DMVPN – Dynamic Multipoint Virtual Private Network (Part-2) – BS

With part 1 behind us we move toward the configuration of a Multipoint GRE interface in the HUB. This change in configuration will allow the reduction in complexity and the simplification of the addressing scheme.

NHRP (Next Hop Resolution Protocol) will be used to map the tunnel interface address to the external physical address of each spoke in the HUB configuration.

We will start with a clean topology and configuration.

INITIAL TOPOLOGY

INITIAL CONFIGURATION

INTERNET

 hostname INTERNET
!
interface Ethernet0/0
 description Connects to HUB
 ip address 10.0.0.2 255.255.255.252
 no shutdown
!
interface Ethernet0/1
 description Connects to SPOKE1
 ip address 10.0.0.6 255.255.255.252
 no shutdown
!
interface Ethernet0/2
 description Connects to SPOKE2
 ip address 10.0.0.10 255.255.255.252
 no shutdown
!
interface Ethernet0/3
 description Connects to SPOKE3
 ip address 10.0.0.14 255.255.255.252
 no shutdown

HUB

hostname HUB
!
interface Loopback0
 description Local Lan 0
 ip address 172.16.0.1 255.255.254.0
!
interface Loopback1
 description Local Lan 1
 ip address 172.16.2.1 255.255.255.0
!
interface Loopback2
 description Local Lan 2
 ip address 172.16.3.1 255.255.255.0
!
interface Loopback3
 description Local Lan 3
 ip address 172.16.4.1 255.255.252.0
!
interface Ethernet0/0
 description Internet Connection
 ip address 10.0.0.1 255.255.255.252
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.0.2

SPOKES

hostname SPOKE1
!
interface Loopback0
 description Local 0
 ip address 172.17.0.1 255.255.255.0
!
interface Loopback1
 description Local 1
 ip address 172.17.1.1 255.255.255.0
!
interface Ethernet0/0
 description INTERNET Connection
 ip address 10.0.0.5 255.255.255.252
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.0.6

hostname SPOKE2
!
interface Loopback0
 description Local 0
 ip address 172.18.0.1 255.255.255.0
!
interface Loopback1
 description Local 1
 ip address 172.18.1.1 255.255.255.0
!
interface Ethernet0/0
 description INTERNET Connection
 ip address 10.0.0.9 255.255.255.252
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.0.10

hostname SPOKE3
!
interface Loopback0
 description Local 0
 ip address 172.19.0.1 255.255.255.0
!
interface Loopback1
 description Local 1
 ip address 172.19.1.1 255.255.255.0
!
interface Ethernet0/0
 description INTERNET Connection
 ip address 10.0.0.13 255.255.255.252
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.0.14

TOPOLOGY

HUB TUNNEL INTERFACE CONFIGURATION

interface Tunnel 0
 ip add 192.168.0.1 255.255.255.248
! configure the map between the tunnel address and the physical address
 ip nhrp map 192.168.0.2 10.0.0.5
 ip nhrp map 192.168.0.3 10.0.0.9
 ip nhrp map 192.168.0.4 10.0.0.13
! allow multicast through the tunnel (needed for routing) 
 ip nhrp map multicast 10.0.0.5
 ip nhrp map multicast 10.0.0.9
 ip nhrp map multicast 10.0.0.13
! network id shared with all multipoint group members
 ip nhrp network-id 1
! disable split-horizon to allows spoke to spoke updates to go through
 no ip split-horizon eigrp 10
! identify the tunnel source address (tunnel destination are configured in the maps)
 tunnel source 10.0.0.1
! configure tunnel mode as gre multipoint
 tunnel mode gre multipoint

SPOKE TUNNEL INTERFACE CONFIGURATION

!SPOKE1
interface tunnel 0
 ip address 192.168.0.2 255.255.255.248
 tunnel source 10.0.0.5
 tunnel destination 10.0.0.1
 tunnel mode gre ip

!SPOKE2
interface tunnel 0
 ip address 192.168.0.3 255.255.255.248
 tunnel source 10.0.0.9
 tunnel destination 10.0.0.1
 tunnel mode gre ip

!SPOKE3
interface tunnel 0
 ip address 192.168.0.4 255.255.255.248
 tunnel source 10.0.0.13
 tunnel destination 10.0.0.1
 tunnel mode gre ip

ROUTING CONFIGURATION

!HUB
router eigrp 10
 network 172.16.0.0 0.0.7.255
 network 192.168.0.0 0.0.0.7
 no auto-summary

!SPOKE1
router eigrp 10
 network 172.17.0.0 0.0.7.255
 network 192.168.0.0 0.0.0.7
 no auto-summary

!SPOKE2
router eigrp 10
 network 172.18.0.0 0.0.7.255
 network 192.168.0.0 0.0.0.7
 no auto-summary

!SPOKE3
router eigrp 10
 network 172.19.0.0 0.0.7.255
 network 192.168.0.0 0.0.0.7
 no auto-summary

VERIFICATION

HUB# show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:3, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 10.0.0.5            192.168.0.2  NHRP    never    S
     1 10.0.0.9            192.168.0.3  NHRP    never    S
     1 10.0.0.13           192.168.0.4  NHRP    never    S

! note the static mapping

HUB# ping 172.17.0.1 source 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.0.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/6 ms
HUB# ping 172.18.0.1 source 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.0.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
HUB# ping 172.19.0.1 source 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.0.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms

HUB#show ip route eigrp

<output omitted>

      172.17.0.0/24 is subnetted, 2 subnets
D        172.17.0.0 [90/27008000] via 192.168.0.2, 00:03:12, Tunnel0
D        172.17.1.0 [90/27008000] via 192.168.0.2, 00:03:12, Tunnel0
      172.18.0.0/24 is subnetted, 2 subnets
D        172.18.0.0 [90/27008000] via 192.168.0.3, 00:02:59, Tunnel0
D        172.18.1.0 [90/27008000] via 192.168.0.3, 00:02:59, Tunnel0
      172.19.0.0/24 is subnetted, 2 subnets
D        172.19.0.0 [90/27008000] via 192.168.0.4, 00:02:48, Tunnel0
D        172.19.1.0 [90/27008000] via 192.168.0.4, 00:02:48, Tunnel0

We achieved the same result (minus the security) with less configuration overhead.

On part 3 we will configure the SPOKES to dynamically register with the HUB, and to use it as a NHRP server to discover the external addresses of the each other in order to create dynamic tunnels between them.

See you then. Stay good.

7 thoughts on “DMVPN – Dynamic Multipoint Virtual Private Network (Part-2)”

bestvpncanada.com says:

February 2, 2017 at 10:43 pm

Thank you for writing this awesome article. I’m reading your blog since a long time already but
I never compelled to leave a comment. I registered your blog in my
rss feed and shared it on my Facebook. Thanks again for
this great post!

LikeLike
1. bsnetworking says:
  
  February 6, 2017 at 7:25 pm
  
  Thank you. You are must welcome.
  
  LikeLike
Pingback: DMVPN – Dynamic Multipoint Virtual Private Network (Part-3) – BS – Networking
vitorhg20080int3 says:

January 5, 2017 at 2:22 pm

What is the spoke to spoke tunnel protocol? It supports NAT-T?

LikeLike
1. bsnetworking says:
  
  January 9, 2017 at 10:11 pm
  
  GRE over IPSec. It does not preform NAT, because it used the tunnel interface so it is outside the NAT scope.
  
  LikeLike
  1. vitorhg20080int3 says:
    
    January 9, 2017 at 10:21 pm
    
    I mean, let’s just imagine all spokes are behind a NATed device. How can can two spokes connects over NAT?
    
    LikeLike
Pingback: DMVPN – Dynamic Multipoint Virtual Private Network (Part-1) – BS – Networking

Comments are closed.