Dynamic Multipoint VPN on GNS3

Posted: January 18, 2016 in CISCO

DMVPN (Dynamic Multipoint VPN)  uses multipoint GRE tunnels between endpoints.

GRE tunnels are described here.

DMVPN is best explained through example.

Untitled.png

GRE tunnels are created between R1 and R3,R1-R5 and R3-R5.One router is declared as hub.Usually router in HQ,main router (R1 in this example).Spoke routers (R3 and R5) comunicate with R1 to obtain connection info about other routers in topology.

 

 

R1 provide public IP of R3 to R5 and vice-versa so R3 and R5 can make direct connection.

R1 uses Next Hop Resolution protocol (NHRP) to communicate with R3 and R5 and to inform routers R3 and R5 about fastest route between them.

NHRP provides the optimal path (minimum hop) to spoke routers in topology (R3 and R5 in this example).

R1 config:

interface FastEthernet0/0
ip address 10.30.10.1 255.255.255.252
!
interface Serial1/0
ip address 10.10.10.2 255.255.255.252
ip route 0.0.0.0 0.0.0.0 10.10.10.1

R3:

interface FastEthernet0/0
ip address 10.40.10.1 255.255.255.252
!
interface Serial1/0
ip address 10.20.10.2 255.255.255.252
ip route 0.0.0.0 0.0.0.0 10.20.10.1

 

R5:

interface FastEthernet0/0
ip address 10.60.10.1 255.255.255.252
!
interface Serial1/0
ip address 10.50.10.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.50.10.1

ISP:

interface Serial1/0
ip address 10.10.10.1 255.255.255.252
!
interface Serial1/1
ip address 10.20.10.1 255.255.255.252
!
interface Serial1/2
ip address 10.50.10.1 255.255.255.252
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip route 10.40.10.0 255.255.255.252 10.20.10.2
ip route 10.60.10.0 255.255.255.252 10.50.10.2

 

Create GRE tunnels on hub-R1:

R1(config)#int tunnel 0
!source tunnel interface:
R1(config-if)#tunnel source int s1/0
!designates tunnel as a multipoint GRE tunnel:
R1(config-if)#tunnel mode gre multipoint
!securing tunnel:
R1(config-if)#tunnel key 1234
! identify this DMVPN cloud. All routers participating in this DMVPN cloud must have the same network-id configured in order for tunnels to form:
R1(config-if)#ip nhrp network-id 1
! allow the authenticated updates and queries to the NHRP Database:
R1(config-if)#ip nhrp authentication qwerty
!enables the forwarding of multicast traffic across the tunnel to dynamic spokes:
R1(config-if)#ip nhrp map multicast dynamic
!assign tunnel ip address:
R1(config-if)#ip address 192.168.0.1 255.255.255.0

 

Create GRE tunnels on spoke-R3:

R3(config)#int tunnel 0
!source tunnel interface:
R3(config-if)#tunnel source int s1/0
!designates tunnel as a multipoint GRE tunnel:
R3(config-if)#tunnel mode gre multipoint
!securing tunnel:
R3(config-if)#tunnel key 1234
! identify this DMVPN cloud. All routers participating in this DMVPN cloud must have the same network-id configured in order for tunnels to form:
R3(config-if)#ip nhrp network-id 1
! allow the authenticated updates and queries to the NHRP Database:
R3(config-if)#ip nhrp authentication qwerty
!enables the forwarding of multicast traffic across the tunnel to dynamic spokes:
R3(config-if)#ip nhrp map multicast dynamic
!assign tunnel ip address:
R3(config-if)#ip address 192.168.0.2 255.255.255.0
!nhs-next hop server-from which server to obtain IP address of other servers
!in topology (Hub:R1-tunnel interface IP address,defined in previous step-192.168.0.1)
R3(config-if)#ip nhrp nhs 192.168.0.1
!to reach private IP of R1 tunnel interface (192.168.0.1),use public R1 adddress
!(10.10.10.2):
R3(config-if)#ip nhrp map 192.168.0.1 10.10.10.2
!Allow multicast traffic to Hub server (R1 Public IP-10.10.10.2)
R3(config-if)#ip nhrp map multicast 10.10.10.2

 

Create GRE tunnels on spoke-R5:

R5(config)#int tunnel 0
!source tunnel interface:
R5(config-if)#tunnel source int s1/0
!designates tunnel as a multipoint GRE tunnel:
R5(config-if)#tunnel mode gre multipoint
!securing tunnel:
R5(config-if)#tunnel key 1234
! identify this DMVPN cloud. All routers participating in this DMVPN cloud must have the same network-id configured in order for tunnels to form:
R5(config-if)#ip nhrp network-id 1
! allow the authenticated updates and queries to the NHRP Database:
R5(config-if)#ip nhrp authentication qwerty
!enables the forwarding of multicast traffic across the tunnel to dynamic spokes:
R5(config-if)#ip nhrp map multicast dynamic
!assign tunnel ip address:
R5(config-if)#ip address 192.168.0.3 255.255.255.0
!nhs-next hop server-from which server to obtain IP address of other servers
!in topology (Hub:R1-tunnel interface IP address,defined in previous step-192.168.0.1)
R5(config-if)#ip nhrp nhs 192.168.0.1
!to reach private IP of R1 tunnel interface (192.168.0.1),use public R1 adddress
!(10.10.10.2):
R5(config-if)#ip nhrp map 192.168.0.1 10.10.10.2
!Allow multicast traffic to Hub server (R1 Public IP-10.10.10.2)
R5(config-if)#ip nhrp map multicast 10.10.10.2

At this point,you should ping between tunnel interfaces on R1,R3 and R5

R1#sh dmvpn
Legend: Attrb –> S – Static, D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No Socket
# Ent –> Number of NHRP entries with same NBMA peer
NHS Status: E –> Expecting Replies, R –> Responding, W –> Waiting
UpDn Time –> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,

# Ent Peer NBMA Addr       Peer Tunnel Add      State     UpDn Tm Attrb
—– ————— ————— —– ——– —–
1         10.20.10.2                      192.168.0.2                UP        01:46:40 D
1         10.50.10.2                      192.168.0.3                 UP        01:40:10 D

Peer NBMA:spoke’s public IP address

Peer Tunnel Add:spoke’s local Tunnel’s IP address

State:current tunnel’s state

UpDn:uptime/downtime

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s