The Journey of a Network Engineer

Aug 18 2013   12:15AM GMT

How to configure Cisco DMVPN? Part-1

Sulaiman Syed Profile: Sulaiman Syed

Configuring Site-to-Site VPN although straight forward, but it fails to scale. just imagine how many tunnels should be created to connected to 10 sites, specially if inter-site communication is desired. A better solution for interconnecting multiple sites, is the use of Dynamic Multipoint Virtual Private Network (DMVPN).

DMVPN relays on Next Hop Resolution Protocol (NHRP), something very similar to the use of Reverse-ARP in Frame-relay networks. The protection of the traffic can be done using the IPsec tunnel.

DMVPN usese Hub and spoke topology, for that. we have chosen CE1 as the HUB, while routers CE2, CE3, and CE4 are the Spokes. Note the CE routers will always take the higher IP from the subnet. so PE3-CE4 the IP used by CE4 is 10.0.0.26. We also have added the Loopback interfaces to test the connectivity among the CEs.
DMVPN Network photo diagram_zpse823e5d5.png

Network Diagram: DMVPN Topology

At the provider network we are running OSPF, while the CEs will use EIGRP to communicate with each other. Lets configure the Hup Tunnel Interface:

interface Tunnel1

ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nhrp authentication CISCO                                    \\ Authentication
ip nhrp map multicast dynamic                                 \\ dynamic mapping for the spokes IP
ip nhrp network-id 10                                                     \\ Group number Unique among the Hub-Spokes
no ip split-horizon eigrp 10                                          \\ we would like to have direct spoke to spoke traffic.
tunnel source FastEthernet0/0
tunnel mode gre multipoint

Hup configurations are straight forward. Define the Tunnel, IP address. Use the WAN IP as the source. No destrination, as this is Multipoint GRE. the no ip split-horizon is required as we want to advertise the routes received from that interface to the other spokes. this is something similar to frame-relay using multipoint interfaces.

The spoke tunnel interface will have a similar configuration, but there are added commands.

interface Tunnel1
ip address 192.168.1.4 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 10.0.0.14                         \\ static mapping the tunnel IP of Hub to the WAN IP.
ip nhrp map multicast 10.0.0.14                              \\ Defining the nhrp as multicast.
ip nhrp map multicast 10.0.0.22                              \\ Defining the nhrp as multicast, CE3.
ip nhrp network-id 10
ip nhrp nhs 192.168.1.1
tunnel source FastEthernet0/1
tunnel mode gre multipoint

First, we need to give static mapping for Hub Tunnel interface and the WAN IP. Second, we see the multicast for the WAN IPs. this is essential so that the router treats these mapping as multicast. So Routing protocol traffic can be sent to these mappings. Remember that Router protocols use multicast to communicate among themselves.

What happens if we just map to the Hub? All traffic will first go to Hub before going to other spokes. So we would be wasting WAN bandwidth. But by defining other routers mapping. We enable the traffic to go directly to between the spokes without going to the Hub.

In this example, i have made CE3 ip address, thus i made sure that CE3, and CE4 will have direct route information. while CE4 will traverse the Hub to reach to CE2.

The complete CE1 Hub configurations.

interface Tunnel1
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp network-id 10
no ip split-horizon eigrp 10
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 10.0.0.14 255.255.255.252
speed 100
full-duplex
!
router eigrp 10
network 100.0.0.0
network 192.168.1.0
no auto-summary
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0

The complete CE4 spoke configuration.

interface Tunnel1
ip address 192.168.1.4 255.255.255.0
no ip redirects
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 10.0.0.14
ip nhrp map multicast 10.0.0.14
ip nhrp map multicast 10.0.0.22
ip nhrp network-id 10
ip nhrp nhs 192.168.1.1
tunnel source FastEthernet0/1
tunnel mode gre multipoint
!
interface FastEthernet0/1
ip address 10.0.0.26 255.255.255.252
speed 100
full-duplex
!
router eigrp 10
network 100.0.0.0
network 192.168.1.0
no auto-summary
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0

I would recommend to test the configurations without the nhrp map 10.0.0.22, as this would let you see how the traffic is going between routers.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: