This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations. I will break out each protocol into a separate post in order to help keep things straight, putting them all together has the potential to get confusing (for both you and me!). The routing protocol options I will document are OSPF, RIPv2, EIGRP, and BGP and each has some unique features and quirks, so I will try and point them out where necessary.
One of the joys of RIPv2 in a DMVPN network is Split-Horizon. Just a quick refersher on Split Horizon – it is the rule that prohibits a router from advertising a route through an interface that the router itself uses to reach the destination. This is done in order to prevent loops in the network, but with DMVPN we need to disable this feature via the no split-horizon command.
Quick note: When I am posting the configurations for the sites I will only notate the routing protocol additions. If you need information on DMVPN configuration, see my previous post.
Router/Switch Output
Commands
Notes
First up, the DMVPN hub.
First thing we need to do is create a Loopback interface so we have something to route!
Rack1DMVPN(config)# interface Loopback0
Rack1DMVPN(config-if)# ip address 100.100.100.100 255.255.255.255
Now, lets get the Tunnel interface setup
Rack1DMVPN(config )#interface Tunnel0
Rack1DMVPN(config-if)# ip address 192.168.11.1 255.255.255.0
Rack1DMVPN(config-if)# no ip redirects
Rack1DMVPN(config-if)# ip mtu 1400
Rack1DMVPN(config-if)# ip nhrp map multicast dynamic
Rack1DMVPN(config-if)# ip nhrp network-id 1
Rack1DMVPN(config-if)# ip nhrp holdtime 600
Rack1DMVPN(config-if)# ip virtual-reassembly
Remember we will need to disable Split Horizon on the hub
Rack1DMVPN(config-if)# no ip split-horizon
Rack1DMVPN(config-if)# tunnel source GigabitEthernet0/1
Rack1DMVPN(config-if)# tunnel mode gre multipoint
Rack1DMVPN(config-if)# tunnel key 100
Rack1DMVPN(config-if)# tunnel protection ipsec profile Labbing
And finally the RIP protocol
Rack1DMVPN(config)# router rip
Need to make sure we are using Version 2!
Rack1DMVPN(config-router)# version 2
Now we can define our networks
Rack1DMVPN(config-router)# network 100.0.0.0
Rack1DMVPN(config-router)# network 192.168.11.0
Rack1DMVPN(config-router)# no auto-summary
Now for R3
Let’s get that loopback created!
Rack1R3(config)# interface Loopback0
Rack1R3(config-if)# ip address 3.3.3.3 255.255.255.255
The only change for this is the multicast map address.
Rack1R3(config)# interface Tunnel0
Rack1R3(config-if)# ip address 192.168.11.3 255.255.255.0
Rack1R3(config-if)# no ip redirects
Rack1R3(config-if)# ip mtu 1400
Rack1R3(config-if)# ip nhrp map 192.168.11.1 150.1.254.254
We need to set the map for the multicast address to the outside IP address of the DMVPN hub
Rack1R3(config-if)# ip nhrp map multicast 150.1.254.254
Rack1R3(config-if)# ip nhrp network-id 1
Rack1R3(config-if)# ip nhrp holdtime 600
Rack1R3(config-if)# ip nhrp nhs 192.168.11.1
Rack1R3(config-if)# ip virtual-reassembly
Rack1R3(config-if)# tunnel source GigabitEthernet0/1
Rack1R3(config-if)# tunnel mode gre multipoint
Rack1R3(config-if)# tunnel key 100
Rack1R3(config-if)# tunnel protection ipsec profile Labbing
And finally the routing protocol
Rack1R3(config)# router rip
Rack1R3(config-router)# version 2
Rack1R3(config-router)# network 3.0.0.0
Rack1R3(config-router)# network 192.168.11.0
Rack1R3(config-router)# no auto-summary
Now for R4
First the loopback interface
Rack1R4(config)#interface Loopback0
Rack1R4(config-if)# ip address 4.4.4.4 255.255.255.255
And the tunnel interface
Rack1R4(config)# interface Tunnel0
Rack1R4(config-if)# ip address 192.168.11.4 255.255.255.0
Rack1R4(config-if)# no ip redirects
Rack1R4(config-if)# ip mtu 1400
Rack1R4(config-if)# ip nhrp map 192.168.11.1 150.1.254.254
Rack1R4(config-if)# ip nhrp map multicast 150.1.254.254
Rack1R4(config-if)# ip nhrp network-id 1
Rack1R4(config-if)# ip nhrp nhs 192.168.11.1
Rack1R4(config-if)# tunnel source GigabitEthernet0/1
Rack1R4(config-if)# tunnel mode gre multipoint
Rack1R4(config-if)# tunnel key 100
Rack1R4(config-if)# tunnel protection ipsec profile Labbing
And the RIP config
Rack1R4(config)#router rip
Rack1R4(config-router)# version 2
Rack1R4(config-router)# network 4.0.0.0
Rack1R4(config-router)# network 192.168.11.0
Rack1R4(config-router)# no auto-summary
And finally R5
First the loopback
Rack1R5(config)# interface Loopback0
Rack1R5(config-if)# ip address 5.5.5.5 255.255.255.255
Now the tunnel
Rack1R5(config)# interface Tunnel0
Rack1R5(config-if)# ip address 192.168.11.5 255.255.255.0
Rack1R5(config-if)# no ip redirects
Rack1R5(config-if)# ip mtu 1400
Rack1R5(config-if)# ip nhrp map 192.168.11.1 150.1.254.254
Rack1R5(config-if)# ip nhrp map multicast 150.1.254.254
Rack1R5(config-if)# ip nhrp network-id 1
Rack1R5(config-if)# ip nhrp holdtime 600
Rack1R5(config-if)# ip nhrp nhs 192.168.11.1
Rack1R5(config-if)# no ip route-cache cef
Rack1R5(config-if)# no ip route-cache
Rack1R5(config-if)# tunnel source GigabitEthernet0/1
Rack1R5(config-if)# tunnel mode gre multipoint
Rack1R5(config-if)# tunnel key 100
Rack1R5(config-if)# tunnel protection ipsec profile Labbing
Routing protocol
Rack1R5(config)# router rip
Rack1R5(config-router)# version 2
Rack1R5(config-router)# network 5.0.0.0
Rack1R5(config-router)# network 192.168.11.0
Rack1R5(config-router)# no auto-summary
Lets check the RIP database on the DMVPN hub
Rack1DMVPN#sh ip rip database
3.0.0.0/8 auto-summary
3.3.3.3/32
[1] via 192.168.11.3, 00:00:22, Tunnel0
4.0.0.0/8 auto-summary
4.4.4.4/32
[1] via 192.168.11.4, 00:00:20, Tunnel0
5.0.0.0/8 auto-summary
5.5.5.5/32
[1] via 192.168.11.5, 00:00:15, Tunnel0
100.0.0.0/8 auto-summary
100.100.100.100/32 directly connected, Loopback0
192.168.11.0/24 auto-summary
192.168.11.0/24 directly connected, Tunnel0
Rack1DMVPN#
Good – we see the database is populated with all the neighbor routers and appropriate hop counts [#]
Now, we should look at the routing table for good measures.
Rack1DMVPN#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 150.1.254.7 to network 0.0.0.0
100.0.0.0/32 is subnetted, 1 subnets
C 100.100.100.100 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
R 3.3.3.3 [120/1] via 192.168.11.3, 00:00:13, Tunnel0
4.0.0.0/32 is subnetted, 1 subnets
R 4.4.4.4 [120/1] via 192.168.11.4, 00:00:12, Tunnel0
5.0.0.0/32 is subnetted, 1 subnets
R 5.5.5.5 [120/1] via 192.168.11.5, 00:00:06, Tunnel0
C 192.168.11.0/24 is directly connected, Tunnel0
150.1.0.0/24 is subnetted, 1 subnets
C 150.1.254.0 is directly connected, GigabitEthernet0/1
S* 0.0.0.0/0 [1/0] via 150.1.254.7
Rack1DMVPN#
Looks good there!
Now lets look at the routing table on R3:
Rack1R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 150.1.13.13 to network 0.0.0.0
100.0.0.0/32 is subnetted, 1 subnets
R 100.100.100.100 [120/1] via 192.168.11.1, 00:00:14, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
R 4.4.4.4 [120/2] via 192.168.11.4, 00:00:14, Tunnel0
5.0.0.0/32 is subnetted, 1 subnets
R 5.5.5.5 [120/2] via 192.168.11.5, 00:00:14, Tunnel0
C 192.168.11.0/24 is directly connected, Tunnel0
150.1.0.0/24 is subnetted, 1 subnets
C 150.1.13.0 is directly connected, GigabitEthernet0/1
S* 0.0.0.0/0 [1/0] via 150.1.13.13
Rack1R3#
Yup, all the routes are there.
Now we can test – lets PING R4 and R5 loopbacks from R3
Rack1R3#ping 4.4.4.4 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
Rack1R3#ping 5.5.5.5 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Rack1R3#
There we go, we have full connectivity!
Next up, BGP!
DMVPN and Routing Protocols – RIP
05 Friday Aug 2011