DMVPN routing with OSPF

Unanswered Question
Feb 7th, 2009
User Badges:

I am encounter with 1841(IOS 12.4) router using with ospf over mGRE.


We are using Hub to Spoke technology. We are using 2 Hubs(2621 router)(primary-ethernet and backup-ISDN).

We have 8 spoke sites using with 1721(router) currently.

I want to migrate to 1841 router to one of the spoke. I configured like as old 1721 settings on 1841 new router. I can reach only 6 spoke sites. unfortunately I can't reach to 1 spoke site.(We can reach all spoke site using with old 1721 router.)

I don't know why I can't reach to one of the spoke.

IOS version of 7 spoke sites are IOS12.2(4)YA2) and one is the IOS 12.2(15)T10)that i can't reach.

Is there any issue on different IOS version on DMVPN method. ( I read from cisco website they mention before 12.0 IOS and after 12.0 IOS can't work together)

Pls drop me to any suggestion.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 02/08/2009 - 00:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Han,

there is probably an issue at the NHRP level.

Implementation of NHRP has changed over time.

First of all verify with

sh ip route ospf

that the ip subnets associated to the client vlans of branch1 and branch8 are correctly installed in the routing table and take note of the next hop (it should be the 10.205.0.x)


Verify what happens when you try to reach from branch8 new router an internal LAN on branch1.

If you were using an IPSEC profile the dynamic spoke-to-spoke would be triggered by traffic between client Vlans.


commands to be used are:

sh ip nhrp

debug ip nhrp (or debug nhrp I don't remember exactly the syntax)


an example of NHRP activity can be found here


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml#debug')">http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml#debug


You can use these tools on the two branch routers to see what happen.


Probably the NHRP exchange fails somewhere.

Every branch has to talk NHRP with the hub, the hub should answer branch8:new router request to resolve branch1 logical address 10.205.0.2 to the public address.


I remember I've had problems trying to use a 12.2(15)T in a c7200 as hub: it couldn't act as an NHRP server correctly so also the version used on hub can play a role here.


Try to see also if branch1 can resolve branch8:newrouter



Hope to help

Giuseppe


hanlinaung Sun, 02/08/2009 - 02:05
User Badges:

Dear Giuseppe


I tried to sh ip route command on both branch8 routers.attached is sh ip route.rtf

sh ip ospf/nhrp attached is sh ip ospf.rtf

old router and hub's some of sh command attached is sh command.doc


I dont know where is the NHRP exchange fail on new router(branch8) to branch1 router.

sh ip nhrp(new router)--> I saw the flag:negative.

First, I saw other routers flag:negatie too. After time expire, new router can talk to the rest router except Branch1.


(Should I use to point to point tunnel from new router to Hub?)



Attachment: 
Giuseppe Larosa Sun, 02/08/2009 - 03:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Han,

I think an IOS upgrade on branch1 and on hub (this also may be necessary) can be a fix.


what IOS version is running on hub ?


can you upgrade branch1 IOS to the version running on the other 6 branch routers ?


try to use the debug commands they shouldn't be very heavy.

Be aware that NHRP communication happens between each spoke and the hub that acts as NHRP server. No direct communication in NHRP between spoke1 and spoke8 should happen.

For this reason it is possible that an IOS upgrade on hub can be a fix for your problem.

Try also to trigger NHRP resolution process (after enabling debug) trying to reach spoke1 client vlan1 from branch8 new router.


Hope to help

Giuseppe


hanlinaung Sun, 02/08/2009 - 07:23
User Badges:

Hello Giuseppe


Hub1 router is using IOS 12.2(13)T version and Hub2 router is using IOS 12.2(11)YT2 version.

I can't get permission for upgrade branch1 IOS. coz: this one is controlled by other vendor. Anyway I will tell them to this problem. Can I get the fully references for this problem.(like as other forum thread or different version IOS problem on DMVPN). May be I need force to tell them to upgrade branch1 IOS.

Do I need to upgrade IOS for Hub also?


Thanks & Regards,

han

Actions

This Discussion