DMVPN Phase 3 EIGRP Routing

In the first DMVPN lesson we discussed the basics and the different phases. I also showed you how to configure DMVPN phase 1, phase 2 and phase 3. In this lesson we’ll take a look how we can configure EIGRP on a DMVPN phase 3 network.

Here’s the topology we will use:

DMVPN Example Topology with hub, two spokes and loopback interfaces.

Above we have a hub and two spoke routers. Each router has a loopback interface which we will advertise in EIGRP.

Configuration

In the first DMVPN lesson we discussed the basics and the different phases. I also showed you how to configure DMVPN phase 1, phase 2 and phase 3. In this lesson we'll take a look how we can configure EIGRP on a DMVPN phase 3 network. Here's the topology we will use: Above we have a hub and two spok


Tunnel interfaces

Below you will find the configuration of the tunnel interfaces. This is a basic DMVPN phase 3 setup:

Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipoint
Hub(config-if)#ip nhrp redirect
Spoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel mode gre multipoint
Spoke1(config-if)#ip nhrp shortcut
Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel mode gre multipoint
Spoke1(config-if)#ip nhrp shortcut

Let’s do a quick test to make sure the hub has two NHRP registrations from the spoke routers:

Hub#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 192.168.123.2      172.16.123.2    UP 00:00:04     D
     1 192.168.123.3      172.16.123.3    UP 00:00:03     D

That’s looking good, let’s do a quick ping:

Hub#ping 172.16.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/10 ms
Hub#ping 172.16.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/8 ms

Time to configure EIGRP…

EIGRP

First we advertise all tunnel interfaces and the loopback interfaces of the spoke routers in EIGRP:

Hub(config)#router eigrp 123
Hub(config-router)#no auto-summary 
Hub(config-router)#network 172.16.123.0 0.0.0.255
Spoke1(config)#router eigrp 123
Spoke1(config-router)#no auto-summary 
Spoke1(config-router)#network 172.16.123.0 0.0.0.255
Spoke1(config-router)#network 2.2.2.2 0.0.0.0
Spoke2(config)#router eigrp 123
Spoke2(config-router)#no auto-summary 
Spoke2(config-router)#network 172.16.123.0 0.0.0.255
Spoke2(config-router)#network 3.3.3.3 0.0.0.0

The spoke routers don’t require specific entries thanks to NHRP traffic indication. I will advertise a default route on the hub router:

Hub(config)#interface tunnel 0 
Hub(config-if)#ip summary-address eigrp 123 0.0.0.0 0.0.0.0

Let’s check the routing tables:

Hub#show ip route eigrp 

D*    0.0.0.0/0 is a summary, 00:00:19, Null0
      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/27008000] via 172.16.123.2, 00:01:19, Tunnel0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/27008000] via 172.16.123.3, 00:00:19, Tunnel0
Spoke1#show ip route eigrp 

D*    0.0.0.0/0 [90/28160000] via 172.16.123.1, 00:00:31, Tunnel0
Spoke2#show ip route eigrp 

D*    0.0.0.0/0 [90/28160000] via 172.16.123.1, 00:00:43, Tunnel0

The hub has two specific entries, the spoke routers only have a default route. Let’s see if direct spoke-to-spoke communication is possible:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

525 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , ,


Forum Replies

  1. Rene,

    When would we choose to use Phase 1, 2, or 3, and why? I understand the differences between the three, but do we gain any benefit from implementing one or the other that is noticeable to end users?

    It seems to me that perhaps allowing spoke routers to talk to each other may decrease latency in the real world, as they would not have to hop through the hub router, but other than that I’m not sure.

    Thanks,

    Patrick

  2. Hi Patrick,

    The different versions are like an evolution of DMVPN. We don’t really use phase 1 anymore unless you have a really good reason why you want to force all traffic through the hub (security perhaps?). Otherwise, it’s more effective to allow spoke-to-spoke traffic.

    Both phase 2 and 3 allow spoke-to-spoke traffic, the advantage of phase 3 is that we use the “shortcuts” so you don’t need specific entries anymore in the routing tables of the spoke routers. I can’t think of any advantages right now that phase 2 has over phase 3 so if you implement this, yo

    ... Continue reading in our forum

  3. Hello Heng

    This is a very good question. Looking at the process in more detail, when using Phase 3.

    Initially, (and that is the key word) all spoke to spoke packets are switched across the hub. In order for a spoke to learn about the true NBMA IP address of another spoke, the NHRP redirect message is used.

    So when a hub receives an IP packet inbound on its interface and switches it out of the same interface, it sends a special NHRP redirect message to the source indicating that this is a suboptimal path. It should look for a better way using NHRP resolution.

    ... Continue reading in our forum

  4. Hello Lagapides
    Thank you so much for your time. I got it now .
    Sovandara

  5. Thanks Laz - I’ve only ever known ethernet in my time as a network engineer so to imagine that something else can exist in it’s place at layer 2 is a strange concept for me! :open_mouth:

    I’ve since heard that home power line network can actually be used to shuttle ethernet frames around too… absolute madness! :wink:

40 more replies! Ask a question or join the discussion by visiting our Community Forum