DMVPN Phase 1 RIP Routing

In the first DMVPN lesson I explained some of its basics, in the second lesson I explained how to create a basic DMVPN phase 1 configuration. In this lesson, we’ll take a look how RIP behaves on DMVPN phase 1.

Here’s the topology we will use:

DMVPN Example Topology loopbacks

Above we have two spoke routers and one hub, our underlay network uses 192.168.123.0/24 and the overlay network uses 172.16.123.0/24. Each router has a loopback interface with a network that we can advertise in RIP.

Configuration

In the first DMVPN lesson I explained some of its basics, in the second lesson I explained how to create a basic DMVPN phase 1 configuration. In this lesson, we'll take a look how RIP behaves on DMVPN phase 1. Here's the topology we will use: Above we have two spoke routers and one hub, our underlay


Tunnel Interfaces

Here is the configuration of the tunnel interfaces on the hub and spoke routers. I explained these commands in the DMVPN phase 1 basic configuration lesson so I’m not going to discuss them again:

Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipoint
Spoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel destination 192.168.123.1
Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel destination 192.168.123.1

Let’s do two quick checks, we want to make sure that both spokes are registered to the hub:

Hub#show dmvpn | begin 192.168.123.
     1 192.168.123.2      172.16.123.2    UP 00:22:37     D
     1 192.168.123.3      172.16.123.3    UP 00:00:32     D

And we want to make sure that we can ping all tunnel IP addresses:

Hub#ping 172.16.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/8 ms
Hub#ping 172.16.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/9 ms

Now we can focus on the RIP configuration…

RIP

Let’s enable RIP on all routers:

Hub(config)#router rip
Hub(config-router)#version 2
Hub(config-router)#network 1.0.0.0
Hub(config-router)#network 172.16.0.0
Hub(config-router)#no auto-summary
Spoke1(config)#router rip
Spoke1(config-router)#version 2
Spoke1(config-router)#network 2.0.0.0 
Spoke1(config-router)#network 172.16.0.0
Spoke1(config-router)#no auto-summary
Spoke2(config)#router rip
Spoke2(config-router)#version 2
Spoke2(config-router)#network 3.0.0.0
Spoke2(config-router)#network 172.16.0.0 
Spoke2(config-router)#no auto-summary 

Now let’s see what we have…

Hub#show ip route rip 

      2.0.0.0/32 is subnetted, 1 subnets
R        2.2.2.2 [120/1] via 172.16.123.2, 00:00:07, Tunnel0
      3.0.0.0/32 is subnetted, 1 subnets
R        3.3.3.3 [120/1] via 172.16.123.3, 00:00:06, Tunnel0

Our hub router has learned both networks on the loopback interfaces. Take a good look at the next hop IP addresses that we have here, these are the tunnel addresses. When the hub wants to reach these networks, it will have to check NHRP to find the NBMA addresses:

Hub#show dmvpn | begin Hub
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 192.168.123.2      172.16.123.2    UP 00:29:29     D
     1 192.168.123.3      172.16.123.3    UP 00:07:24     D

When we want to reach 2.2.2.2/2 we will use 172.16.123.2 as the next hop. In our NHRP cache we see that we need to use NBMA address 192.168.123.2 to get there.

What about the spoke routers, did they learn anything?

Spoke1#show ip route rip 

      1.0.0.0/32 is subnetted, 1 subnets
R        1.1.1.1 [120/1] via 172.16.123.1, 00:00:17, Tunnel0
Spoke2#show ip route rip 

      1.0.0.0/32 is subnetted, 1 subnets
R        1.1.1.1 [120/1] via 172.16.123.1, 00:00:08, Tunnel0

Our spoke routers only have one entry, the network on the loopback interface of the hub router. What went wrong here?

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

515 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Hi !

    Now i am on this , i get this debug message

    Packet received via GigabitEthernet1/0, not configured for NHRPsrc 192.168.123.3 dst 192.168.123.1
    *Dec 20 16:38:12.083: NHRP: Pak out GigabitEthernet1/0 would leave logical NBMA network

    I have tried with giga int as source also…but the same. I was wodering if it is the platform i am using in GNS3

  2. Hello Rene,

    I was wondering if you would help with the following?
    This was configured in GNS3, and I used the same IP addressing you have here. Well for the most part.
    I can’t figure out why I keep getting the “retry limit exceeded” message below.

    Hub# debug nhrp
    *Nov 29 21:19:02.135: NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 105
    *Nov 29 21:19:02.135: NHRP: netid_in = 1, to_us = 1
    *Nov 29 21:19:02.139: NHRP: Adding Tunnel Endpoints (VPN: 172.16.123.2, NBMA: 192.168.123.5)
    *Nov 29 21:19:02.139: NHRP: Cache already has a subblock node att
    ... Continue reading in our forum

  3. Joel,
    Does it keep bouncing back and forth between “retry exceeded” then having a new adjacency? If so, this is usually indicative of EIGRP trying to use the tunnel to discover the tunnel endpoints themselves (so it becomes a recursive logic problem). We won’t know for sure until we see your config, though.

  4. Hello Rene,
    I’m trying to complete the DMVPN Phase 1 Basic Config in my home lab using your configuration steps and the diagram from the lesson. I don’t understand how you have two connections coming into the hub router using the same interface. I appear to have a cabling issue. As of now I can only get one of the spokes registered with the hub but not both sides. Please advise, thanks.

    Willie Brown

  5. Hello Rob,
    based on your previous post you are misunderstanding concept of different phases.

    • Hub is configured with “tunnel mode gre multipoint” in every DMVPN Phase (1, 2, 3).
    • Spokes are configured differently based on Phase you want to go with.
      Phase 1 is configured with “tunnel destination ip” on spokes. In DMVPN Phase 1 traffic between spokes goes always through the hub. This is definition of Phase 1.
      Phase 2 is configured with “tunnel mode gre multipoint” on spokes. Phase 2 allows direct spoke to spoke communication, thus traffic does not need to go throu
    ... Continue reading in our forum

17 more replies! Ask a question or join the discussion by visiting our Community Forum