We had an interesting problem in one of our spokes in our DMVPN network.
The spoke is 2811, its process had been 98% with the process IP input taking 98%.
From netflow I saw a lot of directed broadcasts going through tun4 which is a dmvpn tunnel.
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/0 169.254.29.148 Tu4 169.254.255.255 11 0089 0089 9136
Fa0/0 169.254.220.230 Tu4 169.254.255.255 11 0089 0089 1935
Fa0/0 169.254.153.196 Tu4 169.254.255.255 11 0089 0089 14K
the 169.254.X.X address is the self configured windows address when a pc cannot get IP.
the tunnel configuration is like this and I am wondering if because of the "ip nhrp multicast" forwards all multicast and broadcast traffic over the tunnel.
Is this the case?
ip address X.X.X.X 255.255.252.0
no ip redirects
ip mtu 1400
ip flow ingress
ip nhrp authentication xxxxx
ip nhrp map A.A.A.A. B.B.B.B
ip nhrp map multicast B.B.B.B
ip nhrp network-id 100003
ip nhrp holdtime 600
ip nhrp nhs Y.Y.Y.Y
ip nhrp registration no-unique
ip nhrp shortcut
ip nhrp redirect
tunnel source Loopback4
tunnel mode gre multipoint
tunnel key 100003
tunnel protection ipsec profile backup