Configuring DMVPN between Hub & Spokes
Configuring DMVPN between Hub & Spokes
⚡ Amazon Samsung Monitor Deals up to 40% off ⚡
DMVPN stands for Dynamic Multipoint Virtual Private Network. It's a technology used to create secure connections between multiple locations over the physical connections. DMVPN uses a hub-and-spoke model. This simplifies setup as you only need to configure the hubs (central sites) and spokes (remote sites) can connect automatically.
DMVPN is based on the NHRP and multipoint GRE tunnels. So let's talk about NHRP and multipoint GRE
As a result, DMVPN creates a distributed NHRP database of all spokes' tunnels mapped to IP addresses. Each spoke maintains a dynamic GRE/IPSEC tunnel to the hub but not to the other spokes. The spokes register as clients of the NHRP server.
Let's take a scenario where we have 1 hub location and 3 spoke location and all these connected over the DMVPN tunnels at overlay and connected with ISP with routing protocol underlay. All these sites are running EIGRP protocol internally.
⭐Related : Part 1: Basics about DMVPN
 |
| Fig 1.1- Configuring DMVPN between Hub & Spokes |
Let's see configuration related to the above topology
- GRE addresses : 172.16.1.0/24
- Hub Internal EIGRP Network : 192.168.1.0/24
- Site 1 Internal EIGRP Network : 192.168.2.0/24
- Site 2 Internal EIGRP Network : 192.168.3.0/24
- Site 3 Internal EIGRP Network : 192.168.4.0/24
- Tunnel Mode : GRE Multipoint
Configuration on the Hub Router R1 where interface Gi0/0 connected to the ISP router interface Gi0/3 and Hub Internal EIGRP Network : 192.168.1.0/24
R1>enable
R1#conf t
R1(config)#int Gi0/0
R1(config-if)#description ISP_connect_Hub
R1(config-if)#ip address 10.10.10.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#int tunnel 0
R1(config-if)#no sh
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#no ip redirects
R1(config-if)#ip mtu 1400
R1(config-if)#no ip next-hop-self eigrp 1
R1(config-if)#no ip split-horizon eigrp 1
R1(config-if)#ip nhrp authentication cisco
R1(config-if)#ip nhrp network-id 1
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#ip tcp adjust-mss 1360
R1(config-if)#tunnel source GigabitEthernet0/0
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#tunnel key NDNA
R1(config-if)#end
R1#conf t
R1(config)#router eigrp 1
R1(config-router)#network 192.168.1.0 0.0.0.255
R1(config-router)#network 172.16.1.0 0.0.0.255
R1(config-router)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.2
R1(config)#end
Configuration on the Site-1 Router R2, where interface Gi0/0 connected to the ISP router interface Gi0/1 and Site 1 Internal EIGRP Network : 192.168.2.0/24
R2>enable
R2#conf t
R2(config)#int Gi0/0
R2(config-if)#description ISP_connect_Site1
R2(config-if)#ip address 10.10.11.1 255.255.255.0
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#int tunnel 0
R2(config-if)#ip address 172.16.1.2 255.255.255.0
R2(config-if)#no ip redirects
R2(config-if)#ip mtu 1400
R2(config-if)#ip nhrp authentication cisco
R2(config-if)#ip nhrp map multicast 10.10.10.1
R2(config-if)#ip nhrp map 172.16.1.1 10.10.10.1
R2(config-if)#ip nhrp network-id 1
R2(config-if)#ip nhrp nhs 172.16.1.1
R2(config-if)#ip tcp adjust-mss 1460
R2(config-if)#tunnel source GigabitEthernet0/0
R2(config-if)#tunnel mode gre multipoint
R2(config-if)#tunnel key NDNA
R2#conf t
R2(config)#router eigrp 1
R2(config-router)#network 192.168.2.0 0.0.0.255
R2(config-router)#network 172.16.1.0 0.0.0.255
R2(config-router)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 10.10.11.2
R2(config)#end
Configuration on the Site-2 Router R3, where interface Gi0/0 connected to the ISP router interface Gi0/2 and Site 2 Internal EIGRP Network : 192.168.3.0/24
R3>enable
R3#conf t
R3(config)#int Gi0/0
R3(config-if)#description ISP_connect_Site2
R3(config-if)#ip address 10.10.12.1 255.255.255.0
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#int tunnel 0
R3(config-if)#ip address 172.16.1.3 255.255.255.0
R3(config-if)#no ip redirects
R3(config-if)#ip mtu 1400
R3(config-if)#ip nhrp authentication cisco
R3(config-if)#ip nhrp map multicast 10.10.10.1
R3(config-if)#ip nhrp map 172.16.1.1 10.10.10.1
R3(config-if)#ip nhrp network-id 1
R3(config-if)#ip nhrp nhs 172.16.1.1
R3(config-if)#ip tcp adjust-mss 1460
R3(config-if)#tunnel source GigabitEthernet0/0
R3(config-if)#tunnel mode gre multipoint
R3(config-if)#tunnel key NDNA
R3#conf t
R3(config)#router eigrp 1
R3(config-router)#network 192.168.3.0 0.0.0.255
R3(config-router)#network 172.16.1.0 0.0.0.255
R3(config-router)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 10.10.12.2
R3(config)#end
Configuration on the Site-3 Router R4, where interface Gi0/0 connected to the ISP router interface Gi0/3 and Site 3 Internal EIGRP Network : 192.168.4.0/24
R4>enable
R4#conf t
R4(config)#int Gi0/0
R4(config-if)#description ISP_connect_Site3
R4(config-if)#ip address 10.10.13.1 255.255.255.0
R4(config-if)#no sh
R4(config-if)#exit
R4(config)#int tunnel 0
R4(config-if)#ip address 172.16.1.4 255.255.255.0
R4(config-if)#no ip redirects
R4(config-if)#ip mtu 1400
R4(config-if)#ip nhrp authentication cisco
R4(config-if)#ip nhrp map multicast 10.10.10.1
R4(config-if)#ip nhrp map 172.16.1.1 10.10.10.1
R4(config-if)#ip nhrp network-id 1
R4(config-if)#ip nhrp nhs 172.16.1.1
R4(config-if)#ip tcp adjust-mss 1460
R4(config-if)#tunnel source GigabitEthernet0/0
R4(config-if)#tunnel mode gre multipoint
R4(config-if)#tunnel key NDNA
R4#conf t
R4(config)#router eigrp 1
R4(config-router)#network 192.168.4.0 0.0.0.255
R4(config-router)#network 172.16.1.0 0.0.0.255
R4(config-router)#exit
R4(config)#ip route 0.0.0.0 0.0.0.0 10.10.13.2
R4(config)#end
Verifying DMVPN tunnel status from Hub Location on Router R1 and you will see the below output from router R1.
R1#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
Tl - Route Installed, T2 - Nexthop-override
C- CTS Capable, I2 - Temporary
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type: Hub, NHRP Peers:3,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.10.11.1 172.16.1.2 UP 00:13:21 D
1 10.10.12.1 172.16.1.3 UP 00:14:11 D
1 10.10.13.1 172.16.1.4 UP 00:17:33 D
Verifying "ip nhrp" status from Hub Location on Router R1 and you will see the below output from router R1.
R1# sh ip nhrp
172.16.1.2/32 via 172.16.1.2
Tunnel0 created 00:13:57, expire 00:08:22
Type: dynamic, Flags: registered nhop
NBMA address: 10.10.11.1
172.16.1.3/32 via 172.16.1.3
Tunnel0 created 00:15:58, expire 00:08:23
Type: dynamic, Flags: registered nhop
NBMA address: 10.10.12.1
172.16.1.4/32 via 172.16.1.4
Tunnel0 created 00:18:25, expire 00:08:25
Type: dynamic, Flags: registered nhop
NBMA address: 10.10.13.1
Continue Reading...
- OSPF Show Commands on Cisco, Juniper, Huawei, HP and Arista Networks devices
- How to Optimize Your MPLS VPN with OSPF Sham-Link
- OSPF protocol : OSPF Packet Types
- OSPF NSSA Area introduction and Configuration
- Facts about DR and BDR selection in OSPF
- OSPF and BGP configuration setup on a vEdge Router
- OSPF Configuration Guide : OSPF Distance External Command Behavior
- A quick difference: OSPF Vs IS-IS Dynamic Routing Protocol
- Routing: Configuration OSPF To Filter Type-5 LSAs
Many More...
- Introduction to OSPFv3 AS External LSA Route Calculation
- Differences between OSPFv3 and OSPFv2
- OSPF Over non-Broadcast Networks ( NBMA) basics and Configuration
- OSPF Configurations in Huawei Routers
- Quick tips to OSPF Routing Protocol for Network Engineers
- OSPF Basic configuration Step by step on Cisco Routers
- OSPF Basics : Simple points to study
- OSPF prefix-suppression- Configurations and Verification
- OSPF LSA-ID Conflict : %OSPF-4-CONFLICTING_LSAID
- Cisco IOS-XE: OSPF stuck in INIT - LLS TLV
- Configure Redistribution of iBGP Routes Into OSPF
- Cisco and Juniper Routers : OSPF point to multipoint configurations
Free Tools...
