Re: incorrect NBMA IP for NHRP endpoint

tato386 · ‎01-12-2018

I have a DMVPN that consists of roughly 2 dozen sites. I have a few endpoints that register their correct NBMA IP with the NHRP server but somehow that same endpoint shows a different/incorrect IP at the other endpoints.

In the example below, 172.30.2.40 has registered correctly with the NHRP server but the IP is incorrect or missing at other endpoints.

172.30.2.40/32 via 172.30.2.40, Tunnel2 created 1w1d, expire 00:00:42
Type: dynamic, Flags: unique nat registered used
NBMA address: 2.2.2.2 (correct NBMA from "sho ip nhrp" at NHRP server)

172.30.2.40/32 via 172.30.2.40
   Tunnel2 created 00:00:13, expire 00:02:51
   Type: dynamic, Flags: used temporary
   NBMA address: 1.1.1.1 (incorrect this happens to be NBMA of NHRP server itself)

172.30.2.40/32
   Tunnel2 created 00:00:20, expire 00:02:44
   Type: incomplete, Flags: negative
   Cache hits: 2 (no NBMA at all)

What can I do to troubleshoot this?

Thanks,

Diego

Georg Pauwen · ‎01-12-2018

Hello,

my first guess is that this has something to do with the hub being behind NAT (?)

Is this a permanent problem, that is, what happens when you clear the NHRP cache (clear ip nhrp) ?

Best to post the configurations of both the hub and one of the 'problem' spokes...

paul driver · ‎01-13-2018

Hello

Can you post your tunnel configuration of your NHS and NHC please

Sh run int tunnel xxx

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

tato386 · ‎01-14-2018

The problem spoke is working perfectly with the two hub sites and the hubs have the correct NBMA IP of the spoke. However the test spokes to do not have the correct NBMA of the problem spoke. This is weird because the test spokes should be getting the IP from the hubs which have the correct IP. In addition the test spokes have inconsistent info with one test spoke not having any IP at all for the problem spoke. The second test spoke has the NBMA of the primary hub as the NBMA of the problem spoke.

Thanks for the help.

Diego

interface Tunnel2
description Primary Hub
bandwidth 10000
ip address 172.30.2.14 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 100
ip nhrp authentication mGRE2
ip nhrp map multicast dynamic
ip nhrp network-id 172302
ip nhrp holdtime 60
ip tcp adjust-mss 1360
no ip split-horizon eigrp 100
delay 11
qos pre-classify
tunnel source 14.14.14.14
tunnel mode gre multipoint
tunnel key 172302
tunnel protection ipsec profile DMVPN shared
end
!
# sho ip nhrp
172.30.2.40/32 via 172.30.2.40, Tunnel2 created 1w3d, expire 00:00:57
Type: dynamic, Flags: unique nat registered used
NBMA address: 40.40.40.40

****************************************************************

interface Tunnel2
description Secondary Hub
bandwidth 10000
ip address 172.30.2.160 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 100
ip nhrp authentication mGRE2
ip nhrp map multicast dynamic
ip nhrp map 172.30.2.14 14.14.14.14
ip nhrp map multicast 14.14.14.14
ip nhrp network-id 172302
ip nhrp holdtime 60
ip nhrp nhs 172.30.2.14
ip tcp adjust-mss 1360
no ip split-horizon eigrp 100
delay 11
qos pre-classify
tunnel source 160.160.160.160
tunnel mode gre multipoint
tunnel key 172302
tunnel protection ipsec profile DMVPN shared
end
#
#sho ip nhrp
172.30.2.40/32 via 172.30.2.40
Tunnel2 created 3d22h, expire 00:00:54
Type: dynamic, Flags: unique registered
NBMA address: 40.40.40.40

**********************************************************
interface Tunnel2
description Test Spoke 1
bandwidth 10000
ip address 172.30.2.15 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication mGRE2
ip nhrp map 172.30.2.14 14.14.14.14
ip nhrp map multicast 14.14.14.14
ip nhrp map 172.30.2.160 160.160.160.160
ip nhrp map multicast 160.160.160.160
ip nhrp network-id 172302
ip nhrp holdtime 60
ip nhrp nhs 172.30.2.14
ip nhrp nhs 172.30.2.160
ip tcp adjust-mss 1360
delay 11
qos pre-classify
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 172302
tunnel protection ipsec profile DMVPN shared
end

#sho ip nhrp
172.30.2.40/32 via 172.30.2.40
Tunnel2 created 00:00:14, expire 00:02:50
Type: dynamic, Flags: used temporary
NBMA address: 14.14.14.14

*******************************************************

interface Tunnel2
description Test Spoke2
bandwidth 10000
ip address 172.30.2.162 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication mGRE2
ip nhrp map 172.30.2.14 14.14.14.14
ip nhrp map multicast 14.14.14.14
ip nhrp map 172.30.2.160 160.160.160
ip nhrp map multicast 160.160.160.160
ip nhrp network-id 172302
ip nhrp holdtime 60
ip nhrp nhs 172.30.2.14
ip nhrp nhs 172.30.2.160
ip tcp adjust-mss 1360
delay 11
qos pre-classify
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 172302
tunnel protection ipsec profile DMVPN shared
!
#sho ip nhrp
172.30.2.40/32
Tunnel2 created 00:00:19, expire 00:02:45
Type: incomplete, Flags: negative
Cache hits: 2

************************************************

interface Tunnel2
description Problem Spoke
bandwidth 5000
ip address 172.30.2.40 255.255.255.0
no ip redirects
ip mtu 1400
ip nat outside
ip nhrp authentication mGRE2
ip nhrp map 172.30.2.14 14.14.14.14
ip nhrp map multicast 14.14.14.14
ip nhrp map 172.30.2.160 160.160.160.160
ip nhrp map multicast 160.160.160.160
ip nhrp network-id 172302
ip nhrp holdtime 60
ip nhrp nhs 172.30.2.14
ip nhrp nhs 172.30.2.160
zone-member security INSIDE
ip tcp adjust-mss 1360
delay 11
qos pre-classify
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 172302
tunnel protection ipsec profile DMVPN shared
end
#
#sho ip nhrp
172.30.2.14/32 via 172.30.2.14
Tunnel20 created 8w4d, never expire
Type: static, Flags: used
NBMA address: 14.14.14.14
172.30.2.160/32 via 172.30.2.160
Tunnel20 created 8w4d, never expire
Type: static, Flags: used
NBMA address: 160.160.160.160