DMVPN

2021-08-03 | No comments

DMVPN Phase 1:

R1配置:

R1_HUB#show run int tunnel 0 
Building configuration...

Current configuration : 219 bytes
!
interface Tunnel0
 ip address 172.168.123.1 255.255.255.0
 no ip redirects
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
end

R2 / R3 配置:

R2_spoke#show run int tunnel 0 
Building configuration...

Current configuration : 241 bytes
!
interface Tunnel0
 ip address 172.168.123.2 255.255.255.0
 ip nhrp map 172.168.123.1 10.1.14.1
 ip nhrp map multicast 10.1.14.1
 ip nhrp network-id 1
 ip nhrp nhs 172.168.123.1
 tunnel source Ethernet0/0
 tunnel destination 10.1.14.1
end

至此R1 和 R2, R1和R3 之间的tunnel就建立起来, DMVPN phase 1 Spoke 之间不会有直连的tunnel.

R1_HUB#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 10.1.24.2         172.168.123.2    UP     1w3d     D
     1 10.1.34.3         172.168.123.3    UP     1w3d     D

R1_HUB#show ip nhr
R1_HUB#show ip nhrp 
172.168.123.2/32 via 172.168.123.2
   Tunnel0 created 1w3d, expire 01:37:11
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 10.1.24.2 
172.168.123.3/32 via 172.168.123.3
   Tunnel0 created 1w3d, expire 01:55:34
   Type: dynamic, Flags: unique registered used nhop 
   NBMA address: 10.1.34.3

Spoke之间需要互相访问, 需要经过HUB, 所以在起路由协议后, 需要在HUB侧关闭水平分割,发布summary路由以减少spoke router的路由数量.

DMVPN Phase 1 一定要保证Hub端作为Spoke访问其他Spoke路由的下一跳,如果使用EIGRP需要在Hub端关闭水平分割;如果使用OSPF需要在Hub使用点到多点的网络接口类型;如果使用BGP建议使用eBGP。

R1_HUB(config)#int tu0
R1_HUB(config-if)#no ip split-horizon eigrp 1
R1_HUB(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.255.0
R1_HUB#show ip route  eigrp 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     192.168.0.0/16 is a summary, 00:01:04, Null0
D     192.168.2.0/24 [90/27008000] via 172.168.123.2, 1w3d, Tunnel0
D     192.168.3.0/24 [90/27008000] via 172.168.123.3, 1w3d, Tunnel0

R2_spoke#show ip route  eigrp 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     192.168.0.0/16 [90/27008000] via 172.168.123.1, 00:01:09, Tunnel0
R2_spoke#
R2_spoke#traceroute 192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.168.123.1 5 msec 5 msec 0 msec
  2 172.168.123.3 1 msec 1 msec *

DMVPN Phase 2:

Hub和Spoke都配置mGRE,这样Spoke可以自动建立到其他Spoke的隧道。

R2_spoke(config)#in tunnel 0 
R2_spoke(config-if)#no tunnel  destination 10.1.14.1
R2_spoke(config-if)#tunnel mode gre multipoint

如果使用EIGRP需要在Hub端不仅需要关闭水平分割,还要关闭下一跳自我(Disable next-hop-self);如果使用OSPF,需要使用broadcast的接口网络类型,同时要保证Hub端为DR,所有的Spoke端要配置端口priority为0;使用BGP的话,用iBGP或eBGP中的next-hop-unchanged。

R1_HUB(config)#int tunnel 0
R1_HUB(config-if)#no ip summary-address eigrp 1 192.168.0.0 255.255.0.0
R1_HUB(config-if)#no ip next-hop-self eigrp 1

运行DMVPN的阶段二以后,会发现阶段二的问题在于Hub端不能汇总,因为汇总后的路由下一跳在Hub上,那这样Spoke去往Spoke的话,首先会发包给Hub端,就又有了次优路径好增大了延迟。

R2_spoke# show ip route  eigrp  1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     192.168.1.0/24 [90/27008000] via 172.168.123.1, 00:01:29, Tunnel0
D     192.168.3.0/24 [90/28288000] via 172.168.123.3, 00:01:29, Tunnel0

R2_spoke#ping 192.168.3.3 source  192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/13/65 ms
R2_spoke#
R2_spoke#
R2_spoke#show dmvpn                          
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 10.1.14.1         172.168.123.1    UP 00:01:52     S
     1 10.1.34.3         172.168.123.3    UP 00:00:06     D

R2_spoke#
R2_spoke#trac
R2_spoke#traceroute 192.168.3.3 source  192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.168.123.3 0 msec 1 msec * 
R2_spoke#

DMVPN Phase 3:

在阶段三中同样有阶段二的功能,也就是支持Spoke到Spoke直接的隧道,但是并不是用路由协议来解决Spoke学到其他Spoke路由下一跳的问题,而是使用NHRP的重定向来解决。

当Spoke1要访问Spoke2的路由时,假如下一跳在Hub上,第一个包会发往Hub,Hub会转发这个数据包给Spoke2,同时会发送一个NHRP的重定向消息给Spoke1,Spoke1收到后,会储存重定向消息并向Spoke2发送NHRP query消息,Spoke2收到NHRP query会存储Spoke1的信息,Spoke1和Spoke2之间会自动建立隧道,后续的数据包会直接从Spoke1发往Spoke2,不经过Hub。

这样的优化的好处是Spoke学习到其他Spoke的路由下一跳不需要在Spoke上了,这样Hub就可以只发送汇总路由和默认路由给Spoke端,可以解决阶段二的可伸缩性问题。

在阶段三中运行路由协议时,不需要保留下一跳信息,EIGRP关闭水平分割就可以;OSPF运行P2MP的接口网络类型就可以,不需要broadcast了.

R1_HUB(config)#int tunnel 0
R1_HUB(config-if)#ip next-hop-self eigrp 1
R1_HUB(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.0.0
R1_HUB(config-if)#ip nhrp redirect 

R1_HUB#show run int tunnel 0 
Building configuration...

Current configuration : 289 bytes
!
interface Tunnel0
 ip address 172.168.123.1 255.255.255.0
 no ip redirects
 no ip split-horizon eigrp 1
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip nhrp redirect
 ip summary-address eigrp 1 192.168.0.0 255.255.0.0
 tunnel source Ethernet0/0
 tunnel mode gre multipoint

R2_spoke(config)#int tunnel 0
R2_spoke(config-if)#ip nhrp shortcut
R2_spoke#show run int tunnel 0 
Building configuration...

Current configuration : 274 bytes
!
interface Tunnel0
 ip address 172.168.123.2 255.255.255.0
 no ip redirects
 ip nhrp map 172.168.123.1 10.1.14.1
 ip nhrp map multicast 10.1.14.1
 ip nhrp network-id 1
 ip nhrp nhs 172.168.123.1
 ip nhrp shortcut
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
end
R2_spoke#show ip route  eigrp  1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     192.168.0.0/16 [90/27008000] via 172.168.123.1, 00:00:12, Tunnel0
R2_spoke#tr
R2_spoke#traceroute  192.168.3.3 so
R2_spoke#traceroute  192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.168.123.1 5 msec 5 msec 0 msec
  2 172.168.123.3 5 msec 6 msec * 
R2_spoke#show ip nhrp                              
172.168.123.1/32 via 172.168.123.1
   Tunnel0 created 00:01:08, never expire 
   Type: static, Flags: used 
   NBMA address: 10.1.14.1 
172.168.123.3/32 via 172.168.123.3
   Tunnel0 created 00:00:18, expire 01:59:41
   Type: dynamic, Flags: router used nhop rib 
   NBMA address: 10.1.34.3 
192.168.3.0/24 via 172.168.123.3
   Tunnel0 created 00:00:18, expire 01:59:41
   Type: dynamic, Flags: router rib 
   NBMA address: 10.1.34.3 
R2_spoke#traceroute  192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.168.123.3 1 msec 71 msec * 
R2_spoke#
R2_spoke#show dm
R2_spoke#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 10.1.14.1         172.168.123.1    UP 00:01:37     S
     2 10.1.34.3         172.168.123.3    UP 00:00:48   DT1
                         172.168.123.3    UP 00:00:48   DT1

总结

阶段一:Hub配置mGRE,Spoke端配置P2P GRE,Spoke到Spoke没有直接的隧道;

阶段二:Hub和Spoke端全部配置mGRE,使用路由协议的方法解决Spoke学到Spoke路由的下一跳问题;

阶段三:Hub和Spoke端全部配置mGRE,使用NHRP解决下一跳解析问题,这样Hub端可以汇总路由,解决了扩展性问题

OSPF的配置案例:

HUB1
R1#show run int tunnel 0 
Building configuration...

Current configuration : 301 bytes
!
interface Tunnel0
 ip address 10.1.1.1 255.255.255.0
 no ip redirects
 ip nhrp authentication xuxing
 ip nhrp map multicast dynamic
 ip nhrp map 10.1.1.2 26.1.1.2
 ip nhrp network-id 100
 ip nhrp redirect
 ip ospf network point-to-multipoint
 tunnel source 16.1.1.1
 tunnel mode gre multipoint
end

Spoke3

R3#show run int tunnel 0 
Building configuration...

Current configuration : 377 bytes
!
interface Tunnel0
 ip address 10.1.1.3 255.255.255.0
 no ip redirects
 ip nhrp authentication xuxing
 ip nhrp map multicast 16.1.1.1
 ip nhrp map 10.1.1.1 16.1.1.1
 ! ip nhrp map 10.1.1.2 26.1.1.2
 ip nhrp network-id 100
 ip nhrp nhs 10.1.1.1
 ! ip nhrp nhs 10.1.1.2
 ip nhrp shortcut
 ip ospf network point-to-multipoint
 tunnel source 36.1.1.3
 tunnel mode gre multipoint
end

R3#

           

No comments

Comments feed for this article

Reply

Your email address will not be published. Required fields are marked *