For the benefit of others, I’ve posted a Q&A discussion with Rene regarding a query i had for DM-VPN.
Question:
I’m currently reading all about DM-VPN (in preparation of a new role), your new lessons have helped me greatly but i read somewhere that when using DM-VPN Phase 3 with a routing protocol the Hub must have the following two commands:
(config-if)#no ip split-horizon <IGP> <AS No.>
!To allow routing updates from the Spokes to go back out same interface. Essential for Full-Mesh topology
(config-if)#no ip next-hop-self <IGP> <AS No.>
! Ensures Hub doesn’t use its own IGP AN routes to send packets to Spokes. Allows Spokes to communicate directly
I noticed these two are not in any of your DM-VPN IGP Routing lessons. Could you clarify it for me please?
Answer:
Your spoke router receives a summary from the hub router. In this case, it can use the summary to reach other spoke routers. Because of redirect/shortcut, your spoke router will install a specific entry in the routing table.
Your spoke router receives prefixes from the hub that were learned from other spoke routers with hub’s next hop address. In this case, redirect/shortcut will help to install the correct next hop address in our routing table for direct spoke-to-spoke traffic.</div>
Your spoke router receives prefixes from the hub that were learned from other spoke routers with the remote spoke’s next hop address. In this case, you don’t need redirect/shortcut since you already have everything you need.
When you use #1, we don’t have to worry about split horizon…it doesn’t matter since we use the summary from the hub. For #2 and #3, it doesn’t matter much if the next hop is correct or not since shortcut/redirect will fix it anyway. It’s probably best practice to advertise the correct next hop since it’s just one command and it saves some redirects.
When you use phase 3, it’s best to use #1. The “advantage” of phase 3 over 2 is that you don’t need specific entries in your spoke routing tables. The downside might be that if you have a lot of spoke-to-spoke traffic that you’ll have quite some redirects…
hope this helps!