DMVPN Technical Report – R1–R5 (R5 Hub)




Classification: Unclassified / For Training/Technical Use

Network Type: Dual-Stack DMVPN Phases 1–3, OSPF Backbone

Prepared For: Network Operations / Engineering Training

1️⃣ Network Topology Overview

Node

Role

Tunnel IPv4

Tunnel IPv6

NHRP NHS

Tunnel Source

GRE Type

OSPF Network Type

IPSec Profile

R1

Spoke

10.200.0.1

2001:db8:200:DMVPN::1

10.200.0.5

Gi1.100

Multipoint (mGRE)

Point-to-Multipoint Non-Broadcast

DMVPN_PROFILE

R2

Spoke

10.200.0.2

2001:db8:200:DMVPN::2

10.200.0.5

Gi1.100

Multipoint (mGRE)

Point-to-Multipoint Non-Broadcast

DMVPN_PROFILE

R3

Spoke

10.200.0.3

2001:db8:200:DMVPN::3

10.200.0.5

Gi1.100

Multipoint (mGRE)

Point-to-Multipoint Non-Broadcast

DMVPN_PROFILE

R4

Spoke

10.200.0.4

2001:db8:200:DMVPN::4

10.200.0.5

Gi1.100

Multipoint (mGRE)

Point-to-Multipoint Non-Broadcast

DMVPN_PROFILE

R5

Hub

10.200.0.5

2001:db8:200:DMVPN::5

Gi1.100

Multipoint (mGRE)

Point-to-Multipoint Non-Broadcast

DMVPN_PROFILE

Observations:

  • R5 is the hub, R1–R4 are spokes.

  • Tunnel network: 10.200.0.0/24 (IPv4), 2001:db8:200:DMVPN::/64 (IPv6).

  • mGRE tunnels support dynamic spoke-to-spoke connectivity.

  • OSPF uses point-to-multipoint non-broadcast for controlled adjacency.

  • IPSec profile applied to all tunnels ensures secure traffic.

2️⃣ DMVPN Phases Overview

Phase 1 – Hub-and-Spoke Only

Topology:

  • Spokes communicate only with hub (R5).

  • No direct spoke-to-spoke tunnels.

Configuration Notes:

  • Tunnel type: GRE multipoint or traditional GRE.

  • OSPF adjacency: Hub forms adjacency with all spokes.

  • NHRP: Spokes register with hub.

Pros:

  • Simple and predictable.

  • Easy to deploy.

Cons:

  • Hub becomes a traffic bottleneck for spoke-to-spoke flows.

Example Commands (Spoke R2):

interface Tunnel0
 ip address 10.200.0.2 255.255.255.0
 ip nhrp nhs 10.200.0.5
 ip nhrp network-id 1
 tunnel source Gi1.100
 tunnel mode gre
 ip ospf network point-to-multipoint

Phase 2 – Hub-and-Spoke + Spoke-to-Spoke (Static / NHRP)

Topology:

  • Spokes form direct tunnels to other spokes using manual NHRP mappings.

  • Hub manages registration and mapping.


Configuration Notes:

  • mGRE optional, static NHRP mappings required for each spoke pair.

  • OSPF network type: non-broadcast recommended for dynamic adjacency.

Pros:

  • Reduces hub load.

  • Enables spoke-to-spoke traffic without hub mediation.

Cons:

  • Manual mapping per spoke pair can be cumbersome.

  • Scaling is limited for large networks.

Example Commands:

ip nhrp map 10.200.0.3 169.254.100.3
ip nhrp map multicast 169.254.100.5

Phase 3 – Multipoint GRE + Dynamic Spoke-to-Spoke (Current Implementation)


Topology:

  • Hub (R5) registers all spokes.

  • Spokes dynamically create tunnels to each other as needed.

  • Supports full-mesh traffic without per-spoke configuration.

Configuration Notes:

  • Tunnel mode: gre multipoint.

  • NHRP network ID consistent (ip nhrp network-id 1).

  • OSPF network type: point-to-multipoint non-broadcast.

  • IPSec applied per tunnel: tunnel protection ipsec profile DMVPN_PROFILE.


Pros:

  • Highly scalable and efficient.

  • Minimizes hub load for spoke-to-spoke traffic.

  • Fully compatible with OSPF and dual-stack IP.

Cons:

  • More complex initial setup.

  • Troubleshooting requires understanding of NHRP + OSPF interplay.

Example Commands (Spoke R1):

interface Tunnel0
 ip address 10.200.0.1 255.255.255.0
 ip mtu 1400
 ip nhrp authentication NHRPPASS
 ip nhrp network-id 1
 ip nhrp nhs 10.200.0.5
 ip tcp adjust-mss 1360
 ip ospf network point-to-multipoint non-broadcast
 tunnel source GigabitEthernet1.100
 tunnel mode gre multipoint
 tunnel key 150
 tunnel protection ipsec profile DMVPN_PROFILE

3️⃣ OSPF Design Considerations

  • Router IDs (loopback-based for deterministic OSPF IDs):

    • R1: 10.200.1.1

    • R2: 10.200.2.2

    • R3: 10.200.3.3

    • R4: 10.200.4.4

    • R5: 10.200.5.5

  • OSPF adjacency (Hub R5 static neighbors):

router ospf 1
 router-id 10.200.5.5
 network 10.200.0.0 0.0.0.255 area 0
 neighbor 10.200.0.1
 neighbor 10.200.0.2
 neighbor 10.200.0.3
 neighbor 10.200.0.4

  • Timers: default 10s hello / 40s dead; adjust for larger networks.

  • Summarization: Regional /22 aggregation reduces LSA flooding:

    • Area 40 → 10.200.40.0/22

    • Area 60 → 10.200.60.0/22

    • Area 80 → 10.200.80.0/22

4️⃣ NHRP Best Practices

  1. Authentication: NHRPPASS applied.

  2. Holdtime: 300s (adjustable for faster failover).

  3. Tunnel key: 150 applied for isolation.

  4. NHRP network ID consistent across all nodes.

5️⃣ IPSec / MTU Considerations

  • Tunnel MTU: 1400 bytes (avoid fragmentation under IPSec).

  • TCP MSS adjust: 1360 bytes.

  • IPSec profile applied per tunnel: DMVPN_PROFILE.

6️⃣ Recommendations & Next Steps

  • Topology: Phase 3 DMVPN dual-stack, R5 hub, R1–R4 spokes.

  • Advantages: Scalable, secure, optimized for OSPF hierarchical routing.

  • Future steps:

    1. Generate full interface-level IP tables for dual-stack deployment.

    2. Expand OSPF into multi-area design for hierarchical aggregation.

    3. Optional: Add BGP overlay for advanced inter-region routing.

    4. Develop CCIE-style troubleshooting scenarios.


Comments

Post a Comment

Popular Posts