Saturday, February 22, 2020

DMVPN Phase 3 EIGRP Routing

In the first DMVPN lesson we discussed the basics and the different phases. I also showed you how to configure DMVPN phase 1phase 2 and phase 3. In this lesson we’ll take a look how we can configure EIGRP on a DMVPN phase 3 network.
Here’s the topology we will use:
DMVPN Example Topology with hub, two spokes and loopback interfaces.
Above we have a hub and two spoke routers. Each router has a loopback interface which we will advertise in EIGRP.

Configuration


Tunnel interfaces

Below you will find the configuration of the tunnel interfaces. This is a basic DMVPN phase 3 setup:
Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipoint
Hub(config-if)#ip nhrp redirect
Spoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel mode gre multipoint
Spoke1(config-if)#ip nhrp shortcut
Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel mode gre multipoint
Spoke1(config-if)#ip nhrp shortcut
Let’s do a quick test to make sure the hub has two NHRP registrations from the spoke routers:
Hub#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 192.168.123.2      172.16.123.2    UP 00:00:04     D
     1 192.168.123.3      172.16.123.3    UP 00:00:03     D
That’s looking good, let’s do a quick ping:
Hub#ping 172.16.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/10 ms
Hub#ping 172.16.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/8 ms
Time to configure EIGRP…

EIGRP

First we advertise all tunnel interfaces and the loopback interfaces of the spoke routers in EIGRP:
Hub(config)#router eigrp 123
Hub(config-router)#no auto-summary 
Hub(config-router)#network 172.16.123.0 0.0.0.255
Spoke1(config)#router eigrp 123
Spoke1(config-router)#no auto-summary 
Spoke1(config-router)#network 172.16.123.0 0.0.0.255
Spoke1(config-router)#network 2.2.2.2 0.0.0.0
Spoke2(config)#router eigrp 123
Spoke2(config-router)#no auto-summary 
Spoke2(config-router)#network 172.16.123.0 0.0.0.255
Spoke2(config-router)#network 3.3.3.3 0.0.0.0
The spoke routers don’t require specific entries thanks to NHRP traffic indication. I will advertise a default route on the hub router:
Hub(config)#interface tunnel 0 
Hub(config-if)#ip summary-address eigrp 123 0.0.0.0 0.0.0.0
Let’s check the routing tables:
Hub#show ip route eigrp 

D*    0.0.0.0/0 is a summary, 00:00:19, Null0
      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/27008000] via 172.16.123.2, 00:01:19, Tunnel0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/27008000] via 172.16.123.3, 00:00:19, Tunnel0
Spoke1#show ip route eigrp 

D*    0.0.0.0/0 [90/28160000] via 172.16.123.1, 00:00:31, Tunnel0
Spoke2#show ip route eigrp 

D*    0.0.0.0/0 [90/28160000] via 172.16.123.1, 00:00:43, Tunnel0
The hub has two specific entries, the spoke routers only have a default route. Let’s see if direct spoke-to-spoke communication is possible:
Spoke1#traceroute 3.3.3.3 source loopback 0
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.123.3 8 msec 7 msec *
Great it’s working! Let’s check the NHRP cache on our spoke routers:
Spoke1#show dmvpn | begin Peer
Type:Spoke, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     2 192.168.123.3      172.16.123.3    UP 00:01:12   DT1
                          172.16.123.3    UP 00:01:12   DT1
     1 192.168.123.1      172.16.123.1    UP 00:26:00     S
Spoke2#show dmvpn | begin Peer
Type:Spoke, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     2 192.168.123.2      172.16.123.2    UP 00:01:16   DT1
                          172.16.123.2    UP 00:01:16   DT1
     1 192.168.123.1      172.16.123.1    UP 00:26:16     S
Above you can see that the spoke routers installed entries in the NHRP cache for each other’s NBMA addresses. In the routing table we will find a new NHRP entry:
Spoke1#show ip route nhrp | include 3.3.3.3
H        3.3.3.3 [250/255] via 172.16.123.3, 00:01:58, Tunnel0
Spoke2#show ip route nhrp | include 2.2.2.2
H        2.2.2.2 [250/255] via 172.16.123.2, 00:02:15, Tunnel0
That’s all there is to it! We successfully configured EIGRP on a DMVPN phase 3 network.
hostname Hub
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.1 255.255.255.0
 no ip redirects
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip nhrp redirect
 ip summary-address eigrp 123 0.0.0.0 0.0.0.0
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
!         
router eigrp 123
 network 172.16.123.0 0.0.0.255
!
end
hostname Spoke1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.2 255.255.255.0
 no ip redirects
 ip nhrp authentication DMVPN
 ip nhrp map 172.16.123.1 192.168.123.1
 ip nhrp map multicast 192.168.123.1
 ip nhrp network-id 1
 ip nhrp nhs 172.16.123.1
 ip nhrp shortcut
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.2 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 no cdp enable    
!
router eigrp 123
 network 2.2.2.2 0.0.0.0
 network 172.16.123.0 0.0.0.255
!
end
hostname Spoke2
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
 ip address 172.16.123.3 255.255.255.0
 no ip redirects
 ip nhrp authentication DMVPN
 ip nhrp map 172.16.123.1 192.168.123.1
 ip nhrp map multicast 192.168.123.1
 ip nhrp network-id 1
 ip nhrp nhs 172.16.123.1
 ip nhrp shortcut
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 no cdp enable       
!
router eigrp 123
 network 3.3.3.3 0.0.0.0
 network 172.16.123.0 0.0.0.255
!
end

Conclusion

EIGRP on DMVPN phase 3 works very well. We don’t have to worry about split horizon since the spoke routers don’t have to learn each others networks. I hope you enjoyed this lesson, if you have any questions feel free to leave a comment.
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)