Introduction to DMVPN
DMVPN stands for Dynamic Multipoint VPN. It is a technique where we can build a VPN network on hub-spoke topologies dynamically without having the need to configure the devices statically. DMVPN also supports IPsec encryption and hence is a popular technique for building tunnels over internet connectivity thus acting as an alternative to MPLS connectivity solutions. DMVPN is usually deployed in HUB and Spoke topologies. Hub has a single multipoint tunnel interface and all the spoke sites have a single point-point tunnel interface with Hub site.
DMVPN Phase I
DMVPN has three phases and in this post we will discuss the first DMVPN phase. In 1st phase there can’t be any Spoke to spoke communication directly. Any spoke that needs to speak to another spoke site has to go through a Hub site in phase 1.
We will use the simple topology as below to configure the Multipoint tunnels and bring the EIGRP neighborship up between the Spoke and Hub sites.
Topology
In our topology R1 is the router at Hub site and R2 and R3 are the routers at the two spoke sites. R2 and R3 form a GRE tunnel with HUB over its multipoint GRE tunnel interface.
Once the tunnels between the Spoke and the Hub sites are up we will run EIGRP over the Tunnels and should be able to see the communication happening between the two spoke sites via the Hub site.
Configuration
R1:
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip split-horizon eigrp 100 # As EIGRP split horizon is enabled by default and if we don’t disable this the Hub router wont advertise the routes learnt from Spoke 1 to Spoke2 and vice versa.
ip nhrp authentication cisco # Optional but we configure to authenticate our NHRP traffic
ip nhrp map multicast dynamic #this command tells the hub router where to forward multicast packets to. Since the IP addresses of the spoke routers are unknown, we use dynamic to automatically add their IP addresses to the multicast destination list when the spokes register themselves.
ip nhrp network-id 10 # ID is used to differentiate between multiple DMVPN networks, usually kept same on all routers.
tunnel source FastEthernet0/0
tunnel mode gre multipoint # Default tunnel mode is p2p GRE so enable multipoint GRE.
!
interface FastEthernet0/0
ip address 9.9.0.1 255.255.255.0
!
router eigrp 100
network 1.1.1.1 0.0.0.0
network 192.168.10.0
R2:
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 192.168.10.2 255.255.255.0
ip nhrp authentication cisco
ip nhrp map 192.168.10.1 9.9.0.1 #Creating Static mapping between HUBs tunnel and NBMA address
ip nhrp map multicast 9.9.0.1
ip nhrp network-id 1
ip nhrp nhs 192.168.10.1 #Mention the NHRP server which in our case is hub router.
tunnel source FastEthernet0/0
tunnel destination 9.9.0.1
!
interface FastEthernet0/0
ip address 9.9.0.2 255.255.255.0
!
router eigrp 100
network 2.2.2.2 0.0.0.0
network 192.168.10.0
R3:
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 192.168.10.3 255.255.255.0
ip nhrp authentication cisco
ip nhrp map 192.168.10.1 9.9.0.1
ip nhrp map multicast 9.9.0.1
ip nhrp network-id 1
ip nhrp nhs 192.168.10.1
tunnel source FastEthernet0/0
tunnel destination 9.9.0.1
!
interface FastEthernet0/0
ip address 9.9.0.3 255.255.255.0
!
router eigrp 100
network 3.3.3.3 0.0.0.0
network 192.168.10.0
Verification
On the hub site we see the two Spoke sites are registered
R1# sh dmvpn
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding, W –> Waiting
UpDn Time –> Up or Down Time for a Tunnel
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1 9.9.0.2 192.168.10.2 UP 01:02:37 D
1 9.9.0.3 192.168.10.3 UP 01:01:56 D
R1#sh ip nhrp
Tunnel0 created 01:03:17, expire 01:36:42
Type: dynamic, Flags: unique registered used
NBMA address: 9.9.0.2
192.168.10.3/32 via 192.168.10.3
Tunnel0 created 01:02:36, expire 01:37:22
Type: dynamic, Flags: unique registered used
NBMA address: 9.9.0.3
On the spoke we see the NHS server showing as the HUB router:
R2# sh ip nhrp nhs detail
Tunnel0:
192.168.10.1 RE priority = 0 cluster = 0 req-sent 9 req-failed 0 repl-recv 3 (00:26:19 ago)
Next we see the Hub has formed EIGRP neighborship with both the spoke sites:
R1# sh ip eigrp neighbors
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.10.2 Tu0 12 00:36:51 56 1470 0 8
1 192.168.10.3 Tu0 13 00:43:37 41 1470 0 6
R1#sh ip route eigrp
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/27008000] via 192.168.10.2, 00:37:11, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/27008000] via 192.168.10.3, 00:43:57, Tunnel0
Both the spokes learn route about each other via the Hub site as follows:
R2#sh ip route | i 3.3.3.3
R3#sh ip route | i 2.2.2.2
We see the trace also goes from Spoke > Hub > Spoke as follows:
R2#traceroute 3.3.3.3 source 2.2.2.2
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.10.1 56 msec 44 msec 24 msec
2 192.168.10.3 40 msec 56 msec 76 msec
Continue Reading:
GETVPN vs DMVPN: Understand the difference
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
