This topic is to discuss the following lesson:
I am thinking to lab it up to try it to work. Anything that i should think of when a start with the nbma ? do you just have a switch between the interfaces ?
I just used a switch to connect the routers to each other. It doesn’t matter much as long as they can reach each others NBMA addresses then you will be fine.
I work out the lab and it work. Great lab, now i want to put on some ipsec . I will try this for my CCNP security…
If the tunnel interfaces are in same network why did you advertised again in EIGRP?
The network statement for the tunnel interface is telling EIGRP to use that interface to send and accept EIGRP packets. This is necessary in order to form EIGRP neighbor relationships between the hub and spokes.
First thanks a lot for all that great work you are doing :-).
I have a drama going on right now and I could not isolate the root cause of the problem.
on my Hub the GRE Tunnel interface stat UP/Down - I am using cisco appliances running Version 12.2(8r).
Can you please help ?
Router_1#show ip inter br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES TFTP up down
Serial0/0 unassigned YES NVRAM administratively down down
FastEthernet0/1 192.168.123.1 YES manual up up
Serial0/1 unassigned YES NVRAM administratively down down
Loopback0 22.214.171.124 YES NVRAM up up
Tunnel0 172.16.123.1 YES manual up down
Router_1#show run inter tu0 Building configuration... Current configuration : 223 bytes ! interface Tunnel0 ip address 172.16.123.1 255.255.255.0 no ip redirects ip nhrp authentication DMVPN ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source FastEthernet0/1 tunnel mode gre multipoint end
Router_1#show run inter fa0/1 Building configuration... Current configuration : 135 bytes ! interface FastEthernet0/1 description Conection to ISP Switch ip address 192.168.123.1 255.255.255.0 duplex auto speed auto end
Router_1#show inter tu0 Tunnel0 is up, line protocol is down Hardware is Tunnel Internet address is 172.16.123.1/24 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 192.168.123.1 (FastEthernet0/1), destination UNKNOWN Tunnel protocol/transport multi-GRE/IP, key disabled, sequencing disabled Checksumming of packets disabled, fast tunneling enabled Last input 00:55:03, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 2 packets input, 210 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out
Thank you in advance.
If you are using 12.2, I can highly recommend to try this on IOS 15.
12.2 is quite old and there have been quite some changes to DMVPN.
I am a bit confused with the packet flow, could you please explain the flow, if we ping from spoke 1 loopback address to spoke 2 loopback address, what will be the exact packet flow from the beginning.
With DMVPN phase 1, it is straight-forward. All traffic (including spoke-to-spoke traffic) always goes through the hub.
Could you please check the exact cause of this error. getting following error in spoke router.
*Dec 14 11:56:50.720: %DUAL-5-NBRCHANGE: EIGRP-IPv4 45678: Neighbor 126.96.36.199 (Tunnel0) is down: Peer Termination received *Dec 14 11:56:54.320: %DUAL-5-NBRCHANGE: EIGRP-IPv4 45678: Neighbor 188.8.131.52 (Tunnel0) is up: new adjacency *Dec 14 11:56:54.364: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 184.108.40.206 - looped chain attempting to stack”
Requirement is Spoke should use eigrp default route learned from hub not the ISP(BGP) default route. So i used distance for bgp default route. Actually bgp and eigrp configured first then tunnel configured. As soon as i configured the tunnel eigrp neig starts flapping and getting the error. The weird thing is if i delete the distance command from bgp configuration then eigrp neighborship gets stable and then if i put the distance command again it does not cause any issue even if i clear bgp and eigrp neighborship. I am using IOU. is it bug of IOU ?? Please advise.
HUB: ================================================== interface Tunnel0 ip address 220.127.116.11 255.255.255.248 tunnel source Ethernet0/0 tunnel mode gre multipoint ip nhrp map multicast dynamic ip nhrp network-id 45678 ip nhrp redirect bandwidth 1000 ip nhrp holdtime 300 ip nhrp authentication 45678key ip mtu 1400 ip tcp adjust-mss 1380 delay 1000 no ip next-hop-self eigrp 45678 no ip split-horizon eigrp 45678 ip pim sparse-mode access-list 1 permit 0.0.0.0 router bgp 45678 bgp router-id 18.104.22.168 bgp log-neighbor-changes neighbor 22.214.171.124 remote-as 20003 ! address-family ipv4 neighbor 126.96.36.199 activate distance 171 188.8.131.52 0.0.0.0 1 exit-address-family router eigrp CCIE ! address-family ipv4 unicast autonomous-system 45678 af-interface Tunnel0 authentication mode hmac-sha-256 cisco authentication key-chain CCIE exit-af-interface network 184.108.40.206 0.0.0.0 network 220.127.116.11 0.0.0.0 network 18.104.22.168 0.0.0.0 network 22.214.171.124 0.0.0.0 exit-address-family R17(config)#do sir D*EX 0.0.0.0/0 [170/1075200] via 126.96.36.199, 01:51:22, Ethernet0/2 188.8.131.52/32 is subnetted, 1 subnets B 184.108.40.206 [20/0] via 220.127.116.11, 01:50:56 R17(config)#do sh ip bg r> 0.0.0.0 18.104.22.168 0 20003 30000 i *> 22.214.171.124/32 126.96.36.199 0 20003 30000 i Spoke: =========================================== interface Tunnel0 bandwidth 1000 ip address 188.8.131.52 255.255.255.248 no ip redirects ip mtu 1400 ip pim sparse-mode ip nhrp authentication 45678key ip nhrp map multicast 184.108.40.206 ip nhrp map 220.127.116.11 18.104.22.168 ip nhrp network-id 45678 ip nhrp holdtime 300 ip nhrp nhs 22.214.171.124 ip nhrp shortcut ip tcp adjust-mss 1380 delay 1000 tunnel source Serial1/0 tunnel mode gre multipoint end router bgp 65222 bgp router-id 126.96.36.199 bgp log-neighbor-changes neighbor 188.8.131.52 remote-as 20003 ! address-family ipv4 neighbor 184.108.40.206 activate distance 171 220.127.116.11 0.0.0.0 1 exit-address-family router eigrp CCIE ! address-family ipv4 unicast autonomous-system 45678 ! af-interface Tunnel0 authentication mode hmac-sha-256 cisco authentication key-chain CCIE exit-af-interface ! topology base exit-af-topology network 10.1.19.1 0.0.0.0 network 18.104.22.168 0.0.0.0 network 22.214.171.124 0.0.0.0 eigrp stub connected summary exit-address-family R19#sir D*EX 0.0.0.0/0 [170/10803200] via 126.96.36.199, 00:33:42, Tunnel0 188.8.131.52/32 is subnetted, 1 subnets B 184.108.40.206 [20/0] via 220.127.116.11, 00:33:50 R19#sh ip bg Network Next Hop Metric LocPrf Weight Path r> 0.0.0.0 18.104.22.168 0 20003 30000 i
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0
Is usually a recursive routing issue. Your router is probably learning the NBMA address through the tunnel interface, which is why it collapses.
i have a Quotation here why metric showing high .2.2.2 [90/27008000] via 172.16.123.2, 00:01:16, Tunnel0
In this lab EIGRP is being used as the routing protocol. EIGRP uses a composite metric that is represented by a 32 bit number, which means the metric can range up to 2^32 which is somewhere beyond 4.2 billion. So a metric of 27008000 is not at all unusual.
To see a more comprehensive explanation of the EIGRP metric and how it is calculated, take a look at this lesson.
I hope this has been helpful!
Thanks i got it, lagapides
Thank you for your great work !
could you please explain this "*
One mental note to make is that EIGRP changes the next hop IP address, RIP doesn’t do this.
When you configure EIGRP to function in DMVPN Phase 2, the neighbor relationships that are formed are between the Hub and Spoke1 and between the Hub and Spoke2. Spoke1 and Spoke2 will not become neighbors.
This means that routes advertised by Spoke1 to the Hub are then readvertised to Spoke2. But when that happens, the Hub replaces the next hop address of Spoke1 with its own. That’s what the “EIGRP changes the next hop IP address” means. This results in all traffic going through the Hub rather than directly from Spoke1 to Spoke2.
In order to avoid this, you have to configure IEGRP not to change the next hop IP address.
You can find out more detailed information of this operation, including examples, at the following lesson:
I hope this has been helpful!