09-09-2010 03:07 AM - edited 03-04-2019 09:42 AM
Hi
I have been using p2p GRE tunnels to connect remote sites to head office for some time. These have allowed us to run OSPF and Multicast. I've started to get a little fed up of having to configure new tunnel interfaces every time we add a new site - and the need for fixed IP addresses. So I've been doing some testing with DMVPN using NHRP and mGRE.
I'm having a problem with the hub sending and receiving NHRP. For troubleshooting I have taken off all the crypto stuff.
HUB
! |
interface Tunnel248 |
description *** DMVPN over mGRE - Cloud 1 *** |
ip address 172.16.248.254 255.255.255.0 |
no ip redirects |
no ip proxy-arp |
ip mtu 1400 |
ip pim query-interval 10 |
ip pim sparse-dense-mode |
ip nhrp authentication secret |
ip nhrp map multicast dynamic |
ip nhrp network-id 123456 |
ip nhrp holdtime 600 |
ip tcp adjust-mss 1360 |
ip ospf network point-to-multipoint |
ip ospf hello-interval 3 |
ip ospf priority 254 |
qos pre-classify |
tunnel source FastEthernet0/0 |
tunnel mode gre multipoint |
tunnel path-mtu-discovery |
tunnel vrf INTERNET |
! |
! |
The import thing to note is that these mGRE tunnels are sourced from a VRF interface.
The spoke sites do not run any form of MPLS/VRFs and are configured:
! |
interface Tunnel248 |
description *** DMVPN over mGRE - Cloud 1 *** |
ip address 172.16.248.3 255.255.255.0 |
no ip redirects |
no ip proxy-arp |
ip mtu 1400 |
ip pim query-interval 10 |
ip pim sparse-dense-mode |
ip nhrp authentication secret |
ip nhrp map multicast 172.16.248.254 |
ip nhrp map 172.16.248.254 192.0.2.1 |
ip nhrp network-id 123456 |
ip nhrp nhs 172.16.248.254 |
ip nhrp holdtime 600 |
ip tcp adjust-mss 1360 |
ip ospf network point-to-point |
ip ospf hello-interval 3 |
ip ospf priority 0 |
qos pre-classify |
tunnel source Dialer1 |
tunnel destination 192.0.2.1 |
tunnel path-mtu-discovery |
! |
The spoke sites can ping the hub tunnel address of 172.16.248.254 and a show of the nhrp shows a static entry for the hub. The problem is the hub site can not ping any of the hosts and there are no dynamic nhrp entries. I have tried to debug nhrp and get the following encapsulation errors: Sep 9 2010 10:54:51.957 BST: NHRP: Encapsulation failed for destination 172.16.248.3 out Tunnel248 |
I had problems with IKE when setting up the p2p GRE not being sourced from the VRF interface and I had to change my crypto config to allow for this. I suspect I am having a similar problem here and the nhrp packets are being encapsulated from the global not the VRF.
I have read a lot of documentation of this working with the tunnel interface in a VRF being sourced from a global IP interface. I can not find any documentation of this working from a VRF interface.
Does anyone know if there is a way to tell nhrp with VRF to source the packets from?