DMVPN Phase 1: #
R1 配置:
R1_HUB#show run int tunnel 0
Building configuration...
Current configuration : 219 bytes
!
interface Tunnel0
ip address 172.168.123.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source Ethernet0/0
tunnel mode gre multipoint
end
R2 / R3 配置:
R2_spoke#show run int tunnel 0
Building configuration...
Current configuration : 241 bytes
!
interface Tunnel0
ip address 172.168.123.2 255.255.255.0
ip nhrp map 172.168.123.1 10.1.14.1
ip nhrp map multicast 10.1.14.1
ip nhrp network-id 1
ip nhrp nhs 172.168.123.1
tunnel source Ethernet0/0
tunnel destination 10.1.14.1
end
至此 R1 和 R2, R1 和 R3 之间的 tunnel 就建立起来, DMVPN phase 1 Spoke 之间不会有直连的 tunnel.
R1_HUB#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.1.24.2 172.168.123.2 UP 1w3d D
1 10.1.34.3 172.168.123.3 UP 1w3d D
R1_HUB#show ip nhr
R1_HUB#show ip nhrp
172.168.123.2/32 via 172.168.123.2
Tunnel0 created 1w3d, expire 01:37:11
Type: dynamic, Flags: unique registered used nhop
NBMA address: 10.1.24.2
172.168.123.3/32 via 172.168.123.3
Tunnel0 created 1w3d, expire 01:55:34
Type: dynamic, Flags: unique registered used nhop
NBMA address: 10.1.34.3
Spoke 之间需要互相访问, 需要经过 HUB, 所以在起路由协议后, 需要在 HUB 侧关闭水平分割,发布 summary 路由以减少 spoke router 的路由数量.
DMVPN Phase 1 一定要保证 Hub 端作为 Spoke 访问其他 Spoke 路由的下一跳,如果使用 EIGRP 需要在 Hub 端关闭水平分割;如果使用 OSPF 需要在 Hub 使用点到多点的网络接口类型;如果使用 BGP 建议使用 eBGP。
R1_HUB(config)#int tu0
R1_HUB(config-if)#no ip split-horizon eigrp 1
R1_HUB(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.255.0
R1_HUB#show ip route eigrp 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
D 192.168.0.0/16 is a summary, 00:01:04, Null0
D 192.168.2.0/24 [90/27008000] via 172.168.123.2, 1w3d, Tunnel0
D 192.168.3.0/24 [90/27008000] via 172.168.123.3, 1w3d, Tunnel0
R2_spoke#show ip route eigrp 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
D 192.168.0.0/16 [90/27008000] via 172.168.123.1, 00:01:09, Tunnel0
R2_spoke#
R2_spoke#traceroute 192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 172.168.123.1 5 msec 5 msec 0 msec
2 172.168.123.3 1 msec 1 msec *
DMVPN Phase 2: #
Hub 和 Spoke 都配置 mGRE,这样 Spoke 可以自动建立到其他 Spoke 的隧道。
R2_spoke(config)#in tunnel 0
R2_spoke(config-if)#no tunnel destination 10.1.14.1
R2_spoke(config-if)#tunnel mode gre multipoint
如果使用 EIGRP 需要在 Hub 端不仅需要关闭水平分割,还要关闭下一跳自我(Disable next-hop-self);如果使用 OSPF,需要使用 broadcast 的接口网络类型,同时要保证 Hub 端为 DR,所有的 Spoke 端要配置端口 priority 为 0;使用 BGP 的话,用 iBGP 或 eBGP 中的 next-hop-unchanged。
R1_HUB(config)#int tunnel 0
R1_HUB(config-if)#no ip summary-address eigrp 1 192.168.0.0 255.255.0.0
R1_HUB(config-if)#no ip next-hop-self eigrp 1
运行 DMVPN 的阶段二以后,会发现阶段二的问题在于 Hub 端不能汇总,因为汇总后的路由下一跳在 Hub 上,那这样 Spoke 去往 Spoke 的话,首先会发包给 Hub 端,就又有了次优路径好增大了延迟。
R2_spoke# show ip route eigrp 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
D 192.168.1.0/24 [90/27008000] via 172.168.123.1, 00:01:29, Tunnel0
D 192.168.3.0/24 [90/28288000] via 172.168.123.3, 00:01:29, Tunnel0
R2_spoke#ping 192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/13/65 ms
R2_spoke#
R2_spoke#
R2_spoke#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.1.14.1 172.168.123.1 UP 00:01:52 S
1 10.1.34.3 172.168.123.3 UP 00:00:06 D
R2_spoke#
R2_spoke#trac
R2_spoke#traceroute 192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 172.168.123.3 0 msec 1 msec *
R2_spoke#
DMVPN Phase 3: #
在阶段三中同样有阶段二的功能,也就是支持 Spoke 到 Spoke 直接的隧道,但是并不是用路由协议来解决 Spoke 学到其他 Spoke 路由下一跳的问题,而是使用 NHRP 的重定向来解决。
当 Spoke1 要访问 Spoke2 的路由时,假如下一跳在 Hub 上,第一个包会发往 Hub,Hub 会转发这个数据包给 Spoke2,同时会发送一个 NHRP 的重定向消息给 Spoke1,Spoke1 收到后,会储存重定向消息并向 Spoke2 发送 NHRP query 消息,Spoke2 收到 NHRP query 会存储 Spoke1 的信息,Spoke1 和 Spoke2 之间会自动建立隧道,后续的数据包会直接从 Spoke1 发往 Spoke2,不经过 Hub。
这样的优化的好处是 Spoke 学习到其他 Spoke 的路由下一跳不需要在 Spoke 上了,这样 Hub 就可以只发送汇总路由和默认路由给 Spoke 端,可以解决阶段二的可伸缩性问题。
在阶段三中运行路由协议时,不需要保留下一跳信息,EIGRP 关闭水平分割就可以;OSPF 运行 P2MP 的接口网络类型就可以,不需要 broadcast 了.
R1_HUB(config)#int tunnel 0
R1_HUB(config-if)#ip next-hop-self eigrp 1
R1_HUB(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.0.0
R1_HUB(config-if)#ip nhrp redirect
R1_HUB#show run int tunnel 0
Building configuration...
Current configuration : 289 bytes
!
interface Tunnel0
ip address 172.168.123.1 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
ip summary-address eigrp 1 192.168.0.0 255.255.0.0
tunnel source Ethernet0/0
tunnel mode gre multipoint
R2_spoke(config)#int tunnel 0
R2_spoke(config-if)#ip nhrp shortcut
R2_spoke#show run int tunnel 0
Building configuration...
Current configuration : 274 bytes
!
interface Tunnel0
ip address 172.168.123.2 255.255.255.0
no ip redirects
ip nhrp map 172.168.123.1 10.1.14.1
ip nhrp map multicast 10.1.14.1
ip nhrp network-id 1
ip nhrp nhs 172.168.123.1
ip nhrp shortcut
tunnel source Ethernet0/0
tunnel mode gre multipoint
end
R2_spoke#show ip route eigrp 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
D 192.168.0.0/16 [90/27008000] via 172.168.123.1, 00:00:12, Tunnel0
R2_spoke#tr
R2_spoke#traceroute 192.168.3.3 so
R2_spoke#traceroute 192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 172.168.123.1 5 msec 5 msec 0 msec
2 172.168.123.3 5 msec 6 msec *
R2_spoke#show ip nhrp
172.168.123.1/32 via 172.168.123.1
Tunnel0 created 00:01:08, never expire
Type: static, Flags: used
NBMA address: 10.1.14.1
172.168.123.3/32 via 172.168.123.3
Tunnel0 created 00:00:18, expire 01:59:41
Type: dynamic, Flags: router used nhop rib
NBMA address: 10.1.34.3
192.168.3.0/24 via 172.168.123.3
Tunnel0 created 00:00:18, expire 01:59:41
Type: dynamic, Flags: router rib
NBMA address: 10.1.34.3
R2_spoke#traceroute 192.168.3.3 source 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 172.168.123.3 1 msec 71 msec *
R2_spoke#
R2_spoke#show dm
R2_spoke#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 10.1.14.1 172.168.123.1 UP 00:01:37 S
2 10.1.34.3 172.168.123.3 UP 00:00:48 DT1
172.168.123.3 UP 00:00:48 DT1
总结 #
阶段一:Hub 配置 mGRE,Spoke 端配置 P2P GRE,Spoke 到 Spoke 没有直接的隧道;
阶段二:Hub 和 Spoke 端全部配置 mGRE,使用路由协议的方法解决 Spoke 学到 Spoke 路由的下一跳问题;
阶段三:Hub 和 Spoke 端全部配置 mGRE,使用 NHRP 解决下一跳解析问题,这样 Hub 端可以汇总路由,解决了扩展性问题
OSPF 的配置案例:
HUB1
R1#show run int tunnel 0
Building configuration...
Current configuration : 301 bytes
!
interface Tunnel0
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip nhrp authentication xuxing
ip nhrp map multicast dynamic
ip nhrp map 10.1.1.2 26.1.1.2
ip nhrp network-id 100
ip nhrp redirect
ip ospf network point-to-multipoint
tunnel source 16.1.1.1
tunnel mode gre multipoint
end
Spoke3
R3#show run int tunnel 0
Building configuration...
Current configuration : 377 bytes
!
interface Tunnel0
ip address 10.1.1.3 255.255.255.0
no ip redirects
ip nhrp authentication xuxing
ip nhrp map multicast 16.1.1.1
ip nhrp map 10.1.1.1 16.1.1.1
! ip nhrp map 10.1.1.2 26.1.1.2
ip nhrp network-id 100
ip nhrp nhs 10.1.1.1
! ip nhrp nhs 10.1.1.2
ip nhrp shortcut
ip ospf network point-to-multipoint
tunnel source 36.1.1.3
tunnel mode gre multipoint
end
R3#