This topic is to discuss the following lesson:
Hello Rene
Hub router already store NBMA of Spoke 2 when it was establish tunnel interface, but why when Spoke 1 send request NBMA address of spoke 2 to hub then hub need to forward it to spoke 2? why don’t it reply back directly to spoke 1?
Hello Heng
You are correct that the Hub router does know the NBMA of spoke 2, however, when an NBMA request is sent, it must always be answered by the owner of the specific address. In this example, Spoke 1 doesn’t have the 172.16.123.3 address in its NHRP cache. It sends out an NHRP resolution request. The resolution request is not sent to the Hub as its destination, but is sent to the hub as the the path to the destination , that is, via Tunnel 0.
The NHRP resolution must always be answered by the owner of the IP address in question. In this case, it must be answered by the device with the NBMA address of 172.123.3.3, which is Spoke 2. This is why the request is forwarded to Spoke 2 and Spoke 2 is expected to answer.
I hope this has been helpful!
Laz
2 Likes
Hello Lazaros
I got this now, It mean Spoke 1 send use Hub as it path to send NHRP resolution request to spoke 2.
Thank you so much .
Hello
I shut down HUB after spoke already establish dynamic connection between them. and all spoke and HUB are running RIP to advertise their loopback. since i shut down the HUB and clear IP route on spoke i found that RIP is never recover. it lost all route to loopback of another spoke.
Hi Rene,
There is something I did not understand, general speaking, when we use RIP, do not the interfaces sending the routes to another device, announce themself are the next hop? (same way as with EIGRP) .
For DMVPN Phase 2 output
Spoke2#show ip route rip
1.0.0.0/32 is subnetted, 1 subnets
R 1.1.1.1 [120/1] via 172.16.123.1, 00:00:01, Tunnel0
2.0.0.0/32 is subnetted, 1 subnets
R 2.2.2.2 [120/2] via 172.16.123.2, 00:00:01, Tunnel0
Is showing 172.16.123.2 as the next hop indeed for 2.2.2.2 but metric is still 2, so does not that mean the traffic is still going through the hub??
Hello Jose
This is an excellent observation. I went into the lab and found that the metric is indeed 2. Doing an initial traceroute from Spoke2 to Spoke1, I found that the hub was the first hop, and Spoke1 was the second hop. When I ran traceroute again, I found that Spoke1 was the first (and only) hop.
This is expected behaviour because with DMVPN phase 2, Spoke2 will check its NHRP cache, and sees that it doesn’t know the NBMA address for Spoke1. It will initially send the packet to the hub along with an NHRP resolution request. But after the first packet goes, Spoke2 will put the NBMA address for Spoke1 in its cache.
The second traceroute works directly, but RIP still measures the metric between spokes at 2, even though the traceroute confirms a single hop. This is the case even after RIP routes are refreshed. Without having found any documentation to confirm this, my feeling is that RIP views the fact that an NHRP lookup has to be requested from the hub as an additional hop even though the actual packets (other than the original one) don’t go through the hub.
I hope this has been helpful!
Laz
1 Like
Hello Laz, thank you so much for the explanation!!
1 Like
Hi Laz,
Could not understand why Hub sending NHRP request message to spoke 2 when spoke 1 try to find out NBMA address of spoke 2?
I think spoke 1 and spoke 2 had already registered their entries to hub by reporting him.
Hello Pradyumna
Once a DMVPN topology is created, each spoke will register with the HUB. So the HUB knows both the peer NBMA address (the IP address of the physical interface) and the peer tunnel address. However, during this process, the spokes do not learn of each other’s addresses.
When a spoke to spoke communication takes place, the sending spoke does not know the NBMA address of the destination spoke, so an NHRP request is sent to the HUB to learn that information. Such information is always learned as neede and not by default from the beginning.
I hope this has been helpful!
Laz
1)so we can say that when spoke send NHRP resolution request to hub to find NBMA address of spoke 2, in response of that hub will forward this request to spoke 2 and spoke 2 sees the spoke 1 NBMA address and tunnel address so directly send NHRP reply to spoke 1 instead of going through hub this way directly spoke to spoke communication happen.
But we know hub already having spoke to tunnel and NBMA address mapping in it’s catches then why doing like this and if doing this way then their is no need of NHRP registration request message to register themselves to the hub ?
- secondly in phase 1 they doing like this mean send resolution request to hub then hub resolve these address by own instead of forwarding to spoke 2 and reply to spoke 1 nevertheless whenever spokes try to communicate each other they will forward packet to hub then hub will forward same information to spoke 2 and change next hope ip address by it’s own tunnel address, am i right?
Kindly help clear the doubt?
Hello Pradyumna
Yes, the HUB already has this information. But the way it gets the information is via the NHRP registration. If the spokes didn’t register themselves to the hub, then the hub will never learn the tunnel and NBMA address mappings, and would not be able to fulfil this function.
In Phase 1 there are no NHRP resolution requests or replies. All traffic for other spokes is sent to the HUB and routing is taken care of by the hub, which is the only device that contains the NBMA address mappings.
I hope this has been helpful!
Laz
Hi Laz,
1)I am getting confused, actually still has not got in which phase NHRP registration, resolution and reply message will be sent?
2) In phase 2 debugging on Spoke 1 and Spoke 2 has got me confused, even I am unable to understand why are we resolving NBMA address of hub when spoke 1 looking for NBMA address of Spoke 2?, and how spoke 2 known NBMA address of spoke 1 tunnel int in message one and other message until it sends nhrp request?
3) Suppose this time Spoke 1 started communication and for how long this
communication valid is and when spoke 2 will initiate same process of
communication with spoke 2 mean I want to know which one will be the
initiator, when and how?
4) Also confused how packet forming and which header is removing at which
router from spoke to spoke communication mean whole encapsulation and
decapsulation in DMVPN network during full spoke to spoke communication.
If possible please explain how this whole process of communication b/w spoke 1 and spoke 2 is happening , mainly explain all highlighted portion of spoke 1 and spoke 2 in debugging command?
Hello Pradyumna
The section that describes NHRP and the three phases of DMVPN in the following lesson show the differences between the phases and how NHRP functions:
As soon as the network is up, if you do a show dmvpn on the spokes, you will only find that the hub is registered. So the NHRP cache does not include the entries of the other spokes. Even though Spoke 1 has a routing entry for the destination, it does not have an NHRP entry. For this reason, an NHRP resolution request is sent to the hub. The hub responds with the IP address of the other spoke, and the NHRP entry is installed in the cache. From there on, direct spoke to spoke communication can take place. This process is detailed in this section of the Introduction to DMVPN lesson.
Regardless of which router starts the communication, the NHRP entries are placed within both spokes. You can see this at the end of the lesson, where both spokes have each other’s registration. The registrations time out after 40 minutes of no traffic between them, but this value can be changed using the ip nhrp registration timeout command. More about that command can be found here.
You can find out more about this at the following post:
I hope this has been helpful!
Laz
HI Laz,
Thanks for revert but in introduction to DMPVN there is no detailed description regarding NHRP send and reply b/w Hub and spokes or spoke to spoke so please can you detail this process of finding of public address of other spoke per phase along with respective messages needed for the same.
- In question 3, I wanted to know that suppose spoke 1 initiated communication with spoke 2 and will do all necessary things as per DMVPN requirements and communication started with spoke 2 but in case spoke 2 want to do communicate with spoke 1 then is this same process will be followed or communication established by spoke 1 is enough ?
Please take case along with connection timer expired & not expired both?
Hello Pradyumna
The NHRP section of the Introduction to DMVPN lesson I linked to before does show a high-level step by step process of how NHRP resolution requests and replies are sent between spokes and the hub. However, if you want more detail, you can take a look at this Cisco documentation:
In addition, you can also take a look at the RFC that describes the protocol in detail:
I hope this has been helpful!
Laz