DMVPN - Open Shortest Path First (OSPF)

Download

DMVPN OSPF

Dynamic Multipoint Virtual Private Network (DMVPN) with Open Shortest Path First (OSPF) is a networking solution that combines the benefits of DMVPN and OSPF to create a scalable and dynamic communication framework. In a DMVPN OSPF deployment, OSPF serves as the routing protocol for exchanging routing information between the DMVPN spokes and the central hub. This allows for efficient and dynamic routing in a hub-and-spoke topology. DMVPN OSPF provides advantages such as automatic tunnel establishment between spokes, simplifying the network design by eliminating the need for a full mesh configuration. It leverages OSPF's capabilities for route summarization, ensuring scalability and optimal resource utilization. This solution is commonly used in scenarios where a large number of remote sites need secure and flexible connectivity, making DMVPN OSPF a robust choice for dynamic and scalable enterprise networks.

Lab:

DMVPN Topology

Task 1: Configure OSPF over DMVPN Process

Step 1: In the configuration mode of router configure OSPF over DMVPN by following command:

R1: 
router ospf 1 
network 192.168.0.0 0.0.255.255 area 0 
network 11.0.0.0 0.255.255.255 area 0 
exit
interface tunnel 0 
ip ospf network broadcast 
ip ospf priority 255 
exit

R2: 
router ospf 1 
network 192.168.0.0 0.0.255.255 area 0 
network 22.0.0.0 0.255.255.255 area 0 
exit
interface tunnel 0 
ip ospf network broadcast 
ip ospf priority 0 
exit

R3: 
router ospf 1 
network 192.168.0.0 0.0.255.255 area 0 
network 33.0.0.0 0.255.255.255 area 0 
exit
int tunnel 0 
ip ospf network broadcast 
ip ospf priority 0 
exit

R4: 
router ospf 1 
net 192.168.0.0 0.0.255.255 ar 0 
net 44.0.0.0 0.255.255.255 ar 0 
exit
interface tunnel 0 
ip ospf network broadcast 
ip ospf priority 0

Task 2: OSPF over DMVPN Verification

Step 1: Verify OSPF neighbors

R1#show ip ospf neighbor  
Neighbor ID    Pri   State Dead        Time        Address     Interface 
22.22.22.22    0     FULL/DROTHER    00:00:32   192.168.0.2     Tunnel0
33.33.33.33    0     FULL/DROTHER    00:00:36   192.168.0.3     Tunnel0
44.44.44.44    0     FULL/DROTHER    00:00:32   192.168.0.4     Tunnel0

R2#sh ip ospf neighbor 
Neighbor ID    Pri   State Dead     Time        Address     Interface 
11.11.11.11    255   FULL/DR       00:00:39    192.168.0.1    Tunnel0

R4#show ip ospf neighbor 
Neighbor ID    Pri    State Dead    Time        Address      Interface 
11.11.11.11    255    FULL/DR      00:00:30    192.168.0.1    Tunnel0

Step 2: Verify routing table and OSPF routes entries

R1#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
 E1 - OSPF external type 1, E2 - OSPF external type 2 
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 
 ia - IS-IS inter area, * - candidate default, U - per-user static route 
 o - ODR, P - periodic downloaded static route 

Gateway of last resort is 172.16.1.1 to network 0.0.0.0 

 33.0.0.0/32 is subnetted, 1 subnets 
O 33.33.33.33 [110/1001] via 192.168.0.3, 00:09:31, Tunnel0 
 172.16.0.0/30 is subnetted, 1 subnets 
C 172.16.1.0 is directly connected, FastEthernet0/0 
 22.0.0.0/32 is subnetted, 1 subnets 
O 22.22.22.22 [110/1001] via 192.168.0.2, 00:07:00, Tunnel0 
 11.0.0.0/24 is subnetted, 1 subnets 
C 11.11.11.0 is directly connected, Loopback1 
C 192.168.0.0/24 is directly connected, Tunnel0 
 44.0.0.0/32 is subnetted, 1 subnets 
O 44.44.44.44 [110/1001] via 192.168.0.4, 00:09:31, Tunnel0 
S* 0.0.0.0/0 [1/0] via 172.16.1.1

R2#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
 E1 - OSPF external type 1, E2 - OSPF external type 2 
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 
 ia - IS-IS inter area, * - candidate default, U - per-user static route 
 o - ODR, P - periodic downloaded static route 

Gateway of last resort is 172.16.2.1 to network 0.0.0.0 

 33.0.0.0/32 is subnetted, 1 subnets 
O 33.33.33.33 [110/1001] via 192.168.0.3, 00:05:15, Tunnel0 
 172.16.0.0/30 is subnetted, 1 subnets 
C 172.16.2.0 is directly connected, FastEthernet0/0 
 22.0.0.0/24 is subnetted, 1 subnets 
C 22.22.22.0 is directly connected, Loopback1 
 11.0.0.0/32 is subnetted, 1 subnets 
O 11.11.11.11 [110/1001] via 192.168.0.1, 00:05:15, Tunnel0 
C 192.168.0.0/24 is directly connected, Tunnel0 
 44.0.0.0/32 is subnetted, 1 subnets 
O 44.44.44.44 [110/1001] via 192.168.0.4, 00:05:15, Tunnel0 
S* 0.0.0.0/0 [1/0] via 172.16.2.1

Step 3: Verify DMVPN Tunnel creation

R1#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete 
 N - NATed, L - Local, X - No Socket 
 # Ent --> Number of NHRP entries with same NBMA peer 
 NHS Status: E --> Expecting Replies, R --> Responding 
 UpDn Time --> Up or Down Time for a Tunnel 
======================================================================= 

Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:3, 
 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 
----- --------------- --------------- ----- -------- -----
 1     172.16.2.2 192.168.0.2 UP 01:35:07 D 
 1     172.16.3.2 192.168.0.3 UP 01:35:01 D 
 1     172.16.4.2 192.168.0.4 UP 01:35:02 D

R2#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete 
 N - NATed, L - Local, X - No Socket 
 # Ent --> Number of NHRP entries with same NBMA peer 
 NHS Status: E --> Expecting Replies, R --> Responding 
 UpDn Time --> Up or Down Time for a Tunnel 
======================================================================== 

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:3, 

 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 
----- --------------- --------------- ----- -------- -----
 1     172.16.1.2 192.168.0.1 UP 00:55:53 S

R2#ping 192.168.0.4 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.0.4, timeout is 2 seconds: 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 196/261/340 ms 

R2#traceroute 192.168.0.4 source loopback 1 
Type escape sequence to abort. 
Tracing the route to 192.168.0.4 

 1 192.168.0.1 396 msec 508 msec 
 192.168.0.4 392 msec

Spoke router R2 is able to reach R4 via Hub router. A packet destined from R2 to R4 would need to be routed through R1, to exit the R2 tunnel and the get re-encapsulated to enter the R4 tunnel

R2#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete 
 N - NATed, L - Local, X - No Socket 
 # Ent --> Number of NHRP entries with same NBMA peer 
 NHS Status: E --> Expecting Replies, R --> Responding 
 UpDn Time --> Up or Down Time for a Tunnel 
======================================================================= 

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:3, 
 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 
----- --------------- --------------- ----- -------- -----
 1     172.16.1.2 192.168.0.1 UP 00:57:01 S 
 1     172.16.3.2 192.168.0.3 UP 00:51:50 D

Notice that the tunnel to R4 has been flagged as dynamic, in contrast to the static tunnel to the hub/NHS.

R2# ping 192.168.0.4 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.0.4, timeout is 2 seconds: 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/189/220 ms

R2#traceroute 192.168.0.4 source loopback 1 
Type escape sequence to abort. 
Tracing the route to 192.168.0.4 

1 192.168.0.4 396 msec 508 msec

Once the dynamically tunnel is formed between spoke to spoke router, DMVPN allows to Spoke to Spoke directly communication at next hop thus bypassing the Hub router completely

R2#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete 
 N - NATed, L - Local, X - No Socket 
 # Ent --> Number of NHRP entries with same NBMA peer 
 NHS Status: E --> Expecting Replies, R --> Responding 
 UpDn Time --> Up or Down Time for a Tunnel 
======================================================================= 

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:3, 

 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 
----- --------------- --------------- ----- -------- -----
 1 172.16.1.2 192.168.0.1 UP 00:58:55 S 
 1 172.16.3.2 192.168.0.3 UP 00:53:43 D 
 1 172.16.4.2 192.168.0.4 UP 00:56:37 D

R3#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete 
 N - NATed, L - Local, X - No Socket 
 # Ent --> Number of NHRP entries with same NBMA peer 
 NHS Status: E --> Expecting Replies, R --> Responding 
 UpDn Time --> Up or Down Time for a Tunnel 
======================================================================= 

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:3, 

 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 
----- --------------- --------------- ----- -------- -----
 1 172.16.1.2 192.168.0.1 UP 01:00:16 S 
 1 172.16.2.2 192.168.0.2 UP 00:55:20 D 
 1 172.16.4.2 192.168.0.4 UP 00:00:03 D

R4#sh dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete 
 N - NATed, L - Local, X - No Socket 
 # Ent --> Number of NHRP entries with same NBMA peer 
 NHS Status: E --> Expecting Replies, R --> Responding 
 UpDn Time --> Up or Down Time for a Tunnel 
======================================================================= 

Interface: Tunnel0, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:3, 

 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 
----- --------------- --------------- ----- -------- -----
 1 172.16.1.2 192.168.0.1 UP 01:00:41 S 
 1 172.16.2.2 192.168.0.2 UP 00:58:41 D 
 1 172.16.3.2 192.168.0.3 UP 00:00:31 D

DMVPN Tunnel from one to spoke to every other spoke is dynamically formed thus direct communication from spoke to spoke is possible