02-22-2010 10:36 AM - edited 02-21-2020 04:30 PM
I have a dmvpn network setup between the hub router and 30+ spokes but when I do a traceroute from a device from behind a spoke the path is taking me through the hub to get to the other spoke. Is there anything in the config of the tunnel inteface on either the hub and or spoke(s) to allow this without going thru the hub? My spoke are running 12.4(22) T and are not behind any nat device and the hub is running 12.4(15)T and is behind a Cisco ASA 5510. So the hub is being natted thru the ASA. Is spoke to spoke communications possible without going thru the hub??
Message was edited by: David James
02-22-2010 10:50 AM
Hi David,
What routing protocol are you using over DMVPN?
Lei Tian
02-22-2010 10:56 AM
I am using eigrp.
02-22-2010 10:59 AM
Hi David,
Make sure you have no ip next-hop-self eigrp process_ID applied under tunnel interface.
HTH,
Lei Tian
02-22-2010 11:06 AM
02-22-2010 11:13 AM
Hi David,
Put that command under your hub's tunnel interface.
What happened is dy default your hub router will change the next-hop to itself, so that even the spoke router learned remote spoke tunnel interface via NHRP request, traffic will still pass your hub router. "no ip next-hop-self eigrp" can change that default behavior.
HTH,
Lei Tian
02-22-2010 11:15 AM
woops, thought you said "do not" ignore my previous posting.
02-22-2010 11:31 AM
Hi David,
Can you do some testing on your spoke router.
1, generate some traffic to another spoke router
2, do show ip eigrp to x.x.x.x x.x.x.x (the prefix advertise by remote spoke)
3, show ip nhrp brief
Thanks,
Lei Tian
02-22-2010 11:49 AM
what exactly am I looking for with the sh ip nhrp brief and sh ip eigrp?
02-22-2010 11:53 AM
Hi David,
What I am trying to see is whether the spoke router learns the same prefix from hub and remote spoke and does the spoke router get NHRP responds from NHS.
You can post the output here.
Thanks
Lei Tian
02-22-2010 12:15 PM
I did a tracert from a device behind one spoke to a device behind another spoke. Here are the results:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\akwh>TRACERT 172.16.25.2
Tracing route to 172.16.25.2 over a maximum of 30 hops
1 24 ms 1 ms 1 ms ak-rtr.piedmontplastics.com [172.16.104.1]
2 124 ms 125 ms 125 ms 10.10.254.1 (Tunnel interface of Hub)
3 164 ms 164 ms 151 ms 10.10.254.15(Tunnel interface of remote spoke)
4 165 ms 171 ms 160 ms 172.16.25.2
Trace complete.
C:\Documents and Settings\akwh>
ak-rtr#sh ip nhrp br
Target Via NBMA Mode Intfc Claimed
10.10.254.1/32 10.10.254.1 209.156.39.35 static Tu0 < >
10.10.254.15/32 10.10.254.15 209.156.39.35 dynamic Tu0 < >
10.10.254.36/32 10.10.254.36 209.156.39.35 dynamic Tu0 < >
128.1.0.0/32 10.10.254.1 209.156.39.35 dynamic Tu0 10.20.10.2
128.1.0.0/23 10.10.254.1 209.156.39.35 dynamic Tu0 10.20.10.2
128.1.4.12/32 128.1.4.12 209.156.39.35 dynamic Tu0 < >
02-22-2010 04:25 PM
Hi David,
From your outputs, it looks your spoke external ip is been natted. The HUB router reply spoke's NHRP registration request with it's own external IP.
10.10.254.15/32 10.10.254.15 209.156.39.35(this is hub's external IP) dynamic Tu0 < >
When you have one or both spoke routers behind NAT box, it can not form spoke to spoke tunnel. Currently spoke to spoke tunnel with NAT is not supported yet. See the link for detail explain
Hope clarify your quesion
HTH,
Lei Tian
02-22-2010 06:57 PM
My spokes are running 12.4(22)t and the hub is 12.4(15)t. The hub is
behind a cisco ASA. Is spoke to spoke doable?
Regards,
David James
Sent from my iPhone.
On Feb 22, 2010, at 7:27 PM, "letian"
02-22-2010 07:25 PM
Hi David,
Currently spoke to spoke with NAT is not supported on any IOS release.
You can check whether the spokes are been natted on hub router use command "show ip nhrp brief". The "Claimed" field is the pre-nat address NBMA field is the after-nat address.
HTH,
Lei Tian
02-23-2010 04:54 AM
So even if the spokes are not behind a nat device but the hub is, spoke to spoke traffic will always flow thru the hub?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide