View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0002 - DMVPN Phase 3 - Hierarchy and Summarization

Rating: 
5
Average: 5 (3 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>

The video demonstrates another benefit of DMVPN Phase 3. We look at how DMVPN operates when a large network is partitioned into hierarchical regions for scalability and still maintain the capability of creating spoke-to-spoke tunnels. The video also points out some configuration pitfalls with the NHRP network id and tunnel key.

Topic includes
  • DMVPN Phase 3
  • DMVPN hierarchy and route summarization
  • DMVPN regional and central hubs
Notes:
  • For a Spoke-to-spoke tunnel to work in a hierarchical configuration, make sure:
  • All DMVPN domains (Regional and Central) use the same NHRP network id
  • All Regional domain GRE tunnel uses the same key number and Central domain uses a different number
  • Two spokes from different region, hence have IP from different subnet on the tunnel interface, can communicate successfully through a single hop because they essentially build a point-to-point tunnel and disregard the fact that source and destination IP are on different subnets.

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

8 comments

Are you using gns3 to create these labs? If you are can you also make the .net file available to download along with lab topology?

All of our labs are created on actual hardware. No GNS3. Sorry.. 


If you find our website helpful, please help support us by sharing our links, recommend website to friends, like our Facebook, subscribe our YouTube channel, follow us on Twitter

When following the video, all Spoke-to-Spoke traffic across Regions works as expected. However, Spoke to Central Hub, or Spoke to a different Region's Hub do not work. Initial pings work as the traffic traverses the network, but the fail once NHRP Mappings are established. In the Routing Table, you can see that the side that responded to the pings didn't update its Routing Table with the next-hop override. sh dmvpn shows that the NHRP Mappings were established correctly.

Any ideas as to how to fix this?

Were you able to resolve this? I have been battling with this for a while. I also added another spoke at the regional level hub and the problem is backwards, I can ping R1, R2 and R3, but the regional spokes are not accessible.

Are you using multiple NHRP network per video? If so, try to put everything in one NHRP network and make sure Spokes only point to regional hub, and regional hub only points  to Central hub.

I used the exact same config and I was able to figure out the problem. Is a 'tunnel key' mismatch when the spokes on the regional (ID 1) try to reach the main hub (ID 3). In order to resolve it, the tunnels on the regional hubs need to be separated on different source interfaces, so the tunnel key is either not required or use the same key.

Correct. The tunnel key need to be the same for NHRP to work properly. Thanks for the update.

I am having trouble getting SW1 in the topology to create an EIGRP relationship with the neighbors. Basically SW1 does not have any tunnels. Anyone encounter this? I am wondering if they have on the Routers:

router eigrp 1
no auto
pass def
no pass f0/0
no pass tu1
network 192.168.1.2 0.0.0.0
network 172.16.4.7 0.0.0.0