Noel
    December 23rd, 2017

    Guys,

    any one who has CCNP Route pdf file to share? i got video, but an additional resource like reading materials will give us a solid understanding. thanks. n o a @ y a h o o . c o m my email address

  5. Sandeep Singh
    January 17th, 2018

    Take a look on the DMVPN Article
    http://www.routexp.com/2017/06/dmvpn-dynamic-multipoint-vpn.html

    If you want to take a look on difference between DMVPN and IPSEC
    http://www.routexp.com/2017/05/dmvpn-and-ipsec-spot-difference.html

  6. dumpspro
    January 26th, 2018

    latest dumps ccnp

    dumpspro.com/ccnp-dumps

  7. LATEST DUMPS + VCE Player + LABs + etc
    February 20th, 2018

    Guaranteed Latest Stuff to pass exam.
    HERE Instant DOWNLOAD
    20 US$ only

    Below link
    http://docs.google.com/document/d/1afXgWBvIWTSr8R0Mt-kDRdMmFCI3ytfuSK-1vOyWov0/edit?usp=sharing

  8. Anonymous
    March 22nd, 2018

    HI
    I am going to take switch 300-101 exam. Kindly anyone can share latest pdf file on the below address amin.asna89 @ gmail.com
    Thanks

  9. Adnan
    April 2nd, 2018

    Hello to all !

    Please, can you send me the the 539q dumps ?

    My address email is adnan255 @ hotmail . com !

    Thank you for your support !!!

  10. Anonymous
    May 18th, 2018

    Very easy to understand article for a complex topic. Thank you!

  11. zaw lin
    May 22nd, 2018

    please give me CCNP update lab file
    Dmvpn & update
    thanks!
    {email not allowed}

  12. cool
    June 5th, 2018

    I passed the route exam today! Thanks 9tut. Your documents rocks especially the explanation of each items. It could be good to have more practical labs on various topic like bgp, dmvpn, gre etc.

  13. Sui_Generis
    July 28th, 2018

    Could someone please share Link to download the latest CCNP ROUTE 300-101 dumps
    Thanks.

  14. dacy liam
    August 10th, 2018

    I loved the result I drew after studying through (300-101) Practice Test Questions I bought from (VceTests.com). I never had expected to do so well in just one attempt.

  15. exams4help
    August 10th, 2018

    Here we provide best study resource for your Cisco 300-101 exam and give guaranteed success. We have valuable study for our students and provide 300-101 dumps question. Download verified CCDP 300-101 exam questions and answers. Here you get complete solution with 300-101 pdf dumps.

  16. Anonymous
    September 3rd, 2018

    @dacy liam can you share your dumps for 300-101

  17. Cisco engineer
    September 9th, 2018

    Hello everone.
    Please somebody could send me actual question to sys.yuriy at gmail.com.
    Thanks a lot.

  18. drfgg
    October 23rd, 2018

    W w w.
    cciedu

    mps.xyz/ccna_rs.p hp?utm_source=bbs&utm_medium=bbs

    The inside of this turn is real and effective, if you need it, you can go and see.

  19. cisco
    November 5th, 2018

    For dumps you can contact me
    xoomtrack at gmail

  20. 305Q&As
    January 19th, 2019

    GROUP Buy @ just 20$
    Just passed the CCNP Switch exam with 950/1000. the mcq are still very the same here.

    Here we go.
    Get EXAM MATERIAL at below:

    Copy below. Remove asteriks
    g*o*o*.*g*l*/kp1zbY

Comment pages
1 2 1024
  1. No trackbacks yet.