cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12646
Views
0
Helpful
10
Replies

DMVPN and OSPF

rtjensen4
Level 4
Level 4

Hi all,

I'm seeing stange behavior when trying to establish OSPF over DMVPN tunnel. This is a NEW DMVPN implementation, currently in my lab environment, but on the fast-track to being production...

On my "Hub" router, the OSPF relationship establishes, but then dies out right away when dead-interval is reached. Hub shows neighbor flapping:

Sep  9 08:45:49.227: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.247.1 on Tunnel0 from FULL to DOWN, Neighbor Down: Dead timer expired

I issued "debug ip ospf hello" on both sides of the link. My spoke is recieving the hello from the hub, and replying to it, but the hub is not recieving the hello back from the spoke.

Here's some sample output:

Spoke:

Sep  9 12:35:49.357: OSPF: Send hello to 224.0.0.5 area 2 on Tunnel0 from 172.168.110.2
Sep  9 12:36:00.889: OSPF: Rcv hello from 192.168.250.14 area 2 from Tunnel0 172.168.110.1
Sep  9 12:36:00.889: OSPF: End of hello processing
Sep  9 12:36:17.389: OSPF: Send hello to 224.0.0.5 area 2 on Tunnel0 from 172.168.110.2
Sep  9 12:36:30.053: OSPF: Rcv hello from 192.168.250.14 area 2 from Tunnel0 172.168.110.1
Sep  9 12:36:30.053: OSPF: Send immediate hello to nbr 192.168.250.14, src address 172.168.110.1, on Tunnel0
Sep  9 12:36:30.053: OSPF: Send hello to 172.168.110.1 area 2 on Tunnel0 from 172.168.110.2
Sep  9 12:36:30.053: OSPF: End of hello processing
Sep  9 12:36:30.057: OSPF: Rcv hello from 192.168.250.14 area 2 from Tunnel0 172.168.110.1
Sep  9 12:36:30.061: OSPF: End of hello processing
Sep  9 12:36:30.073: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.250.14 on Tunnel0 from LOADING to FULL, Loading Done

Hub (omitting hellos from other peers (2)):

Sep  9 08:27:37.647: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.247.1 on Tunnel0 from FULL to DOWN, Neighbor Down: Dead timer expired

Sep  9 08:27:40.322: OSPF: Rcv hello from 192.168.250.1 area 0 from FastEthernet0/0 192.168.101.2
Sep  9 08:27:40.322: OSPF: End of hello processing
Sep  9 08:27:52.745: OSPF: Send hello to 224.0.0.5 area 2 on Tunnel0 from 172.168.110.1
Sep  9 08:27:52.749: OSPF: Rcv hello from 192.168.247.1 area 2 from Tunnel0 172.168.110.2
Sep  9 08:27:52.749: OSPF: Send immediate hello to nbr 192.168.247.1, src address 172.168.110.2, on Tunnel0
Sep  9 08:27:52.749: OSPF: Send hello to 172.168.110.2 area 2 on Tunnel0 from 172.168.110.1
Sep  9 08:27:52.749: OSPF: End of hello processing
Sep  9 08:27:52.773: %OSPF-5-ADJCHG: Process 10, Nbr 192.168.247.1 on Tunnel0 from LOADING to FULL, Loading Done

Hub config:

interface Tunnel0
ip address 172.168.110.1 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication growdvpn
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
ip ospf network broadcast
ip ospf hello-interval 30
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile GreenDMVPN
end

router ospf 10
log-adjacency-changes
area 0 authentication message-digest
area 2 stub
redistribute static subnets
passive-interface FastEthernet0/1
network 172.168.110.0 0.0.0.255 area 2
network 192.168.101.0 0.0.0.255 area 0

Spoke:

interface Tunnel0
ip address 172.168.110.2 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication growdvpn
ip nhrp map 172.168.110.1 192.168.101.5
ip nhrp map multicast 172.168.110.1
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp nhs 172.168.110.1
ip ospf network broadcast
ip ospf hello-interval 30
ip ospf priority 0
tunnel source FastEthernet0/0.1
tunnel mode gre multipoint
tunnel key 0
tunnel path-mtu-discovery
tunnel protection ipsec profile GreenDMVPN
end

HOST1#sh run | b router ospf
router ospf 10
log-adjacency-changes
area 2 stub
network 172.168.110.0 0.0.0.255 area 2
!

My Hub has OSPF peering with my two core switches in Area 0. It looks like both sides of my VPN are configured properly.

Hub IOS: 12.4(24)T3 Adv. Ent Services

Spoke IOS: 12.4(24)T3 Adv. Ent Services

Please forgive my hastily created topology diagram... Any ideas?

2 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Rtjensen,

verify that you are not advertising public ip addresses over this OSPF process

I mean

192.168.101.5 how is it seen by spoke just after OSPF goes up on mGRE?

you need to have external IP addresses not advertised over the tunnel

Hope to help

Giuseppe

View solution in original post

David Salazar
Level 1
Level 1

Hi, rtjensen4.

first, I recommend to you follow a step-by-step procedure when you need to prove a configuration, as example:
    1) Configure DMVPN and later try of prove his stability. (show dmvpn detail, show ip nhrp, do pings).
    2) Configure OSPF and prove his stability. (show ip ospf neig det - to verify neighboring time's, show ip ospf interface - to verify andjacency)

I have configured DMVPN between 2 site with EIGRP and when I read you question on the community,  I was to proceed to configure OSPF "area 2" between the  two same sites and the  adjacency is done and it has stability.

Next  the output of the show commands:

MBO-RT-01#sh dmvpn  
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
    N - NATed, L - Local, X - No Socket
    # Ent --> Number of NHRP entries with same NBMA peer
    NHS Status: E --> Expecting Replies, R --> Responding
    UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel32768, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
     1   x.x.x.x  10.248.248.250    UP 17:18:38     D   --> The tunnel have 17 hours up
     1   x.x.x.x  10.248.248.251    UP 17:18:43     D

MBO-RT-01#

MBO-RT-01#sh ip ospf neighbor det tunn
MBO-RT-01#sh ip ospf neighbor det tunnel 32768
Neighbor 172.25.0.1, interface address 10.248.248.250
    In the area 2 via interface Tunnel32768
    Neighbor priority is 0, State is FULL, 6 state changes
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x12 in Hello (E-bit, L-bit)
    Options is 0x52 in DBD (E-bit, L-bit, O-bit)
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:36
    Neighbor is up for 00:32:04   ---->>>> (32 minutes of neighboring)
    Index 1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
MBO-RT-01#

MBO-RT-01#sh ip ospf neighbor               

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:41    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -        00:00:33    10.248.248.250  Tunnel32768      ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:32    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -       00:00:35    10.248.248.250  Tunnel32768  ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:59    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -        00:00:32    10.248.248.250  Tunnel32768   ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:56    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -       00:00:30    10.248.248.250  Tunnel32768  ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:55    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -        00:00:38    10.248.248.250  Tunnel32768    ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#

MBO-RT-01#sh ip ospf interface tunnel 32768
Tunnel32768 is up, line protocol is up
  Internet Address 10.248.248.249/29, Area 2
  Process ID 1, Router ID 192.168.164.1, Network Type POINT_TO_POINT, Cost: 195
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:01
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
   Adjacent with neighbor 172.25.0.1
  Suppress hello for 0 neighbor(s)
MBO-RT-01#

My configuration is:

HUB SITE

-------------

MBO-RT-01#sh run int tunnel 32768
Building configuration...

Current configuration : 829 bytes
!
interface Tunnel32768
description ### Interfaz de Conexion DMVPN - CPS HUB ###
bandwidth 512
ip address 10.248.248.249 255.255.255.248
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1600 1
ip hold-time eigrp 1600 3
no ip next-hop-self eigrp 1600
ip nhrp authentication NHRPCPSk
ip nhrp map multicast dynamic
ip nhrp map group NHRP-GROUP-CPS-BOG service-policy output PM-QoS-SHAPER-256K-CPS-BOG
ip nhrp map group NHRP-GROUP-CPS-MIAMI service-policy output PM-QoS-SHAPER-256K-CPS-MIAMI
ip nhrp network-id 900
ip nhrp holdtime 360
ip nhrp registration no-unique
ip virtual-reassembly
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1600
load-interval 30
delay 1000
tunnel source FastEthernet0/1.884
tunnel mode gre multipoint
tunnel key 990
tunnel protection ipsec profile IPsecPF-DMVPN-CPS-HUB
end

SPOKE SITE

-----------------

BOG-RT-01#sh run int tunnel 32768
Building configuration...

Current configuration : 745 bytes
!
interface Tunnel32768
description ### Interfaz de Conexion DMVPN - CPS Spoke ###
bandwidth 256
ip address 10.248.248.250 255.255.255.248
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1600 1
ip hold-time eigrp 1600 3
ip nhrp authentication NHRPCPSk
ip nhrp group NHRP-GROUP-CPS-BOG
ip nhrp map multicast x.x.x.x
ip nhrp map 10.248.248.249 x.x.x.x
ip nhrp network-id 900
ip nhrp holdtime 360
ip nhrp nhs 10.248.248.249
ip virtual-reassembly
ip tcp adjust-mss 1360
ip summary-address eigrp 1600 192.168.48.0 255.255.252.0 5
load-interval 30
delay 1000
qos pre-classify
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 990
tunnel protection ipsec profile IPsecPF-DMVPN-CPS-Spoke
end

BOG-RT-01#

I hope help you.

View solution in original post

10 Replies 10

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Rtjensen,

verify that you are not advertising public ip addresses over this OSPF process

I mean

192.168.101.5 how is it seen by spoke just after OSPF goes up on mGRE?

you need to have external IP addresses not advertised over the tunnel

Hope to help

Giuseppe

Here's the ospf database and show ip route on the "Spoke" router right after it comes up:

I have a static route on the "Spoke" to make sure it uses the LAN connection to get to 192.168.101.5.

HOST1#show ip ospf database

            OSPF Router with ID (192.168.247.1) (Process ID 10)

                Router Link States (Area 2)

Link ID         ADV Router      Age         Seq#       Checksum Link count
192.168.247.1   192.168.247.1   7           0x80000007 0x0037BD 1
192.168.250.14  192.168.250.14  12          0x8000008B 0x001C34 1

                Net Link States (Area 2)

Link ID         ADV Router      Age         Seq#       Checksum
172.168.110.1   192.168.250.14  12          0x80000001 0x00CA65

                Summary Net Link States (Area 2)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         192.168.250.14  971         0x80000023 0x003079
192.168.101.0   192.168.250.14  1499        0x80000021 0x0027B5
HOST1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.168.110.1 to network 0.0.0.0

S    192.168.59.0/24 [1/0] via 192.168.110.1
C    192.168.110.0/24 is directly connected, FastEthernet0/0.1
C    192.168.247.0/24 is directly connected, FastEthernet0/0.702
C    192.168.246.0/24 is directly connected, FastEthernet0/0.701
     172.168.0.0/24 is subnetted, 1 subnets
C       172.168.110.0 is directly connected, Tunnel0
S    172.18.0.0/16 [1/0] via 192.168.110.1
C    192.168.131.0/24 is directly connected, FastEthernet0/0.131
     10.0.0.0/22 is subnetted, 1 subnets
S       10.10.112.0 [1/0] via 172.168.110.1
C    192.168.3.0/24 is directly connected, FastEthernet0/0.700
S    192.168.101.0/24 [1/0] via 192.168.110.1
O*IA 0.0.0.0/0 [110/1001] via 172.168.110.1, 00:00:07, Tunnel0

HI Giuseppe,

On the spoke router, I changed the ospf router-id to be the IP of the tunnel interface (172.168.110.2) and the peering came up, was stable for about 3 min and then started to flap again. 4-5 minutes is much longer than it was working for previously.

David Salazar
Level 1
Level 1

Hi, rtjensen4.

first, I recommend to you follow a step-by-step procedure when you need to prove a configuration, as example:
    1) Configure DMVPN and later try of prove his stability. (show dmvpn detail, show ip nhrp, do pings).
    2) Configure OSPF and prove his stability. (show ip ospf neig det - to verify neighboring time's, show ip ospf interface - to verify andjacency)

I have configured DMVPN between 2 site with EIGRP and when I read you question on the community,  I was to proceed to configure OSPF "area 2" between the  two same sites and the  adjacency is done and it has stability.

Next  the output of the show commands:

MBO-RT-01#sh dmvpn  
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
    N - NATed, L - Local, X - No Socket
    # Ent --> Number of NHRP entries with same NBMA peer
    NHS Status: E --> Expecting Replies, R --> Responding
    UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel32768, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
     1   x.x.x.x  10.248.248.250    UP 17:18:38     D   --> The tunnel have 17 hours up
     1   x.x.x.x  10.248.248.251    UP 17:18:43     D

MBO-RT-01#

MBO-RT-01#sh ip ospf neighbor det tunn
MBO-RT-01#sh ip ospf neighbor det tunnel 32768
Neighbor 172.25.0.1, interface address 10.248.248.250
    In the area 2 via interface Tunnel32768
    Neighbor priority is 0, State is FULL, 6 state changes
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x12 in Hello (E-bit, L-bit)
    Options is 0x52 in DBD (E-bit, L-bit, O-bit)
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:36
    Neighbor is up for 00:32:04   ---->>>> (32 minutes of neighboring)
    Index 1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
MBO-RT-01#

MBO-RT-01#sh ip ospf neighbor               

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:41    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -        00:00:33    10.248.248.250  Tunnel32768      ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:32    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -       00:00:35    10.248.248.250  Tunnel32768  ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:59    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -        00:00:32    10.248.248.250  Tunnel32768   ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:56    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -       00:00:30    10.248.248.250  Tunnel32768  ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#
MBO-RT-01#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.167.1     1   FULL/DR         00:01:55    192.168.161.6   FastEthernet0/0.1
172.25.0.1        0   FULL/  -        00:00:38    10.248.248.250  Tunnel32768    ----> You can see the hello interval of 10 second
MBO-RT-01#
MBO-RT-01#

MBO-RT-01#sh ip ospf interface tunnel 32768
Tunnel32768 is up, line protocol is up
  Internet Address 10.248.248.249/29, Area 2
  Process ID 1, Router ID 192.168.164.1, Network Type POINT_TO_POINT, Cost: 195
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:01
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
   Adjacent with neighbor 172.25.0.1
  Suppress hello for 0 neighbor(s)
MBO-RT-01#

My configuration is:

HUB SITE

-------------

MBO-RT-01#sh run int tunnel 32768
Building configuration...

Current configuration : 829 bytes
!
interface Tunnel32768
description ### Interfaz de Conexion DMVPN - CPS HUB ###
bandwidth 512
ip address 10.248.248.249 255.255.255.248
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1600 1
ip hold-time eigrp 1600 3
no ip next-hop-self eigrp 1600
ip nhrp authentication NHRPCPSk
ip nhrp map multicast dynamic
ip nhrp map group NHRP-GROUP-CPS-BOG service-policy output PM-QoS-SHAPER-256K-CPS-BOG
ip nhrp map group NHRP-GROUP-CPS-MIAMI service-policy output PM-QoS-SHAPER-256K-CPS-MIAMI
ip nhrp network-id 900
ip nhrp holdtime 360
ip nhrp registration no-unique
ip virtual-reassembly
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1600
load-interval 30
delay 1000
tunnel source FastEthernet0/1.884
tunnel mode gre multipoint
tunnel key 990
tunnel protection ipsec profile IPsecPF-DMVPN-CPS-HUB
end

SPOKE SITE

-----------------

BOG-RT-01#sh run int tunnel 32768
Building configuration...

Current configuration : 745 bytes
!
interface Tunnel32768
description ### Interfaz de Conexion DMVPN - CPS Spoke ###
bandwidth 256
ip address 10.248.248.250 255.255.255.248
no ip redirects
ip mtu 1400
ip hello-interval eigrp 1600 1
ip hold-time eigrp 1600 3
ip nhrp authentication NHRPCPSk
ip nhrp group NHRP-GROUP-CPS-BOG
ip nhrp map multicast x.x.x.x
ip nhrp map 10.248.248.249 x.x.x.x
ip nhrp network-id 900
ip nhrp holdtime 360
ip nhrp nhs 10.248.248.249
ip virtual-reassembly
ip tcp adjust-mss 1360
ip summary-address eigrp 1600 192.168.48.0 255.255.252.0 5
load-interval 30
delay 1000
qos pre-classify
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 990
tunnel protection ipsec profile IPsecPF-DMVPN-CPS-Spoke
end

BOG-RT-01#

I hope help you.

THanks for the info. I have verified that DMVPN is stable (have 4 hours on DMVPN). It's OSPF that's not stable.

Spoke site recieves hellos and dead-timer resets when they're recieved. The Hub site however is not seeing the hello's sent by the spoke. I think it has to do with routes learned across the tunnel, but I don't see how. There are not any OSPF routes in my Spoke's routing table. Do the hello packets rely on the OSPF database for which interface to reply on?


Hi,

Can you try to use EIGRP? This is only to discard or insolate the problem.

Can you show me all the config of the routers on the lab?

I tried to use eigrp, but with no luck. The eigrp config on both sides was this:

router eigrp 90

passive-interface default

no passive-interface tu0

network 172.168.110.0

The Spoke router thought he brought up the neighbor, but the hub router never saw any hellos.

attached are the full configs for these two devices with OSPF configs:

spoke.txt

hub.txt

172.168.110.1 = HUB

172.168.110.2 = Spoke (Lab)

172.168.110.21 = Spoke (Prod. / Branch)

Hello Rtjensen,

notice that you are mapping multicast to internal address on spoke:

see David's config

ip nhrp map multicast x.x.x.x
ip nhrp map 10.248.248.249 x.x.x.x

see yours

ip nhrp map 172.168.110.1 192.168.101.5

ip nhrp map multicast 172.168.110.1

you should map multicast to public/external address 192.168.101.5

Hope to help

Giuseppe

OOOO, Ok. Good catch! I didn't notice that! Trying that now. Updates to come.

Ok, I think your observation was part of the solution.

I did as suggested and changed the IP on the ip nhpr map multicast command. OSPF still didn't cooperate. BUT I got another "Hint" as to the problem when I put the config on one of my production routers, I got this log message:

Sep 10 11:10:23.590: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 172.168.110.1 688D34E0 - looped chain attempting to stack

This goes back to your first suggestion... learning external IPs via the tunnel and creating a loop. I created a prefix-list on the spoke-router to deny that prefix:

ip prefix-list ospf-1 deny 192.168.101.0/24

ip prefix-list ospf-1 permit 0.0.0.0/0 le 32

router ospf 10

distribute-list prefi ospf-1 in tunnel0

This did the trick. My OSPF peers are up and stable across the DMVPN. I'm going to tinker around a bit more and see if there are any more gotchas involved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco