Cisco DMVPN Configuration and verification

DMVPN or Dynamic multipoint VPN is a widely used technology. In this article I will explain why do we need it and how to configure it.

Problem-1 : You have huge number of sites and you add and delete sites on daily basis. You connect those sites with GRE tunnels. Do you think adding and deleting sites on daily can be a good practice?? think about the manual work of configuring hundreds of DMVPN tunnels. We must have a dynamic way to connect to a hub site.

Problem-2 : You do not know the public IP address of your remote location. Basically they are connected via DSL router which refreshes the IP address on daily basis. How do you think you can connect with this site. Can you make static GRE tunnels? static tunnels need static source and destination configuration. Here as well…we need a Dynamic way to achieve the connectivity.

 

Following is a simple 3 site configuration for DMVPN….

cisco DMVPN GNS3 lab
Cisco DMVPN

 

Hub :

interface Tunnel1
 ip address 192.168.10.1 255.255.255.248
 no ip redirects
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 tunnel source 30.30.30.1
 tunnel mode gre multipoint
 !
 interface FastEthernet0/0
 ip address 30.30.30.1 255.255.255.0
 !
 router ospf 1
 log-adjacency-changes
 network 30.30.30.0 0.0.0.255 area 0

Spoke1 :

interface FastEthernet0/0
 ip address dhcp
 !

interface Tunnel1
 ip address 192.168.10.2 255.255.255.248
 no ip redirects
 ip nhrp map 192.168.10.1 30.30.30.1
 ip nhrp map multicast 30.30.30.1
 ip nhrp network-id 1
 ip nhrp nhs 192.168.10.1
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint

!

router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0

Spoke2 :

interface Tunnel1
 ip address 192.168.10.3 255.255.255.248
 no ip redirects
 ip nhrp map 192.168.10.1 30.30.30.1
 ip nhrp map multicast 30.30.30.1
 ip nhrp network-id 1
 ip nhrp nhs 192.168.10.1
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 !
 interface FastEthernet0/0
 ip address dhcp
 !

router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0

ISP Router(Symbolic):

ip dhcp excluded-address 10.10.10.1
 ip dhcp excluded-address 20.20.20.1
 !
 ip dhcp pool POOL1
 network 20.20.20.0 255.255.255.0
 !
 ip dhcp pool POOL2
 network 10.10.10.0 255.255.255.0
 !
 interface FastEthernet0/0
 ip address 30.30.30.2 255.255.255.0
 !
 interface FastEthernet1/0
 ip address 10.10.10.1 255.255.255.0
 !
 interface FastEthernet1/1
 ip address 20.20.20.1 255.255.255.0
 !

router ospf 1
 log-adjacency-changes
 network 10.10.10.0 0.0.0.255 area 0
 network 20.20.20.0 0.0.0.255 area 0
 network 30.30.30.0 0.0.0.255 area 0

 

Verification :

HUB#show dmvpn
 Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
 N - NATed, L - Local, X - No Socket
 # Ent --> Number of NHRP entries with same NBMA peer
 NHS Status: E --> Expecting Replies, R --> Responding
 UpDn Time --> Up or Down Time for a Tunnel
 ==========================================================================

Interface: Tunnel1, IPv4 NHRP Details
 Type:Hub, NHRP Peers:2,

# Ent Peer       NBMA Addr     Peer     Tunnel Add State UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
 1       10.10.10.2  192.168.10.2     UP     00:12:48               D
 1        20.20.20.2 192.168.10.3     UP     00:01:16               D

Spoke1#show dmvpn
 *Apr 16 23:26:27.443: %SYS-5-CONFIG_I: Configured from console by console
 Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
 N - NATed, L - Local, X - No Socket
 # Ent --> Number of NHRP entries with same NBMA peer
 NHS Status: E --> Expecting Replies, R --> Responding
 UpDn Time --> Up or Down Time for a Tunnel
 ==========================================================================

Interface: Tunnel1, IPv4 NHRP Details
 Type:Spoke, NHRP Peers:1,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
 1     30.30.30.1     192.168.10.1           UP     00:14:13      S




Spoke2#show dmvpn
 Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
 N - NATed, L - Local, X - No Socket
 # Ent --> Number of NHRP entries with same NBMA peer
 NHS Status: E --> Expecting Replies, R --> Responding
 UpDn Time --> Up or Down Time for a Tunnel
 ==========================================================================

Interface: Tunnel1, IPv4 NHRP Details
 Type:Spoke, NHRP Peers:1,




# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
 1        30.30.30.1      192.168.10.1          UP      00:04:08            S

 

Now traffic initiated from SPOKE to SPOKE to bring up dynamic spoke to spoke tunnel.

 

Spoke2#ping 192.168.10.2

Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
 !!!!!
 Success rate is 100 percent (5/5), round-trip min/avg/max = 24/104/232 ms
 Spoke2#show dmvpn
 Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
 N - NATed, L - Local, X - No Socket
 # Ent --> Number of NHRP entries with same NBMA peer
 NHS Status: E --> Expecting Replies, R --> Responding
 UpDn Time --> Up or Down Time for a Tunnel
 ==========================================================================

Interface: Tunnel1, IPv4 NHRP Details
 Type:Spoke, NHRP Peers:2,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
 1 30.30.30.1 192.168.10.1 UP 00:05:42 S
 1 10.10.10.2 192.168.10.2 UP 00:00:03 D

 

I will discuss more about phase2 and phase3 tunnels in my upcoming blogs. Stay tuned!!

 

 

 

Leave a Reply