DMVPN Phase 3 BGP Routing

Lessons Discussion
1

This topic is to discuss the following lesson:

2

I noticed nhrp redirect is missing on the Hub DVMP configuration. Is this optional for DMVPN phase 3?

3

Hi Nagi,
Good call! You are 100% correct. DMVPN phase 3 requires “ip nhrp redirect” to be on the hub–in fact the presence of “ip nhrp redirect” on the hub and “ip nhrp shortcut” on the spokes are the key differences in configuration between phase 3 and other phases.

I suspect Rene just left that out by accident in the main body of the article. You will notice, however, at the bottom in the “tabbed” configuration section for the Hub, it is there.

4

It has been fixed now, thanks for sharing!

5

Hi,

Do we have this kind of tutorial with VRF ; customer vrf and transport vrf ?

Thanks,
Gk

6

Hi GK,

Not for DMVPN but there’s a separate VRF lite tutorial:

VRF Lite

Rene

7

Do we always have to advertise default route on HUB ?

Otherwise there is no way that spokes learn routes each other ?

8

Gopal,
You don’t have to advertise a default route from the Hub. However, having the ability to do this AND have the spokes be able to communicate directly with each other are the hallmark features of Phase 3 as opposed to any other phase.

The reason this is beneficial is that it keeps the number of routes on the spokes to a minimum (in phase 2 you would have to have [N * (N-1) / 2] number of routes per spoke, where N = number of spokes), and when spoke to spoke traffic needs to happen, the hub is left out of the data plane.

1 Like
9

Hi Andrew,

Thanks.

Do we have any examples on Dual HUB along with links to two service providers from each HUB. Same thing from spoke router as well.

10

Hi Bill,

This might help:

DMVPN Dual Hub Dual Cloud

Rene

11

Thanks Rene

12

Hello Rene,
I have one quick question regarding the BGP configuration in DMVPN phase 3. In Phase 3 BGP configuration, the Hub router is advertising a default route to the spokes through BGP. Let’s say the spoke routers already have default routes to the ISP for the local users’ internet access. In this scenario, how can the Hub router advertise default route to the spokes? Thank you so much in advance.

13

That is indeed a chicken and egg problem. If you use a default route outbound towards your ISP, then you can’t use another default route for your DMVPN routing. You should use more specific routes for DMVPN.

14

Hello Rene,
I hope you’re doing well.
I want to know why we need config muticast dynamic for DMVPN?

BR,
Ulrich

15

Hello Ulrich,

Connections are initiated from the spoke routers to the hub, and the hub doesn’t know beforehand what the IP addresses of the spoke routers are.

Theip nhrp map multicast dynamic command tells NHRP to automatically add routers to the multicast NHRP mappings.

You can see in the configuration of the spoke routers that we have a static multicast entry with the IP address of the hub router on them.

Rene

1 Like
16

Just wondering why you use the route-map for the neighbours outbound?

If you use the “network 0.0.0.0 mask 0.0.0.0” in the BGP routing process, why do you also need to create a route-map specifying the same thing again?

17

Hello Chris,

Good question. If you use eBGP and the same AS number on the spoke routers then the route-map isn’t really needed since the spoke routers will deny prefixes with their own AS number. On the other hand, the hub will advertise those prefixes so a route-map isn’t a bad idea…it ensures that we really only advertise the default route.

If you use eBGP and different AS numbers on the spoke routers, the route-map is a good idea.

With iBGP, it’s also not really needed since because of split horizon, the hub won’t advertise a prefix from one spoke to another. The route-map does prevent advertising a prefix in case the hub would learn some prefixes from another BGP router…perhaps some eBGP router in another AS that is connected to the hub.

Rene

1 Like
18

im having trouble seeing my spoke network. for example on spoke 1 i can see spoke two network in my routing table but from spoke 2 im unable to see my spoke 1 network

configuration lab from gns3:

hostname MIAMI hub
!
int tun0
Des Miami HUB
 ip address 10.100.252.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp map multicast dynamic
 ip nhrp network-id 100
 ip nhrp redirect
 ip nhrp shortcut
 ip tcp adjust-mss 1360
 no ip split-horizon 
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 exit
!
interface Loopback0
 ip address 10.100.0.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 198.36.220.36 255.255.255.224
 duplex auto
 speed auto
!
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 network 0.0.0.0
 network 10.100.0.4 mask 255.255.255.255
 network 10.100.252.6 remote-as 65020
 neighbor 10.100.252.114 remote-as 65114
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 198.136.220.33

Homedale spoke 1:

config t
!
hostname HOMEDALE
!
interface Loopback0
 ip address 10.6.0.2 255.255.255.255
!
interface Tunnel0
 DES Link to Miami Hub
 ip address 10.100.252.6 255.255.255.0
 ip mtu 1400
 ip nhrp map 10.100.252.1 198.136.220.36
 ip nhrp map multicast 198.136.220.36
 ip nhrp network-id 100
 ip nhrp nhs 10.100.252.1
 ip nhrp redirect
 ip nhrp shortcut
 ip tcp adjust-mss 1360
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
exit
!
!
interface FastEthernet0/0
 ip address 204.114.124.36 255.255.255.240
 duplex auto
 speed auto
!

!
router bgp 65020
 no synchronization
 bgp log-neighbor-changes
 network 10.6.0.2 mask 255.255.255.255
 neighbor 10.100.252.1 remote-as 65000
 neighbor 10.100.252.1 timers 7 21
 neighbor 10.102.252.1 remote-as 65016
 neighbor 10.102.252.1 timers 7 21
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 204.114.124.33


ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 204.114.124.33

spoke 2
Tamp

!
interface Loopback0
 ip address 10.114.0.2 255.255.255.255
!
interface Tunnel0
 Des  link to Miami Hub
 ip address 10.100.252.114 255.255.255.0 
 ip mtu 1400
 ip nhrp map 10.100.252.1 198.136.220.36
 ip nhrp map multicast 198.136.220.36
 ip nhrp network-id 100
 ip nhrp nhs 10.100.252.1
 ip nhrp redirect
 ip nhrp shortcut
 ip tcp adjust-mss 1360
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
exit
!
router bgp 65114
 no synchronization
 bgp router-id 10.114.0.2
 bgp log-neighbor-changes
 network 10.114.0.2 mask 255.255.255.255
 neighbor 10.100.252.1 remote-as 65000
 neighbor 10.100.252.1 timers 7 21
 neighbor 10.102.252.1 remote-as 65016
 neighbor 10.102.252.1 timers 7 21
 no auto-summary
!

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 64.112.157.233

internet#sh run
Building configuration...

Current configuration : 1234 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname internet
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 description ISP to SMY
 ip address 64.238.201.94 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description ISP to TAMPA
 ip address 64.112.157.233 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description ISP to Miami
 ip address 198.136.220.33 255.255.255.224
 duplex auto
 speed auto
!
interface FastEthernet2/0
 description ISP to HOMDALES
 ip address 204.114.124.33 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
19

Hello Jeffery,

First thing I notice, you only have one neighbor command on your hub?

neighbor 10.100.252.114 remote-as 65114

Rene

20

Rene I have both neighbor 10.100.252.114 remote-as 65114 and neighbor 10.100.252.6 remote-as 65020 on the miami hub i didn’t realize i uploaded the wrong configs for the hub but this is my most recent configs sorry about that

Miami#sh running-config
Building configuration...

Current configuration : 2377 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Miami
!
ip cef
!
no ip domain lookup
!
interface Loopback0
 ip address 10.100.0.4 255.255.255.255
!
interface Loopback1
 ip address 10.100.254.22 255.255.255.248
!
interface Tunnel0
 description Miami HUB
 no ip address
 no ip redirects
 ip mtu 1400
 ip nhrp map multicast dynamic
 ip nhrp network-id 100
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 no ip split-horizon
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
!
interface Tunnel1
 ip address 10.100.252.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp map multicast dynamic
 ip nhrp network-id 102
 ip tcp adjust-mss 1360
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
!
interface FastEthernet0/0
 ip address 198.136.220.36 255.255.255.224
 duplex auto
 speed auto
!
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 network 0.0.0.0
 network 10.100.0.4 mask 255.255.255.255
 neighbor 10.100.252.6 remote-as 65020
 neighbor 10.100.252.6 timers 7 21
 neighbor 10.100.252.114 remote-as 65114
 neighbor 10.100.252.114 timers 7 21
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 198.136.220.33

!
end