cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1612
Views
0
Helpful
23
Replies

Spoke to spoke traffic in DMVPN ph 2

DJames
Level 1
Level 1

I have a dmvpn network setup between the hub router and 30+ spokes but when I do a traceroute from a device from behind a spoke the path is taking me through the hub to get to the other spoke.  Is there anything in the config of the tunnel inteface on either the hub and or spoke(s) to allow this without going thru the hub?  My spoke are running 12.4(22) T and are not behind any nat device and the hub is running 12.4(15)T and is behind a Cisco ASA 5510. So the hub is being natted thru the ASA.  Is spoke to spoke communications possible without going thru the hub??

Message was edited by: David James

23 Replies 23

Lei Tian
Cisco Employee
Cisco Employee

Hi David,

What routing protocol are you using over DMVPN?

Lei Tian

I am using eigrp.

Hi David,

Make sure you have no ip next-hop-self eigrp process_ID applied under tunnel interface.

HTH,

Lei Tian

I do have no  ip next-hop-self eigrp process_ID on the tunnel interface on the hub

Hi David,

Put that command under your hub's tunnel interface.

What happened is dy default your hub router will change the next-hop to itself, so that even the spoke router learned remote spoke tunnel interface via NHRP request, traffic will still pass your hub router. "no ip next-hop-self eigrp" can change that default behavior.

HTH,

Lei Tian

woops, thought you said "do not" ignore my previous posting.

Hi David,

Can you do some testing on your spoke router.

1, generate some traffic to another spoke router

2, do show ip eigrp to x.x.x.x x.x.x.x (the prefix advertise by remote spoke)

3, show ip nhrp brief

Thanks,

Lei Tian

what exactly am I looking for with the sh ip nhrp brief and sh ip eigrp?

Hi David,

What I am trying to see is whether the spoke router learns the same prefix from hub and remote spoke and does the spoke router get NHRP responds from NHS.

You can post the output here.

Thanks

Lei Tian

I did a tracert from a device behind one spoke to a device behind another spoke.  Here are the results:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\akwh>TRACERT 172.16.25.2

Tracing route to 172.16.25.2 over a maximum of 30 hops

  1    24 ms     1 ms     1 ms  ak-rtr.piedmontplastics.com [172.16.104.1]
  2   124 ms   125 ms   125 ms  10.10.254.1 (Tunnel interface of Hub)
  3   164 ms   164 ms   151 ms  10.10.254.15(Tunnel interface of remote spoke)
  4   165 ms   171 ms   160 ms  172.16.25.2

Trace complete.

C:\Documents and Settings\akwh>

ak-rtr#sh ip nhrp br
   Target             Via            NBMA           Mode   Intfc   Claimed
10.10.254.1/32       10.10.254.1     209.156.39.35   static   Tu0     <   >
10.10.254.15/32      10.10.254.15    209.156.39.35   dynamic  Tu0     <   >
10.10.254.36/32      10.10.254.36    209.156.39.35   dynamic  Tu0     <   >
128.1.0.0/32         10.10.254.1     209.156.39.35   dynamic  Tu0     10.20.10.2
128.1.0.0/23         10.10.254.1     209.156.39.35   dynamic  Tu0     10.20.10.2
128.1.4.12/32        128.1.4.12      209.156.39.35   dynamic  Tu0     <   >

Hi David,

From your outputs, it looks your spoke external ip is been natted. The HUB router reply spoke's NHRP registration request with it's own external IP.

10.10.254.15/32      10.10.254.15    209.156.39.35(this is hub's external IP)   dynamic  Tu0     <   >

When you have one or both spoke routers behind NAT box, it can not form spoke to spoke tunnel. Currently spoke to spoke tunnel with NAT is not supported yet. See the link for detail explain

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/dmvpn_dt_spokes_b_nat_ps10591_TSD_Products_Configuration_Guide_Chapter.html

Hope clarify your quesion

HTH,

Lei Tian

My spokes are running 12.4(22)t and the hub is 12.4(15)t. The hub is

behind a cisco ASA. Is spoke to spoke doable?

Regards,

David James

Sent from my iPhone.

On Feb 22, 2010, at 7:27 PM, "letian"

Hi David,

Currently spoke to spoke with NAT is not supported on any IOS release.

You can check whether the spokes are been natted on hub router use command "show ip nhrp brief". The "Claimed" field is the pre-nat address NBMA field is the after-nat address.

HTH,

Lei Tian

So even if the spokes are not behind a nat device but the hub is, spoke to spoke traffic will always flow thru the hub?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: