I have a little confustion about DMVPN phase 2, In Phase 2 you can enable 2 spokes to communicate directly to each other...Ok fine BUT We have the same Physical Topology i.e The Hub and Spoke Topology, So we still have to pass through the Hub right? so whats the point in using the Phase 2 then ?? and how come it reduces burden on the HUB? it still does have to proccess all the packets b/w the 2 Spokes.!
In phase 1, spoke can only setup protected tunnel with hub, so the traffic between spokes will be directed to hub to decryption, then be delivered to destination spoke by encryption again.
In phase 2, two spoke can dynamically setup protected tunnel between them, so the traffic between them will be delivered to hub by encryption to hub when each spoke has only physical connection with hub, however the hub don't need to decode this encrypted packet, it just forward this packet as other ip packet.
In most of DMVPN deployment scenarios, both hub and spoke are connected to internet, so the scenario you mentioned is very rare.
Very well said sir, I had exactly the same thing in mind, actually iam dealing this kind of a project so needed to know what the clients are trying to acomplish,
And another issue is that they are also using # ip nhrp Shortcut on spokes, They have a HUB and spoke toplogy over the MPLS cloud, i think this is phase 3 DMVPN, but can you explain why this command is there & what does it do?
Using phase 2, spoke needs to communicate once with the Hub router to get nhrp record for the spoke it would like to communicate to. If you perform a traceroute between the spokes with phase 1 and phase 2 you will see the difference between the packetflows.
If you have static IPs on all routers, you can map nhrp records on all hosts and have no hub topology with full-mesh.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...