DMVPN Phase 3 BGP Routing

Lessons Discussion
35

Hello David

The output of the show dmvpn command shows multiple entries for the 2.2.2.2 spoke. The first entry has an attribute of DT1 while the rest have an attribute of DT2. What does this mean and why does it happen?

Well, looking at the legend, we can see that the D means dynamic (as opposed to statically assigned). The T1 and T2 indicators are the important factor here:

  • T1 (Route Installed): This attribute typically appears for the primary NHRP mapping. It indicates that the route for this particular network has been installed in the routing table of the router. This entry signifies that the hub has a direct route to the spoke via the NHRP network ID and that this route is actively being used for routing traffic.
  • T2 (Next-Hop Override): These additional entries with the ‘DT2’ attribute represent the ‘next-hop override’ feature in DMVPN. This feature allows the hub to direct traffic between spokes directly, bypassing the hub for data packets, allowing for ‘spoke-to-spoke’ communication.

Under what circumstances would multiple DT2 entries appear? Any event that changes the next hop or the route of a spoke to spoke communication may generate a new DT2 entry. This includes making changes to the config of the routers. Because it takes time for stale entries to be eliminated, for a time, they remain in the NHRP cache.

NHRP installs a /32 route for the tunnel overlay IP address to ensure that the network knows the exact path to the specific host on the other end of the tunnel. This is particularly important in a dynamic multipoint VPN (DMVPN) where there could be many spoke sites. The /32 host route allows for direct communication between the hub and the specific spoke without having to go through other spokes, which can improve efficiency and reduce latency.

We see this behavior often in scenarios where point to point, or point to multipoint topologies are present. (i.e. advertising point to multipoint networks in OSPF). Remember, DMVPN (depending on the Phase) is just a point-to-point or a point-to-multipoint GRE tunnel.

I hope this has been helpful!

Laz