暗夜星空: DMVPN Phase 2 EIGRP Routing

In previous lessons I explained how DMVPN works and how to configure a basic DMVPN phase 2 network. In this lesson, we’ll take a look how to configure EIGRP on top of it. Here’s the topology we will use:

DMVPN Example Topology with hub, two spokes and loopback interfaces.

Above we have one hub router and two spoke routers. Each router has a loopback interface that we will advertise in EIGRP.

Configuration

Tunnel interfaces

Here’s the configuration of the tunnel interface of our hub:

Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipoint
Hub(config-if)#end

Here are our spoke routers:

Spoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel mode gre multipoint

Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel mode gre multipoint

Let’s check if the hub router has two NHRP registrations:

Hub#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 192.168.123.2      172.16.123.2    UP 00:09:48     D
     1 192.168.123.3      172.16.123.3    UP 00:09:56     D

And do a quick ping to check if the tunnels are working:

Hub#ping 172.16.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/7/11 ms

Hub#ping 172.16.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/10 ms

No issues there, time to configure EIGRP.

EIGRP

We’ll start with a basic configuration where we advertise all tunnel and loopback interfaces in EIGRP:

Hub(config)#router eigrp 123
Hub(config-router)#no auto-summary 
Hub(config-router)#network 172.16.123.0 0.0.0.255
Hub(config-router)#network 1.1.1.1 0.0.0.0

Spoke1(config)#router eigrp 123
Spoke1(config-router)#no auto-summary 
Spoke1(config-router)#network 172.16.123.0 0.0.0.255
Spoke1(config-router)#network 2.2.2.2 0.0.0.0

Spoke2(config)#router eigrp 123
Spoke2(config-router)#no auto-summary 
Spoke2(config-router)#network 172.16.123.0 0.0.0.255
Spoke2(config-router)#network 3.3.3.3 0.0.0.0

Our hub should now have two EIGRP neighbors:

Hub#show ip eigrp neighbors 
EIGRP-IPv4 Neighbors for AS(123)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
1   172.16.123.2            Tu0                      11 00:00:12 1235  5000  0  3
0   172.16.123.3            Tu0                      11 00:00:12 1003  5000  0  3

So far so good, what about the routing tables?

Hub#show ip route eigrp 

      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/27008000] via 172.16.123.2, 00:00:42, Tunnel0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/27008000] via 172.16.123.3, 00:00:42, Tunnel0

Spoke1#show ip route eigrp 

      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/27008000] via 172.16.123.1, 00:00:43, Tunnel0

Spoke2#show ip route eigrp 

      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/27008000] via 172.16.123.1, 00:01:07, Tunnel0

The hub has learned the networks on the loopback interfaces of the spoke routers. The spokes learned the 1.1.1.0/24 network from the Hub but not each other’s networks. Like RIP, EIGRP is a distance vector routing protocol so split horizon is preventing the hub from advertising these networks. Let’s disable split horizon:

Hub(config)#interface Tunnel 0
Hub(config-if)#no ip split-horizon eigrp 123

Now let’s see what we have:

Spoke1#show ip route eigrp          

      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/27008000] via 172.16.123.1, 00:02:19, Tunnel0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/28288000] via 172.16.123.1, 00:00:23, Tunnel0

Spoke2#show ip route eigrp 

      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/27008000] via 172.16.123.1, 00:02:22, Tunnel0
      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/28288000] via 172.16.123.1, 00:00:27, Tunnel0

The spokes now have learned each others network. There is one problem though…look at the next hop IP address (172.16.123.1). This is the IP address of the hub…when EIGRP advertises a network, it will set its own IP address as the next hop.

Here’s what that means:

Spoke1#traceroute 3.3.3.3 source loopback 0
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.123.1 7 msec 8 msec 6 msec
  2 172.16.123.3 8 msec 9 msec *

When spoke1 tries to reach spoke2, it will go through the hub. That’s not what we want so let’s tell EIGRP not to change the next hop IP address:

Hub(config)#interface Tunnel 0
Hub(config-if)#no ip next-hop-self eigrp 123

Now take a look again at the routing tables of spoke1 and spoke2:

Spoke1#show ip route eigrp | include 3.3.3.3
D        3.3.3.3 [90/28288000] via 172.16.123.3, 00:00:22, Tunnel0

Spoke2#show ip route eigrp | include 2.2.2.2
D        2.2.2.2 [90/28288000] via 172.16.123.2, 00:00:35, Tunnel0

The next hop is now preserved which allows the spoke routers to reach each other directly:

Spoke1#traceroute 3.3.3.3 source loopback 0
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.123.3 6 msec 6 msec *

Great, problem solved!

hostname Hub
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.1 255.255.255.0
 no ip redirects
 no ip next-hop-self eigrp 123
 no ip split-horizon eigrp 123
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 123
 network 1.1.1.1 0.0.0.0
 network 172.16.123.0 0.0.0.255
!
end

hostname Spoke1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.2 255.255.255.0
 no ip redirects
 ip nhrp authentication DMVPN
 ip nhrp map 172.16.123.1 192.168.123.1
 ip nhrp map multicast 192.168.123.1
 ip nhrp network-id 1
 ip nhrp nhs 172.16.123.1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/0
 ip address 10.255.0.170 255.255.0.0
 shutdown
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 ip address 192.168.123.2 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 123
 network 2.2.2.2 0.0.0.0
 network 172.16.123.0 0.0.0.255
!
end

hostname Spoke2
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.3 255.255.255.0
 no ip redirects
 ip nhrp authentication DMVPN
 ip nhrp map 172.16.123.1 192.168.123.1
 ip nhrp map multicast 192.168.123.1
 ip nhrp network-id 1
 ip nhrp nhs 172.16.123.1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
router eigrp 123
 network 3.3.3.3 0.0.0.0
 network 172.16.123.0 0.0.0.255
!
end

Conclusion

EIGRP works very well for DMVPN. The two things you need to keep in mind when you use it for DMVPN phase 2 is that:

EIGRP has split horizon enabled by default.
EIGRP changes the next hop IP address.

Fix those two and you will have direct spoke to spoke connectivity. I hope you enjoyed this lesson, if you have any questions feel free to leave a comment!

暗夜星空

Saturday, February 22, 2020

DMVPN Phase 2 EIGRP Routing

Configuration

Tunnel interfaces

EIGRP

Conclusion

No comments:

Post a Comment