DMVPN Phase 1 (Obsolete)

Introduction

  • mGRE is configured on the hub, and GRE is configured on the spokes.
    • Spoke tunnels should be configured as P2P GRE tunnels. The configuration includes the tunnel SRC and the tunnel DST. Because the tunnel DST is configured, it ties that tunnel to that DST only. This makes the tunnel a P2P and not multipoint tunnel.
  • Multicast or unicast traffic can only flow between the hub and the spokes, not from spoke to spoke.
  • This can be configured statically, or the NHCs (spokes) can register themselves dynamically with the NHS (the hub).

If the mappings are performed dynamically, the spokes can be added dynamically without any configuration performed on the hub. How does that work?

  1. When a spoke router initially connects to the DMVPN network, it registers its tunnel-IP-address-to-NBMA-IP-address mapping with the hub router.
  2. The hub router acknowledges the registration by sending back the registration message that was initiated by the spoke with a success code.
  3. This means that the spoke routers must be configured with the tunnel IP address of the hub; otherwise, they won’t know where to go to register their tunnel-IP-address-to-NBMA-IP-address mapping.
				
					43	172.353024	172.16.31.1	172.16.11.1	NHRP	130	NHRP Registration Request, ID=3
44	172.356405	172.16.11.1	172.16.31.1	NHRP	150	NHRP Registration Reply, ID=3, Code=Success
				
			

Routing Scenarios

Tunnel

				
					[ Hub ]
interface Tunnel0
 bandwidth 4000
 ip address 192.168.100.11 255.255.255.0
 ip mtu 1400
 ip nhrp network-id 1
 ip nhrp map multicast dynamic
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
end
				
			
				
					[ Spokes ]
interface Tunnel0
 bandwidth 4000
 ip address 192.168.100.31 255.255.255.0
 ip mtu 1400
 ip nhrp network-id 1
 ip nhrp nhs 192.168.100.11 nbma 172.16.11.1 multicast
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0
 tunnel destination 172.16.11.1
end
				
			

EIGRP

  • EIGRP is a distance vector routing protocol so keep in mind split-horizon.
  • EIGRP changes the next-hop IP address, when we configure Phase 2 this will be an issue (we can fix it).

The hub router has two entries, the next hop IP addresses are the tunnel addresses of spoke 1 and 2. When we want to resolve them, we’ll have to check the information in the NHRP cache.

Like RIP, EIGRP is a distance vector routing protocol so we have split horizon issues. The spoke routers won’t see each other’s networks.

After disabling split-horizon the spoke routers learned each others networks but the next hop IP address is the Hub. EIGRP changes the next hop IP address when it advertises networks. In this example we are using DMVPN phase 1 so it doesn’t matter. When we use phase 2, this will cause all traffic to go through the hub.

Our traffic goes through the hub router as expected. Since all traffic will go through the hub, there’s no point in advertising all networks to our spoke routers. Let’s configure a default route summary on the hub router and advertise it towards the spoke routers.

Since the spoke routers only need the default route, we can forget about split horizon and enable it again.

				
					'[DMVPN]'
R11#show dmvpn
/*omitted*/
Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 172.16.31.1      192.168.100.31    UP 03:13:10     D
     1 172.16.41.1      192.168.100.41    UP 03:13:10     D
R11#

R11#show ip nhrp 
192.168.100.31/32 via 192.168.100.31
   Tunnel0 created 03:13:19, expire 00:06:59
   Type: dynamic, Flags: registered used nhop 
   NBMA address: 172.16.31.1 
192.168.100.41/32 via 192.168.100.41
   Tunnel0 created 03:13:18, expire 00:07:29
   Type: dynamic, Flags: registered used nhop 
   NBMA address: 172.16.41.1 
R11#

'[Routing]'
R11#show ip route eigrp 
/*omitted*/
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
      31.0.0.0/32 is subnetted, 1 subnets
D        31.31.31.31 [90/26880640] via 192.168.100.31, 00:03:54, Tunnel0
      41.0.0.0/32 is subnetted, 1 subnets
D        41.41.41.41 [90/26880640] via 192.168.100.41, 00:03:11, Tunnel0
R11#
				
			
				
					'[DMVPN]'
R31#show dmvpn
/*omitted*/
Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:1, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 172.16.11.1      192.168.100.11    UP 00:56:47     S
R31#

R31#show ip nhrp 
192.168.100.11/32 via 192.168.100.11
   Tunnel0 created 00:57:13, never expire 
   Type: static, Flags: 
   NBMA address: 172.16.11.1 
R31#

'[Routing]'
R31#show ip route eigrp
/*omitted*/
Gateway of last resort is 192.168.100.11 to network 0.0.0.0
D*    0.0.0.0/0 [90/26880640] via 192.168.100.11, 00:05:09, Tunnel0
R31#

R31#traceroute 41.41.41.41 sour lo0
/*Type escape sequence to abort.
Tracing the route to 41.41.41.41
VRF info: (vrf in name/id, vrf out name/id)*/
  1 192.168.100.11 5 msec 7 msec 4 msec
  2 192.168.100.41 8 msec *  10 msec
R31#
				
			

OSPF

OSPF network types:

  • Point-to-Point
  • Broadcast
  • Non-Broadcast
  • Point-to-Multipoint
  • Point-to-Multipoint Non-Broadcast

OSPF works but it’s not ideal, RIP, EIGRP and BGP will work better than OSPF on DMVPN. Issues:

  • All spokes in the DMVPN network have to be in the same area and when something changes, all routers have to run SPF.
  • Also we can’t do any summarization within the area.

Point-to-Point

  • Default OSPF network type.
  • The default is point-to-point and we are using multipoint interfaces. The hub router expects one neighbor, not two. It will keep establishing and tearing neighbor adjacencies with the default network type.
  • This is never going to work, not for any of the phases so the OSPF point-to-point network type is something you can forget about with DMVPN.
				
					R31#
*Mar 12 05:23:24.068: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
*Mar 12 05:24:02.512: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
*Mar 12 05:26:38.024: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
*Mar 12 05:27:17.697: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
R41#
*Mar 12 05:25:04.147: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
*Mar 12 05:25:46.397: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
*Mar 12 05:26:13.802: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
*Mar 12 05:26:28.380: %OSPF-5-ADJCHG: Process 1, Nbr 10.11.11.11 on Tunnel0 from LOADING to FULL, Loading Done
				
			

Broadcast

  • Works very well since it automatically establishes neighbor adjacencies.
  • Set the network type on all routers:
    • interface tunnel0
      • ip ospf network broadcast
  • There is no direct communication between spoke routers so we need to make sure that the spoke router can never be elected as DR or BDR.
    • Set their priority to 0:
      • interface tunnel0
        • ip ospf priority 0
  • Next-hop values are preserved.

Checking the routing table, we can see that each router has learned each other networks. When we use the broadcast network type, the next-hop value is preserved. Since we use DMVPN phase 1, all traffic will go through the hub.

				
					'[DMVPN]'
R11#show dmvpn
/*omitted*/
Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 172.16.31.1      192.168.100.31    UP 03:26:56     D
     1 172.16.41.1      192.168.100.41    UP 03:26:56     D
R11#

R11#show ip nhrp 
192.168.100.31/32 via 192.168.100.31
   Tunnel0 created 03:27:00, expire 00:09:57
   Type: dynamic, Flags: registered nhop 
   NBMA address: 172.16.31.1 
192.168.100.41/32 via 192.168.100.41
   Tunnel0 created 03:27:00, expire 00:07:08
   Type: dynamic, Flags: registered used nhop 
   NBMA address: 172.16.41.1 
R11#

'[Routing]'
R11#show ip ospf neighbor 
Neighbor ID     Pri   State           Dead Time   Address         Interface
31.31.31.31       0   FULL/DROTHER    00:00:31    192.168.100.31  Tunnel0
41.41.41.41       0   FULL/DROTHER    00:00:36    192.168.100.41  Tunnel0
R11#

R11#show ip route ospf
/*omitted*/
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
      31.0.0.0/32 is subnetted, 1 subnets
O        31.31.31.31 [110/26] via 192.168.100.31, 00:01:06, Tunnel0
      41.0.0.0/32 is subnetted, 1 subnets
O        41.41.41.41 [110/26] via 192.168.100.41, 00:00:46, Tunnel0
R11#
				
			
				
					'[DMVPN]'
R31#show dmvpn 
/*omitted*/
Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:1, 
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 172.16.11.1      192.168.100.11    UP 01:08:25     S
R31#

R31#show ip nhrp 
192.168.100.11/32 via 192.168.100.11
   Tunnel0 created 01:08:49, never expire 
   Type: static, Flags: 
   NBMA address: 172.16.11.1 
R31#

'[Routing]'
R31#show ip ospf neighbor 
Neighbor ID     Pri   State           Dead Time   Address         Interface
11.11.11.11       1   FULL/DR         00:00:38    192.168.100.11  Tunnel0
R31#

R31#show ip route ospf
/*omitted*/
Gateway of last resort is not set
      11.0.0.0/32 is subnetted, 1 subnets
O        11.11.11.11 [110/26] via 192.168.100.11, 00:02:43, Tunnel0
      41.0.0.0/32 is subnetted, 1 subnets
O        41.41.41.41 [110/26] via 192.168.100.41, 00:02:23, Tunnel0
R31#

R31#traceroute 41.41.41.41 source lo0
/*Type escape sequence to abort.
Tracing the route to 41.41.41.41
VRF info: (vrf in name/id, vrf out name/id)*/
  1 192.168.100.11 6 msec 4 msec 6 msec
  2 192.168.100.41 7 msec *  10 msec
R31#
				
			

Non-Broadcast

  • The non-broadcast network type works exactly the same as broadcast with the exception that we have to configure static neighbors.
    • Configure static peering at the Hub:
      • router ospf 1
        • neighbor 192.168.100.41
        • neighbor 192.168.100.31
  • Defeats the purpose of having dynamic spokes.
  • Remember to make sure that the spoke routers never become DR or BDR.

Point-to-Multipoint

  • Works very well.
  • Automatic neighbor adjacencies and there is no DR/BDR election.
  • Change the network type on all routers:
    • interface tunnel0
      • ip ospf network point-to-multipoint
  • Next-hop values point to Hub router.

Checking RIB, take a close look at the different next-hop values, they all point to the hub router. This is no problem for DMVPN phase 1 since everything will go through the hub anyway but in phase 2, this will cause issues.

				
					'[Routing]'
R11#show ip ospf neighbor 
Neighbor ID     Pri   State           Dead Time   Address         Interface
41.41.41.41       0   FULL/  -        00:01:45    192.168.100.41  Tunnel0
31.31.31.31       0   FULL/  -        00:01:50    192.168.100.31  Tunnel0
R11#

R11#show ip route ospf    
/*omitted*/
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
      31.0.0.0/32 is subnetted, 1 subnets
O        31.31.31.31 [110/26] via 192.168.100.31, 00:02:18, Tunnel0
      41.0.0.0/32 is subnetted, 1 subnets
O        41.41.41.41 [110/26] via 192.168.100.41, 00:01:54, Tunnel0
      192.168.100.0/24 is variably subnetted, 4 subnets, 2 masks
O        192.168.100.31/32 [110/25] via 192.168.100.31, 00:02:28, Tunnel0
O        192.168.100.41/32 [110/25] via 192.168.100.41, 00:02:05, Tunnel0
R11#
				
			
				
					'[Routing]'
R31#show ip ospf neighbor 
Neighbor ID     Pri   State           Dead Time   Address         Interface
11.11.11.11       0   FULL/  -        00:01:43    192.168.100.11  Tunnel0
R31#

R31#show ip route ospf
/*omitted*/
Gateway of last resort is not set
      11.0.0.0/32 is subnetted, 1 subnets
O        11.11.11.11 [110/26] via 192.168.100.11, 00:04:17, Tunnel0
      41.0.0.0/32 is subnetted, 1 subnets
O        41.41.41.41 [110/51] via 192.168.100.11, 00:03:41, Tunnel0
      192.168.100.0/24 is variably subnetted, 4 subnets, 2 masks
O        192.168.100.11/32 [110/25] via 192.168.100.11, 00:04:17, Tunnel0
O        192.168.100.41/32 [110/50] via 192.168.100.11, 00:03:52, Tunnel0
R31#

R31#traceroute 41.41.41.41 source lo0
/*Type escape sequence to abort.
Tracing the route to 41.41.41.41
VRF info: (vrf in name/id, vrf out name/id)*/
  1 192.168.100.11 5 msec 7 msec 5 msec
  2 192.168.100.41 6 msec *  8 msec
R31#
				
			

Point-to-Multipoint Non-Broadcast

  • Exact the same thing but we have to configure static peers.
  • Just like non-broadcast, it defeats the purpose of having dynamic neighbors if we have to configure OSPF neighbors manually but it works.

As we have seen, there’s quite some stuff in the routing tables. All traffic goes through the hub so our spoke routers don’t really need to know everything. Unfortunately, it’s impossible to summarize within the area. We can reduce the number of routes by changing the DMVPN area into a stub or totally stub area.

Stub Area

				
					[ Hub ]
interface tunnel0
 ip ospf network point-to-multipoint
!
router ospf 1
 network 10.11.0.0 0.0.255.255 area 0
 network 192.0.0.0 0.255.255.255 area 1
 area 1 stub no-summary
				
			
				
					[ Spoke 1 ]
interface tunnel0
 ip ospf network point-to-multipoint
!
router ospf 1
 network 10.31.0.0 0.0.255.255 area 1
 network 192.0.0.0 0.255.255.255 area 1
 area 1 stub

[ Spoke 2 ]
interface tunnel0
 ip ospf network point-to-multipoint
!
router ospf 1
 network 10.41.0.0 0.0.255.255 area 1
 network 192.0.0.0 0.255.255.255 area 1
 area 1 stub
				
			
				
					" Hub "
R11#show ip ospf neighbor   
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.41.41.41       0   FULL/  -        00:01:38    192.168.100.41  Tunnel0
10.31.31.31       0   FULL/  -        00:01:51    192.168.100.31  Tunnel0
R11#
R11#show ip ospf inter brief
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Lo0          1     0               10.11.11.11/24     1     LOOP  0/0
Tu0          1     1               192.168.100.11/24  25    P2MP  2/2
R11#

" Spokes "
R31#show ip ospf neighbor 
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.11.11.11       0   FULL/  -        00:01:47    192.168.100.11  Tunnel0
R31#
R31#show ip ospf inter brief
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Lo0          1     1               10.31.31.31/24     1     LOOP  0/0
Tu0          1     1               192.168.100.31/24  25    P2MP  1/1
R31#

R41#show ip ospf neighbor 
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.11.11.11       0   FULL/  -        00:01:52    192.168.100.11  Tunnel0
R41#
R41#show ip ospf inter brief
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Lo0          1     1               10.41.41.41/24     1     LOOP  0/0
Tu0          1     1               192.168.100.41/24  25    P2MP  1/1
R41#
				
			

Checking the RIB, the two spoke routers still know all prefixes within the DMVPN area but they don’t see the 10.11.11.11/32 route from the hub anymore.

				
					" Hub "
R11#show ip route ospf
/* omitted */
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O        10.31.31.31/32 [110/26] via 192.168.100.31, 00:01:03, Tunnel0
O        10.41.41.41/32 [110/26] via 192.168.100.41, 00:00:36, Tunnel0
      192.168.100.0/24 is variably subnetted, 4 subnets, 2 masks
O        192.168.100.31/32 [110/25] via 192.168.100.31, 00:01:03, Tunnel0
O        192.168.100.41/32 [110/25] via 192.168.100.41, 00:00:36, Tunnel0
R11#

" Spokes "
R31#show ip route ospf
/* omitted */
Gateway of last resort is 192.168.100.11 to network 0.0.0.0
O*IA  0.0.0.0/0 [110/26] via 192.168.100.11, 00:01:29, Tunnel0
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O        10.41.41.41/32 [110/51] via 192.168.100.11, 00:00:52, Tunnel0
      192.168.100.0/24 is variably subnetted, 4 subnets, 2 masks
O        192.168.100.11/32 [110/25] via 192.168.100.11, 00:01:29, Tunnel0
O        192.168.100.41/32 [110/50] via 192.168.100.11, 00:00:52, Tunnel0
R31#

R41#show ip route ospf
/* omitted */
Gateway of last resort is 192.168.100.11 to network 0.0.0.0
O*IA  0.0.0.0/0 [110/26] via 192.168.100.11, 00:01:13, Tunnel0
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O        10.31.31.31/32 [110/51] via 192.168.100.11, 00:01:13, Tunnel0
      192.168.100.0/24 is variably subnetted, 4 subnets, 2 masks
O        192.168.100.11/32 [110/25] via 192.168.100.11, 00:01:13, Tunnel0
O        192.168.100.31/32 [110/50] via 192.168.100.11, 00:01:13, Tunnel0
R41#
				
			

BGP

Possible scenarios:

  • eBGP with different AS on Spokes
  • eBGP with same AS on Spokes
  • iBGP with dynamic peers

EBGP with Different AS on the Spokes

				
					[ Hub ]
ip route 0.0.0.0 0.0.0.0 Null0
!
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!
route-map SPOKES permit 10
 match ip address prefix-list DEFAULT
!
router bgp 65000
 network 0.0.0.0
 neighbor 192.168.100.31 remote-as 31000
 neighbor 192.168.100.31 route-map SPOKES out
 neighbor 192.168.100.41 remote-as 41000
 neighbor 192.168.100.41 route-map SPOKES out
				
			
				
					[ Spoke 1 ]
router bgp 31000
 network 31.31.31.31 mask 255.255.255.255
 neighbor 192.168.100.11 remote-as 65000
 
[ Spoke 2 ]
router bgp 41000
 bgp log-neighbor-changes
 network 41.41.41.41 mask 255.255.255.255
 neighbor 192.168.100.11 remote-as 65000
				
			

Checking the RIB, all routers have learned the different networks.

All traffic goes through the hub so there is no need for our spoke routers to know specific networks. Let’s advertise a default route from the hub to our spoke routers.

Keep in mind that the hub router must have all networks, and the spokes should only have a default route.

				
					'[Routing]'
R11#show ip bgp summary 
/*BGP router identifier 11.11.11.11, local AS number 65000*/
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.100.31  4        31000      10      13        4    0    0 00:05:31        1
192.168.100.41  4        41000       9      15        4    0    0 00:05:00        1
R11#

R11#show ip bgp
/*omitted*/ 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
     Network          Next Hop            Metric LocPrf Weight Path
 *>   0.0.0.0          0.0.0.0                  0         32768 i
 *>   31.31.31.31/32   192.168.100.31           0             0 31000 i
 *>   41.41.41.41/32   192.168.100.41           0             0 41000 i
R11#
				
			
				
					'[Routing]'
R31#show ip bgp summary 
/*BGP router identifier 31.31.31.31, local AS number 31000*/
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.100.11  4        65000      16      12        5    0    0 00:07:43        1
R31#

R31#show ip route bgp
/*omitted*/
Gateway of last resort is 192.168.100.11 to network 0.0.0.0
B*    0.0.0.0/0 [20/0] via 192.168.100.11, 00:03:49
R31#

R31#traceroute 41.41.41.41 source lo0
/*Type escape sequence to abort.
Tracing the route to 41.41.41.41
VRF info: (vrf in name/id, vrf out name/id)*/
  1 192.168.100.11 [AS 65000] 4 msec 6 msec 4 msec
  2 192.168.100.41 [AS 65000] 8 msec *  7 msec
R31#
				
			

EBGP with Same AS on the Spokes

The advantage of this solution is that we don’t have to filter any networks, the spoke routers will not accept any networks where they see their own AS number in the AS path.

				
					[ Hub ]
ip route 0.0.0.0 0.0.0.0 Null0
!
ip prefix-list DEFAULT_ROUTE seq 5 permit 0.0.0.0/0
!
route-map DEFAULT permit 10
 match ip address prefix-list DEFAULT_ROUTE
!
router bgp 65000
 bgp listen range 192.168.100.0/24 peer-group SPOKES
 network 0.0.0.0
 neighbor SPOKES peer-group
 neighbor SPOKES remote-as 75000
 neighbor SPOKES route-map DEFAULT out
				
			
				
					[ Spoke 1 ]
router bgp 75000
 network 31.31.31.31 mask 255.255.255.255
 neighbor 192.168.100.11 remote-as 65000
 
[ Spoke 2 ]
router bgp 75000
 network 41.41.41.0 mask 255.255.255.255
 neighbor 192.168.100.11 remote-as 65000
				
			

Spoke routers don’t accept its each other networks because the ASN 75000 is in the AS_PATH – loop prevention mechanism.

In order to have full reachability between spoke networks, let’s advertise a default route.

				
					'[Routing]'
R11#show ip bgp summary 
/*BGP router identifier 11.11.11.11, local AS number 65000
omitted*/
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
*192.168.100.31 4        75000       6       6        4    0    0 00:01:32        1
*192.168.100.41 4        75000       5       8        4    0    0 00:01:10        1
* Dynamically created based on a listen range command
Dynamically created neighbors: 2, Subnet ranges: 1

BGP peergroup SPOKES listen range group members: 
  192.168.100.0/24 

Total dynamically created neighbors: 2/(100 max), Subnet ranges: 1
R11#

R11#show ip route bgp
/*omitted*/
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
      31.0.0.0/32 is subnetted, 1 subnets
B        31.31.31.31 [20/0] via 192.168.100.31, 00:01:02
      41.0.0.0/32 is subnetted, 1 subnets
B        41.41.41.41 [20/0] via 192.168.100.41, 00:00:49
R11#
				
			
				
					'[Routing]'
R31#show ip bgp summary 
/*BGP router identifier 31.31.31.31, local AS number 75000
omitted*/
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.100.11  4        65000       9       8        3    0    0 00:03:37        1
R31#

R31#show ip route bgp
/*omitted*/
Gateway of last resort is 192.168.100.11 to network 0.0.0.0
B*    0.0.0.0/0 [20/0] via 192.168.100.11, 00:03:28
R31#

R31#traceroute 41.41.41.41 source lo0
/*Type escape sequence to abort.
Tracing the route to 41.41.41.41
VRF info: (vrf in name/id, vrf out name/id)*/
  1 192.168.100.11 [AS 65000] 6 msec 4 msec 5 msec
  2 192.168.100.41 [AS 65000] 7 msec *  7 msec
R31#
				
			

IBGP with Dynamic Peers

The two previous examples with eBGP work very well. Both examples had one “issue” though, we manually configured our neighbors. It works but it defeats the purpose of having dynamic DMVPN spoke routers.

BGP supports something called “dynamic peers” which means they will accept a BGP neighbor adjacency from any router in a given range. You can use this for both eBGP and iBGP but there is one catch…the remote routers have to be in the same AS.

The advantage of iBGP in combination with DMVPN phase 1 is that you don’t have to filter anything on the hub router. Because of iBGP split horizon, the hub won’t advertise any networks from spoke1 to spoke2 (or vice versa).

				
					[ Hub ]
ip route 0.0.0.0 0.0.0.0 Null0
!
router bgp 65000
 bgp listen range 192.168.100.0/24 peer-group SPOKES
 network 0.0.0.0
 neighbor SPOKES peer-group
 neighbor DMVPN_SPOKES remote-as 75000
				
			
				
					[ Spoke 1 ]
router bgp 75000
 network 31.31.31.31 mask 255.255.255.255
 neighbor 192.168.100.11 remote-as 75000

[ Spoke 2 ]
router bgp 75000
 network 41.41.41.41 mask 255.255.255.255
 neighbor 192.168.100.11 remote-as 75000
				
			
				
					'[Routing]'
R11#show ip bgp summary 
/*BGP router identifier 11.11.11.11, local AS number 75000*/
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
*192.168.100.31 4        75000       7       9        4    0    0 00:01:57        1
*192.168.100.41 4        75000       7       7        4    0    0 00:01:58        1
* Dynamically created based on a listen range command
Dynamically created neighbors: 2, Subnet ranges: 1

BGP peergroup SPOKES listen range group members: 
  192.168.100.0/24 

Total dynamically created neighbors: 2/(100 max), Subnet ranges: 1
R11#

R11#show ip route bgp
/*omitted*/
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
      31.0.0.0/32 is subnetted, 1 subnets
B        31.31.31.31 [200/0] via 192.168.100.31, 00:02:30
      41.0.0.0/32 is subnetted, 1 subnets
B        41.41.41.41 [200/0] via 192.168.100.41, 00:02:31
R11#
				
			
				
					'[Routing]'
R31#show ip bgp summary 
/*BGP router identifier 31.31.31.31, local AS number 75000*/
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.100.11  4        75000      11       9        5    0    0 00:03:35        1
R31#

R31#show ip route bgp
/*omitted*/
Gateway of last resort is 192.168.100.11 to network 0.0.0.0
B*    0.0.0.0/0 [200/0] via 192.168.100.11, 00:03:17
R31#

R31#traceroute 41.41.41.41 source lo0
/*Type escape sequence to abort.
Tracing the route to 41.41.41.41
VRF info: (vrf in name/id, vrf out name/id)*/
  1 192.168.100.11 5 msec 6 msec 5 msec
  2 192.168.100.41 6 msec *  6 msec
R31#
				
			

Leave a Reply

Related Post

DMVPN Phase 3DMVPN Phase 3

Introduction Spoke routers will only have a single default route pointing to the hub router. But the spoke routers will be able to access other spoke routers or the network(s)

DMVPNDMVPN

Overlay Tunnels An overlay network is a logical or virtual network built over a physical transport network referred to as an underlay network. Examples of overlay tunneling technologies include the