Saturday, February 22, 2020

DMVPN Phase 1 EIGRP Routing

In the first DMVPN lesson we discussed the basics and the three different phases. I also showed you how to create a basic DMVPN phase 1 configuration. In this lesson we’ll use that basic configuration and configure EIGRP on top of it. Here’s the topology we will use:
DMVPN Example Topology with hub, two spokes and loopback interfaces.
Each router has a loopback interface with an IP address that we’ll advertise in EIGRP.

Configuration


Tunnel interfaces

Here is the tunnel configuration of the hub and spoke routers:
Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipoint
Spoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel destination 192.168.123.1
Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel destination 192.168.123.1
Let’s do some quick checks to verify that the tunnels are working correctly:
Hub#show dmvpn | begin 192.168.123.
     1 192.168.123.2      172.16.123.2    UP 00:22:37     D
     1 192.168.123.3      172.16.123.3    UP 00:00:32     D
We see two NHRP registrations on the hub, let’s do a quick ping:
Hub#ping 172.16.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/8 ms
Hub#ping 172.16.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/9 ms
No issues here…let’s configure EIGRP.

EIGRP

Let’s advertise all networks:
Hub(config)#router eigrp 123
Hub(config-router)#network 1.1.1.1 0.0.0.0
Hub(config-router)#network 172.16.123.0 0.0.0.255
Hub(config-router)#no auto-summary 
Spoke1(config)#router eigrp 123
Spoke1(config-router)#network 172.16.123.0 0.0.0.255 
Spoke1(config-router)#network 2.2.2.2 0.0.0.0
Spoke1(config-router)#no auto-summary
Spoke2(config)#router eigrp 123
Spoke2(config-router)#network 172.16.123.0 0.0.0.255
Spoke2(config-router)#network 3.3.3.3 0.0.0.0
Spoke2(config-router)#no auto-summary
Let’s make sure we see two neighbors on the hub:
Hub#show ip eigrp neighbors 
EIGRP-IPv4 Neighbors for AS(123)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
1   172.16.123.3            Tu0                      11 00:00:31   13  1434  0  4
0   172.16.123.2            Tu0                      13 00:01:02   82  1434  0  4
So far so good, let’s check our routing tables:
Hub#show ip route eigrp 

      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/27008000] via 172.16.123.2, 00:01:16, Tunnel0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/27008000] via 172.16.123.3, 00:00:48, Tunnel0
The hub router has two entries, the next hop IP addresses are the tunnel addresses of spoke 1 and 2. When we want to resolve them, we’ll have to check the information in the NHRP cache:
Hub#show dmvpn | begin Hub
Type:Hub, NHRP Peers:2, </code>

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.168.123.2 172.16.123.2 UP 00:30:11 D
1 192.168.123.3 172.16.123.3 UP 00:21:28 D
This is how the hub is able to reach both spoke routers. What about the spoke routers?
Spoke1#show ip route eigrp 

      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/27008000] via 172.16.123.1, 00:01:27, Tunnel0
Spoke2#show ip route eigrp 

      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/27008000] via 172.16.123.1, 00:01:01, Tunnel0
Like RIP, EIGRP is a distance vector routing protocol so we have split horizon issues. The spoke routers don’t see each other’s networks. Let’s fix this for now:
Hub(config)#interface Tunnel 0
Hub(config-if)#no ip split-horizon eigrp 123
They should now be able to see each others network:
Spoke1#show ip route eigrp | include 3.3.3.3
D        3.3.3.3 [90/28288000] via 172.16.123.1, 00:00:27, Tunnel0
Spoke2#show ip route eigrp | include 2.2.2.2
D        2.2.2.2 [90/28288000] via 172.16.123.1, 00:00:41, Tunnel0
Take a close look at the output above…the spoke routers learned each others networks but the next hop IP address is the Hub. EIGRP changes the next hop IP address when it advertises networks. In this example we are using DMVPN phase 1 so it doesn’t matter. When we use phase 2, this will cause all traffic to go through the hub.
Let’s continue and test if we have connectivity between spoke 1 and 2:
Spoke1#ping 3.3.3.3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/8/9 ms
No problem at all…what does our traffic pattern look like?
Spoke1#traceroute 3.3.3.3 source loopback 0
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.123.1 6 msec 6 msec 6 msec
  2 172.16.123.3 10 msec 9 msec *
Our traffic goes through the hub router as expected. Since all traffic will go through the hub, there’s no point in advertising all networks to our spoke routers. Let’s configure a default route summary on the hub router and advertise it towards the spoke routers:
Hub(config)#interface Tunnel 0
Hub(config-if)#ip split-horizon eigrp 123
Hub(config-if)#ip summary-address eigrp 123 0.0.0.0 0.0.0.0
Since the spoke routers only need the default route, we can forget about split horizon and enable it again. Let’s verify our work:
Spoke1#show ip route eigrp 

D*    0.0.0.0/0 [90/27008000] via 172.16.123.1, 00:00:21, Tunnel0
Spoke2#show ip route eigrp 

D*    0.0.0.0/0 [90/27008000] via 172.16.123.1, 00:00:37, Tunnel0
The spoke routes can use this route to each each other. Let’s try it:
Spoke1#ping 3.3.3.3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/8 ms
Excellent, it’s working!
hostname Hub
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.1 255.255.255.0
 no ip redirects
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip summary-address eigrp 123 0.0.0.0 0.0.0.0
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 123
 network 1.1.1.1 0.0.0.0
 network 172.16.123.0 0.0.0.255     
!
end
hostname Spoke1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.2 255.255.255.0
 ip nhrp authentication DMVPN
 ip nhrp map 172.16.123.1 192.168.123.1
 ip nhrp map multicast 192.168.123.1
 ip nhrp network-id 1
 ip nhrp nhs 172.16.123.1
 tunnel source GigabitEthernet0/1
 tunnel destination 192.168.123.1
!
interface GigabitEthernet0/1
 ip address 192.168.123.2 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 123
 network 2.2.2.2 0.0.0.0
 network 172.16.123.0 0.0.0.255
!
end
hostname Spoke2
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.3 255.255.255.0
 ip nhrp authentication DMVPN
 ip nhrp map 172.16.123.1 192.168.123.1
 ip nhrp map multicast 192.168.123.1
 ip nhrp network-id 1
 ip nhrp nhs 172.16.123.1
 tunnel source GigabitEthernet0/1
 tunnel destination 192.168.123.1
!
interface GigabitEthernet0/1
 ip address 192.168.123.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 123
 network 3.3.3.3 0.0.0.0
 network 172.16.123.0 0.0.0.255
!         
end

Conclusion

Running EIGRP on DMVPN phase 1 is similar to RIP, it’s a distance vector routing protocol so you need to keep split horizon in mind. One mental note to make is that EIGRP changes the next hop IP address, RIP doesn’t do this. When we configure phase 2 you will see that this will be an issue (which we can fix).
I hope you enjoyed this lesson, if you have any questions feel free to leave a comment!
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)