Tags

, , ,

This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations.  I will break out each protocol into a separate post in order to help keep things straight, putting them all together has the potential to get confusing (for both you and me!).   The routing protocol options I will document are OSPF, RIPv2, EIGRP, and BGP and   each has some unique features and quirks, so I will try and point them out where necessary.

Quick note:  When I am posting the configurations for the sites I will only notate the routing protocol additions.  If you need information on DMVPN configuration, see my previous post.

Router/Switch Output
Commands
Notes

OSPF

What one needs to keep in mind here is that mGRE is a non-broadcast multi-access network (NBMA) how OSPF works. In order for OSPF to operate properly, the DMVPN hub router must be the OSPF DR and all the other routers should not be allowed to be a DR/BDR.  The only way you could have a DR/BDR design if this was a multi-hub DMVPN network – and that is beyond the scope of this post (due to hardware limitation in my lab). Also, the mGRE tunnel on the hub router must be set to a OSPF broadcast network via the ip ospf network broadcast command.

So, let’s get on with the configuration – DMVPN Hub first.

First thing we will do is add a Loopback interface to the DMVPN hub router.
The reason we are doing this here, and every other router, is to give us something to route!

Rack1DMVPN(config)#int loopback 0

Rack1DMVPN(config-if)# ip address 100.100.100.100 255.255.255.255

Now onto the Tunnel interface.  Keep in mind I will only be notating the OSPF related commands.
Rack1DMVPN(config)#interface Tunnel 0

Rack1DMVPN(config-if)# ip address 192.168.11.1 255.255.255.0
I will notate the MTU.  This must be the same on all interfaces in order for OSPF to work.  Worst case, you might be able to use the ip ospf mt-ignore command.
Rack1DMVPN(config-if)# ip mtu 1400
You will need to configure NHRP mapping for Multicast traffic
Rack1DMVPN(config-if)# ip nhrp map multicast dynamic

Rack1DMVPN(config-if)# ip nhrp network-id 1
Rack1DMVPN(config-if)# ip nhrp holdtime 600
The hub should be configured as OSPF network-type broadcast
Rack1DMVPN(config-if)# ip ospf network broadcast

The OSPF hello timer should be modified to a longer interval.  The default of 10 seconds is a bit short for an internet based circuit
Rack1DMVPN(config-if)# ip ospf hello-interval 30
Set the OSPF priority high to make sure this is the DR
Rack1DMVPN(config-if)# ip ospf priority 255

Rack1DMVPN(config-if)# tunnel source GigabitEthernet0/1
Rack1DMVPN(config-if)# tunnel mode gre multipoint
Rack1DMVPN(config-if)#tunnel protection ipsec profile Labbing

Now we need to configure the OSPF routing process, here ID 1

Rack1DMVPN(config)#router ospf 1

Best practice is to hard-code the router-id, so here I am using the Tunnel interface.
Rack1DMVPN(config-router)# router-id 192.168.11.1
Now we can define the networks that we want to include in the OSPF process.
Cisco recommends that this network not be part of the backbone, but in a separate area.
Rack1DMVPN(config-router)# network 100.100.100.100 0.0.0.0 area 52
Rack1DMVPN(config-router)# network 192.168.11.0 0.0.0.255 area 52
And finally we should configure this area as an OSPF stub area.
Rack1DMVPN(config-router)#area 52 stub no-summary

Now for R3

First we can create Loopback 0 interface so we have something to advertise.
Rack1R3(config)# int loop0
Rack1R3(config-if)# ip address 3.3.3.3 255.255.255.255

Now onto the Tunnel configuration
Rack1R3(config)#int Tunnel0
Rack1R3(config-if)# ip address 192.168.11.3 255.255.255.0
Rack1R3(config-if)# no ip redirects
Rack1R3(config-if)# ip mtu 1400
Rack1R3(config-if)#ip nhrp map 192.168.11.1 150.1.254.254
Here we map out a multicast server – 150.1.254.254 (oustide IP of the DMVPN endpoint)
Rack1R3(config-if)# ip nhrp map multicast 150.1.254.254
Rack1R3(config-if)# ip nhrp network-id 1
Rack1R3(config-if)# ip nhrp holdtime 600
Rack1R3(config-if)# ip nhrp nhs 192.168.11.1
We set this network type to be non-broadcast
Rack1R3(config-if)# ip ospf network non-broadcast
Set the OSPF priority to 0 so the router never becomes a DR
Rack1R3(config-if)# ip ospf priority 0
Rack1R3(config-if)# tunnel source GigabitEthernet0/1
Rack1R3(config-if)# tunnel mode gre multipoint
Rack1R3(config-if)# tunnel protection ipsec profile Labbing

Now we can configure the OSPF Process.  Everything here is the same as the DMVPN hub for the most part.  Router ID and Networks are unique.
Rack1R3(config)#router ospf 1
Rack1R3(config-router)# router-id 192.168.11.3
Rack1R3(config- router)# network 3.3.3.3 0.0.0.0 area 52
Rack1R3(config- router)# network 192.168.11.0 0.0.0.255 area 52
Rack1R3(config- router)# area 52 stub no-summary

Next up, R4:

First we can create Loopback 0 interface so we have something to advertise.
Rack1R4(config)# int loop0
Rack1R4(config-if)# ip address 4.4.4.4 255.255.255.255

Now onto the Tunnel configuration
Rack1R4(config)#int Tunnel0
Rack1R4(config-if)# ip address 192.168.11.4 255.255.255.0
Rack1R4(config-if)# no ip redirects
Rack1R4(config-if)# ip mtu 1400
Rack1R4(config-if)#ip nhrp map 192.168.11.1 150.1.254.254
Rack1R4(config-if)# ip nhrp map multicast 150.1.254.254
Rack1R4(config-if)# ip nhrp network-id 1
Rack1R4(config-if)# ip nhrp holdtime 600
Rack1R4(config-if)# ip nhrp nhs 192.168.11.1
We set ths network type to be non-broadcast
Rack1R4(config-if)# ip ospf network non-broadcast
Set the OSPF priority to 0 so the router never becomes a DR
Rack1R4(config-if)# ip ospf priority 0
Rack1R4(config-if)# tunnel source GigabitEthernet0/1
Rack1R4(config-if)# tunnel mode gre multipoint
Rack1R4(config-if)# tunnel protection ipsec profile Labbing

Now we can configure the OSPF Process.  Everything here is the same as the DMVPN hub for the most part.  Router ID and Networks are unique.
Rack1R4(config)#router ospf 1
Rack1R4(config-router)# router-id 192.168.11.4
Rack1R4(config- router)# network 4.4.4.4 0.0.0.0 area 52
Rack1R4(config- router)# network 192.168.11.0 0.0.0.255 area 52
Rack1R4(config- router)# area 52 stub no-summary

And finally, R5:

First we can create Loopback 0 interface so we have something to advertise.
Rack1R5(config)# int loop0
Rack1R5(config-if)# ip address 5.5.5.5 255.255.255.255

Now onto the Tunnel configuration
Rack1R5(config)#int Tunnel0
Rack1R5(config-if)# ip address 192.168.11.5 255.255.255.0
Rack1R5(config-if)# no ip redirects
Rack1R5(config-if)# ip mtu 1400
Rack1R5(config-if)#ip nhrp map 192.168.11.1 150.1.254.254
Rack1R5(config-if)# ip nhrp map multicast 150.1.254.254
Rack1R5(config-if)# ip nhrp network-id 1
Rack1R5(config-if)# ip nhrp holdtime 600
Rack1R5(config-if)# ip nhrp nhs 192.168.11.1
We set ths network type to be non-broadcast
Rack1R5(config-if)# ip ospf network non-broadcast
Set the OSPF priority to 0 so the router never becomes a DR
Rack1R5(config-if)# ip ospf priority 0
Rack1R5(config-if)# tunnel source GigabitEthernet0/1
Rack1R5(config-if)# tunnel mode gre multipoint
Rack1R5(config-if)# tunnel protection ipsec profile Labbing

Now we can configure the OSPF Process.  Everything here is the same as the DMVPN hub for the most part.  Router ID and Networks are unique.
Rack1R5(config)#router ospf 1
Rack1R5(config-router)# router-id 192.168.11.5
Rack1R5(config- router)# network 5.5.5.5 0.0.0.0 area 52
Rack1R5(config- router)# network 192.168.11.0 0.0.0.255 area 52
Rack1R5(config- router)# area 52 stub no-summary

 

Now back to the DMVPN Hub.  Lets look at our OSPF neighbors:

Rack1DMVPN#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
  192.168.11.3      0   FULL/DROTHER    00:01:50    192.168.11.3    Tunnel0
  192.168.11.4      0   FULL/DROTHER    00:01:50    192.168.11.4    Tunnel0
  192.168.11.5      0   FULL/DROTHER    00:01:52    192.168.11.5    Tunnel0
  Rack1DMVPN#

Nice, we have neighbors.

Lets look at R4 OSPF neighbors:

Rack1R4#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
  192.168.11.1    255   FULL/DR         00:01:45    192.168.11.1    Tunnel0
  Rack1R4#

Just the Hub (the DR).  Just like it should be.

Lets check the routing table on R4:

Rack1R4#sh ip route
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
Gateway of last resort is 150.1.9.9 to network 0.0.0.0
     100.0.0.0/32 is subnetted, 1 subnets
  O       100.100.100.100 [110/1001] via 192.168.11.1, 01:31:27, Tunnel0
       3.0.0.0/32 is subnetted, 1 subnets
  O       3.3.3.3 [110/1001] via 192.168.11.3, 01:31:27, Tunnel0
       4.0.0.0/32 is subnetted, 1 subnets
  C       4.4.4.4 is directly connected, Loopback0
       5.0.0.0/32 is subnetted, 1 subnets
  O       5.5.5.5 [110/1001] via 192.168.11.5, 01:29:01, Tunnel0
  C    192.168.11.0/24 is directly connected,
       150.1.0.0/24 is subnetted, 1 subnets
  C       150.1.9.0 is directly connected, GigabitEthernet0/1
  S*   0.0.0.0/0 [1/0] via 150.1.9.9
  Rack1R4#

So, we see all the routes to the loopback addresses on the other routers.  Lets see if we can PING 3.3.3.3 and 5.5.5.5 from our loopback (4.4.4.4) address:
First though, we should check the DMVPN table and see who we are connected to:

Rack1R4#sh dmvpn
  Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
          N - NATed, L - Local, X - No Socket
          # Ent --> Number of NHRP entries with same NBMA peer
          NHS Status: E --> Expecting Replies, R --> Responding
          UpDn Time --> Up or Down Time for a Tunnel
  ==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
  Type:Spoke, NHRP Peers:21
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
   ----- --------------- --------------- ----- -------- -----
       1   150.1.254.254    192.168.11.1    UP 20:00:16     S
  Rack1R4#

Ok, just the HUB router.  Lets do that ping now.

Rack1R4#ping 3.3.3.3 so lo 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Rack1R4#ping 5.5.5.5 so lo 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Rack1R4#

Lets look at the DMVPN mappings now

Rack1R4#sh dmvpn
  Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
          N - NATed, L - Local, X - No Socket
          # Ent --> Number of NHRP entries with same NBMA peer
          NHS Status: E --> Expecting Replies, R --> Responding
          UpDn Time --> Up or Down Time for a Tunnel
  ==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
  Type:Spoke, NHRP Peers:3,
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
   ----- --------------- --------------- ----- -------- -----
       1   150.1.254.254    192.168.11.1    UP 20:01:03     S
       1      150.1.13.3    192.168.11.3    UP 00:00:51     D
       1      150.1.10.5    192.168.11.5    UP 00:00:02     D
Rack1R4#

There you go, the neighbors mapped out and we not have full connectivity!

 

Next up, EIGRP…

   Send article as PDF