Tags

, , , ,

This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations.  This is more of a Why?  What? Eh? type of post – hence the picture.  Here I will show how to use CDP for a routing protocol – yes, CDP.

Right from the Cisco kool-aid website: On-Demand Routing (ODR) is an enhancement to Cisco Discovery Protocol (CDP), a protocol used to discover other Cisco devices on either broadcast or non-broadcast media. With the help of CDP, it is possible to find the device type, the IP address, the Cisco IOS® version running on the neighbor Cisco device, the capabilities of the neighbor device, and so on. In Cisco IOS software release 11.2, ODR was added to CDP to advertise the connected IP prefix of a stub router via CDP. This feature takes an extra five bytes for each network or subnet, four bytes for the IP address, and one byte to advertise the subnet mask along with the IP. ODR is able to carry Variable Length Subnet Mask (VLSM) information.
.
In order to get this lab to work I had to tweak a few configs on the routers, namely I had to remove the 0/0 route I had pointing to the ISP and make it a more specific – 150.0.0.0/8 pointing to the “ISP” router as the next hop.  With ODR only a default route (0/0) is passed from the hub to the spokes, so no other default route can exist.

Quick note:  When I am posting the configurations for the sites I will only notate the routing protocol additions.  If you need information on DMVPN configuration, see my previous post.

Router/Switch Output
Commands
Notes
DMVPN Hub
First we need to add a more specific route.  We are adding the more specific first in order to prevent the tunnel from dropping.
Rach1DMVPN(config)# ip route 150.0.0.0 255.0.0.0 150.1.254.7
now we can remove the old default route
Rach1DMVPN(config)# no ip route 0.0.0.0 0.0.0.0 150.1.254.7
Since we are going to be using CDP for a routing protocol we should tune-down the timers.  The default timer of 60 seconds is probably a bit too long
Rach1DMVPN(config)# cdp timer 10
Now we can create the loopback interface
Rach1DMVPN(config)# interface Loopback0
Rach1DMVPN(config-if)# ip address 100.100.100.100 255.255.255.255
Since this is a NBMA network, we need to enable CDP on the tunnel interface
Rach1DMVPN(config)# interface Tunnel0
Rach1DMVPN(config-if)# cdp enable

Now before we configure ODR, we need to create an access-list to specify the networks we want to learn from the hub.  This needs to be done in order to prevent the outside interface from being learned over the tunnel
Rach1DMVPN(config-if)# access-list 123 permit ip any 192.168.11.0 0.0.0.255
Rach1DMVPN(config-if)# access-list 123 permit ip any host 3.3.3.3
Rach1DMVPN(config-if)# access-list 123 permit ip any host 4.4.4.4
Rach1DMVPN(config-if)# access-list 123 permit ip any host 5.5.5.5
Now we can configure ODR
Rach1DMVPN(config-if)# router odr
Rach1DMVPN(config-if)# network 192.168.11.0
And specifiy the distribute list
Rach1DMVPN(config-if)# distribute-list 123 in
Time for the spokes.
R3 first
Lets get that loopback created
Rach1R3(config)# interface Loopback0
Rach1R3(config-if)# ip address 3.3.3.3 255.255.255.255
And change that default rotue
Rach1R3(config)# ip route 150.0.0.0 255.0.0.0 150.1.13.13
Rach1R3(config)# no ip route 0.0.0.0 0.0.0.0 150.1.13.13
Lets tweak our CDP timers
Rach1R3(config)#  cdp timer 10
Now all we have to do is enable CDP on the tunnel interface.
Rach1R3(config)# interface Tunnel0
Rach1R3(config-if)# cdp enable 
No need for a router statement, CDP being enabled is all that is needed.
R4 time!
Lets get that loopback created
Rach1R4(config)# interface Loopback0
Rach1R4(config-if)# ip address 4.4.4.4 255.255.255.255
Now we can modify that default route
Rach1R4(config)# ip route 150.0.0.0 255.0.0.0 150.1.9.9
Rach1R4(config)# no ip route 0.0.0.0 0.0.0.0 150.1.9.9
Lets tweak our CDP timers
Rach1R4(config)# cdp timer 10
Now we can enabled CDP on the tunnel interface
Rach1R4(config)# interface Tunnel0
Rach1R4(config-if)# cdp enable

Again, no router command necessary – CDP will take care of everything.
Last up, R5
Create the loopback
Rach1R5(config)# interface Loopback0
Rach1R5(config-if)# ip address 5.5.5.5 255.255.255.255
Tweak our CDp timer
Rach1R5(config)# cdp timer 10
Modify the default route
Rack1R5(config)# ip route 150.0.0.0 255.0.0.0 150.1.10.10
Rack1R5(config)# no ip route 0.0.0.0 0.0.0.0 150.1.10.10
Now enable CDP
Rach1R5(config)# interface Tunnel0
Rach1R5(config-if)# cdp enable

Once again, no router command necessary.
And like that, ODR is configured.  Now we can look at the CDP neighbors on the DMVPN hub now
Rack1DMVPN#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
  Rack1R3          Tunnel0            171         R S I     3845      Tunnel0
  Rack1R4          Tunnel0            171         R S I     3845      Tunnel0
  Rack1R5          Tunnel0            175         R S I     3825      Tunnel0
  Rack1DMVPN#

There, we have full CDP neighbors on the DMVPN  hub router.

Lets Check R3, R4, and R5
R3
Rack1R3#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Rack1DMVPN       Tunnel0            174           R       7204VXR   Tunnel0
Rack1R3#

Rack1R4#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Rack1DMVPN       Tunnel0            170           R       7204VXR   Tunnel0
Rack1R4#
Rack1R5#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Rack1DMVPN       Tunnel0            177           R       7204VXR   Tunnel0
Rack1R5#
So the hub has all the spokes as CDP neighbors and the spokes only have the hub.  That is what we would expect to see.
Now we should look at the routing table on the DMVPN hub:
Rack1DMVPN#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set

100.0.0.0/32 is subnetted, 1 subnets
  C       100.100.100.100 is directly connected, Loopback0
  3.0.0.0/32 is subnetted, 1 subnets
  o       3.3.3.3 [160/1] via 192.168.11.3, 00:00:04, Tunnel0
  4.0.0.0/32 is subnetted, 1 subnets
  o       4.4.4.4 [160/1] via 192.168.11.4, 00:00:04, Tunnel0
  5.0.0.0/32 is subnetted, 1 subnets
  o       5.5.5.5 [160/1] via 192.168.11.5, 00:00:00, Tunnel0
  C    192.168.11.0/24 is directly connected, Tunnel0
  150.1.0.0/24 is subnetted, 1 subnets
  C       150.1.254.0 is directly connected, GigabitEthernet0/1
  S    150.0.0.0/8 [1/0] via 150.1.254.7
  Rack1DMVPN#

You will ntoice that all the routes are there and annotated with a small o to indicate ODR.
Now, lets look at the routing table on R3
Rack1R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is 192.168.11.1 to network 0.0.0.0
3.0.0.0/32 is subnetted, 1 subnets
  C       3.3.3.3 is directly connected, Loopback0
  C    192.168.11.0/24 is directly connected, Tunnel0
  150.1.0.0/24 is subnetted, 1 subnets
  C       150.1.13.0 is directly connected, GigabitEthernet0/1
  o*   0.0.0.0/0 [160/1] via 192.168.11.1, 00:00:06, Tunnel0
  S    150.0.0.0/8 [1/0] via 150.1.13.13
Rack1R3#

As you can see, there is a 0/0 route pointing to the DMVPN hub now – 192.168.11.1.  ODR will advertise a default route via cdp.
To see this you can enable debug cdp ip
Rack1R3#debug cdp ip
Rack1R3#
*Aug  5 14:45:50.718: CDP-IP: Reading default route 192.168.11.1 via Tunnel0
*Aug  5 14:45:50.718: CDP-IP: Updating default route 192.168.11.1 in routing table
Rack1R3#
*Aug  5 14:45:56.526: CDP-IP: Writing prefix 3.3.3.3/32
*Aug  5 14:45:56.526: CDP-IP: Writing prefix 150.1.13.0/24
Rack1R3#
From that debug you can see that we receive the default route from 192.168.11.1 via the Tunnel, we update our routing table.
Then we update our CDP packet and include prefix 3.3.3.3/32 and prefix 150.1.13.0/24.  That is why we need the distribute list on the ODR hub, to prevent the outside IP (150.1.x.x) from being recieved on the hub.

So, lets look at the DMVPN connections on R3
Rack1R3#sh dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding
UpDn Time –> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
—– ————— ————— —– ——– —–
1   150.1.254.254    192.168.11.1    UP 00:45:27     S
Rack1R3#
Only one mapping – just like we have traditionally seen.
Lets PING R4 loopback and R5 loopback.  You might notice that we do not have a specific route, but we do have the default.
Rack1R3#p 4.4.4.4 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms
Rack1R3#p 5.5.5.5 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Rack1R3#
Look at that, we have full connectivity.
So, what does the DMVPN mapping look like?
Rack1R3#sh dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding
UpDn Time –> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
—– ————— ————— —– ——– —–
1   150.1.254.254    192.168.11.1    UP 01:10:59     S
Rack1R3#
Just one connection – the hub.  This is because ODR only has a default pointing to the hub router, so all traffic flows through the hub router.

ODR is a curious protocol, that is for sure!