- Finding Feature Information
- Information About Shortcut Switching Enhancements for NHRP
- How to Configure Shortcut Switching for NHRP
- Configuration Examples for Shortcut Switching Enhancements for NHRP
- Additional References
- Feature Information for Shortcut Switching Enhancements for NHRP in DMVPN Networks
Shortcut Switching Enhancements for NHRP in DMVPN Networks
Routers in a Dynamic Multipoint VPN (DMVPN) Phase 3 network use Next Hop Resolution Protocol (NHRP) Shortcut Switching to discover shorter paths to a destination network after receiving an NHRP redirect message from the hub. This allows the routers to communicate directly with each other without the need for an intermediate hop.
- Finding Feature Information
- Information About Shortcut Switching Enhancements for NHRP
- How to Configure Shortcut Switching for NHRP
- Configuration Examples for Shortcut Switching Enhancements for NHRP
- Additional References
- Feature Information for Shortcut Switching Enhancements for NHRP in DMVPN Networks
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About Shortcut Switching Enhancements for NHRP
- DMVPN Phase 3 Networks Overview
- Benefits of NHRP Shortcut Switching Enhancements
- NHRP as a Route Source
- Next Hop Overrides
- NHRP Route Watch Infrastructure
- NHRP Purge Request Reply
DMVPN Phase 3 Networks Overview
In a DMVPN Phase 3 network, separate regional DMVPN networks are connected together into a single hierarchical DMVPN network. Spokes in different regions use NHRP to build direct spoke-to-spoke tunnels with each other, bypassing both the regional and the central hubs. When building spoke-to-spoke tunnels within a region, only the regional hubs are involved in the tunnel setup. When building spoke-to-spoke tunnels between regions, the regional and the central hubs are involved in the tunnel setup.
DMVPN Phase 3 provides improvements over a DMVPN Phase 2 network. For a DMVPN spoke-to-spoke network, the main improvements from Phase 2 are in the increased flexibility in laying out the base DMVPN network. DMVPN Phase 3 allows a hierarchical hub design whereas DMVPN Phase 2 relies on "daisy-chaining" of hubs for scaling the network. DMVPN Phase 3 also removes some of the restrictions on the routing protocols required by Phase 2 (OSPF broadcast mode and non split-tunneling). DMVPN Phase 3 is not expected to change the number of spokes that a single DMVPN hub can support but it may reduce the CPU load of the routing protocol on the hub.
Benefits of NHRP Shortcut Switching Enhancements
Cisco has developed NHRP shortcut switching model enhancements that allow for more scalable DMVPN implementations. This model provides the following benefits:
- Allows summarization of routing protocol updates from hub to spokes. The spokes no longer need to have an individual route with an IP next hop of the tunnel IP address of the remote spoke for the networks behind all the other spokes. The spoke can use summarized routes with an IP next hop of the tunnel IP address of the hub and still be able to build spoke-to-spoke tunnels. It can reduce the load on the routing protocol running on the hub router. You can reduce the load because, when you can summarize the networks behind the spokes to a few summary routes or even one summary route, the hub routing protocol only has to advertise the few or one summary route to each spoke rather than all of the individual spoke routes. For example, with 1000 spokes and one router per spoke, the hub receives 1000 routes but only has to advertise one summary route to each spoke (equivalent to 1000 advertisements, one per spoke) instead of the 1,000,000 advertisements it had to process in the prior implementation of DMVPN.
- Provides better alternatives to static daisy-chaining of hubs for expanding DMVPN spoke-to-spoke networks. The hubs must still be interconnected, but they are not restricted to just a daisy-chain pattern. The routing table is used to forward data packets and NHRP control packets between the hubs. The routing table allows efficient forwarding of packets to the correct hub rather than having request and reply packets traversing through all of the hub routers.
- Allows for expansion of DMVPN spoke-to-spoke networks with OSPF as the routing protocol beyond two hubs. Because the spokes can use routes with the IP next-hop set to the hub router (not the remote spoke router as before), you can configure OSPF to use point-multipoint network mode rather than broadcast network mode. Configuring OSPF to use point-multipoint network mode removes the DR and BDR requirements that restricted the DMVPN network to just two hubs. When using OSPF, each spoke still has all individual routes, because the DMVPN network must be in a single OSPF area but you cannot summarize routes within an OSPF area.
- Allows routing protocols such as ODR to be used and still retain the ability to build dynamic spoke-to-spoke tunnels.
- Allows for hierarchical (greater than one level) and more complex tree-based DMVPN network topologies. Tree-based topologies allow the capability to build DMVPN networks with regional hubs that are spokes of central hubs. This architecture allows the regional hub to handle the data and NHRP control traffic for its regional spokes, but still allows spoke-to-spoke tunnels to be built between any spokes within the DMVPN network, whether they are in the same region or not.
- Enables the use of Cisco Express Forwarding to switch data packets along the routed path until a spoke-to-spoke tunnel is established.
NHRP as a Route Source
To implement shortcut switching, NHRP works as a route source and installs shortcut paths, as NHRP routes, directly into the Routing Information Base (RIB). This means that shortcut paths appear as routes in the routing table and NHRP works in lieu of the routing protocol (for example, RIP, OSPF or EIGRP). The shortcut routes in the RIB are distributed into the Fowarding Information Base (FIB). When a spoke discovers a shortcut path, it adds the path as an NHRP route to its routing table. The RIB and FIB have no special behaviour for shortcut switching and shortcut routes are treated like any other route.
NHRP acts as a route producer to the RIB, but it does not function as a full routing protocol. NHRP manages the route registration, resolution, and purge messages but it does not discover or maintain NHRP neighbors, advertise NHRP routing messages, or inform the network of any network topology changes.
Consider Spoke A in the figure below. It discovers a shortcut path to N2 via Spoke 2's tunnel (overlay) address TS2. It installs the shortcut path in its NHRP mapping table via the entry N2-PS2 (TS2) and it also adds the route to the RIB. The new route in the RIB is then distributed into the FIB and the FIB installs the corresponding adjacency TS2-PS2 in the adjacency table. The new route TS2-PS2 can now be used for forwarding. Note the consistency between the RIB, the FIB, and the adjacency table.
Figure 1 | NHRP As A Route Source |
Next Hop Overrides
If an NHRP route in the RIB is identical to another route (owned by another protocol) in the RIB then NHRP overrides the other protocol's next hop entries by installing shortcut next hops in the RIB. NHRP installs shortcut paths into the routing table, not as NHRP routes but as local forwarding paths. The other routing protocols continue to function as normal managing route redistribution and advertisement. NHRP only overrides local forwarding decisions by installing alternate or backup next hops into the routing table.
NHRP Route Watch Infrastructure
In a DMVPN full-mesh design, the hub creates summary routes to each of the spokes (Interior Gateway Protocol (IGP) routes). Specific NHRP shortcuts are installed at the spokes by NHRP as and when required. These shortcuts can be viewed as a refinement of the route summaries because they deal with a specific subnet while the summary routes represent super-nets. If the summary route is absent, NHRP cannot discover a shortcut path.
The summary route, or "covering prefix", governs the existence of the NHRP route in the RIB. The removal of a covering prefix in the RIB would lead to the removal of the all the corresponding NHRP routes, that were learnt via this covering prefix, from the RIB. The tracking of covering prefixes is done via the Route Watch infrastructure.
A "watched prefix" is a route that immediately precedes an NHRP route. For example, if an NHRP route is 172.16.3.0/24, then the watch-prefix corresponding to it would be 172.16.2.0/23. Each "watched prefix" and its associated "covering prefixes" are tracked by the Route Watch service. A "covering prefix" is defined as the longest matching IGP route in the RIB which is less specific than the "watched prefix". The validity of each NHRP shortcut is determined by the following events:
- If a "covering prefix" is removed so that there is no other IGP route in the RIB "covering" the watched prefix, (the watched prefix is unreachable), then the corresponding NHRP shortcut route is removed.
- If a new IGP route, which is more specific than the covering prefix but less specific than watched prefix, is installed in RIB, then it will become the covering prefix for the watched prefix. If the new covering prefix has a different next hop associated with it, the original shortcut is removed.
In summary, the validity of an NHRP route in the RIB is determined by the less specific, longest match IGP route present in the RIB. NHRP shortcuts are refinements to the routing topology, so shortcut paths are added to the RIB without modifying the routing topology.
NHRP Purge Request Reply
When an NHRP hub replies to a resolution request, it creates a local NHRP mapping entry. The local mapping entry is a network entry for which NHRP has sent a reply. The local mapping entry maintains a list of requesters. When a network entry is modified or deleted in the routing table, NHRP is notified of the event. NHRP finds the local cache entry for the network and sends a purge request to the requesters that the network to which it previously replied has changed. The receivers of the purge message delete the corresponding NHRP mapping entry from its table and send a purge reply indicating that the purge message was processed successfully.
How to Configure Shortcut Switching for NHRP
Note |
By default shortcut switching on an interface is turned off. If the ip nhrp shortcut command is not configured then the DMVPN network will not use shortcut switching. |
Enabling NHRP Shortcut Switching on an Interface
Perform this task to enable shortcut switching for NHRP for an interface on a router.
DETAILED STEPS
Clearing NHRP Cache Entries on an Interface
Perform this optional task to clear NHRP cache entries that have associated NHRP routes and next-hop overrides on an interface on a router.
DETAILED STEPS
Configuration Examples for Shortcut Switching Enhancements for NHRP
Configuring NHRP Shortcut Switching Example
The following example configures NHRP shortcut switching on tunnel interface 1:
Router(config)# interface Tunnel 1 Router(config-if)# ip nhrp shortcut
The following example shows the output of the show ip route and show ip route nhrp commands. These commands can be used to show the current state of the routing table. NHRP entries are flagged "H".
Router# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C 10.1.1.0/24 is directly connected, Tunnel0 C 172.16.22.0 is directly connected, Ethernet1/0 H 172.16.99.0 [250/1] via 1.1.1.99, 00:11:43, Tunnel0 10.2.2.0/24 is subnetted, 1 subnets C 10.11.11.0 is directly connected, Ethernet0/0 Router# show ip route nhrp H 172.16.99.0 [250/1] via 10.1.1.99, 00:11:43, Tunnel0
The following sample output displays the NHRP next-hop overrides associated with a particular route and the corresponding default next hops, when the following next-hop override is added:
- IP address: 10.50.10.0
- Mask: 255.255.255.0
- Gateway: 10.1.1.1
- Interface: Tunnel0
Router# show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP + - replicated route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.2.1.0/24 is directly connected, Loopback1 L 10.2.1.1/32 is directly connected, Loopback1 10.50.0.0/24 is subnetted, 1 subnets % S 10.50.10.0 is directly connected, Tunnel0 10.30.0.0/24 is subnetted, 1 subnets S 10.30.11.0 is directly connected, Ethernet0/0 Router# show ip route next-hop-override Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP + - replicated route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.2.1.0/24 is directly connected, Loopback1 L 10.2.1.1/32 is directly connected, Loopback1 10.50.0.0/24 is subnetted, 1 subnets % S 10.50.10.0 is directly connected, Tunnel0 [NHO][1/0] via 10.1.1.1, Tunnel0 10.30.0.0/24 is subnetted, 1 subnets S 10.30.11.0 is directly connected, Ethernet0/0 Router# show ip cef Prefix Next Hop Interface 10.2.1.255/32 receive Loopback110.10.10.0/24 10.50.10.0/24 10.1.1.1 Tunnel0 10.30.11.0/24 attached Ethernet0/0 127.0.0.0/8 drop
The following example displays the output of the show ip route and show ip route next-hop-override commands after the following next-hop override is deleted:
- IP address: 10.50.10.0
- Mask: 255.255.255.0
- Gateway: 10.1.1.1
- Interface: Tunnel0
Router# show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP + - replicated route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.2.1.0/24 is directly connected, Loopback1 L 10.2.1.1/32 is directly connected, Loopback1 10.50.0.0/24 is subnetted, 1 subnets % S 10.50.10.0 is directly connected, Tunnel0 10.30.0.0/24 is subnetted, 1 subnets S 10.30.11.0 is directly connected, Ethernet0/0 Router# show ip route next-hop-override Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP + - replicated route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.2.1.0/24 is directly connected, Loopback1 L 10.2.1.1/32 is directly connected, Loopback1 10.50.0.0/24 is subnetted, 1 subnets S 10.50.10.0 is directly connected, Tunnel0 10.30.0.0/24 is subnetted, 1 subnets S 10.30.11.0 is directly connected, Ethernet0/0 Router# show ip cef Prefix Next Hop Interface 10.2.1.255/32 receive Loopback110.10.10.0/24 10.50.10.0/24 attached Tunnel0 10.30.11.0/24 attached Ethernet0/0 127.0.0.0/8 drop
The following sample output shows the information displayed by the show ip nhrp command when a cache entry has an associated NHRP next-hop override in the RIB. Note that the flags for the entry are displayed as "router rib" and not "router candidate".
Router# show ip nhrp 10.1.1.22/32 via 10.1.1.22 Tunnel0 created 00:00:06, expire 00:02:23 Type: dynamic, Flags: router implicit NBMA address: 10.11.11.22 10.1.1.99/32 via 10.1.1.99 Tunnel0 created 4d04h, never expire Type: static, Flags: used NBMA address: 10.11.11.99 172.16.11.0/24 via 10.1.1.11 Tunnel0 created 00:00:06, expire 00:02:23 Type: dynamic, Flags: router unique local NBMA address: 10.11.11.11 (no-socket) 172.16.22.0/24 via 10.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24 Type: dynamic, Flags: router rib NBMA address: 10.11.11.22
The following example shows the output displayed by the show ip nhrp command when a cache entry has an NHRP next-hop override added to the RIB. If the corresponding cache entry has an associated NHRP next-hop override in the RIB, the flags are displayed as "router rib nho".
Router# show ip nhrp 10.1.1.22/32 via 10.1.1.22 Tunnel0 created 00:00:06, expire 00:02:23 Type: dynamic, Flags: router implicit NBMA address: 10.11.11.22 10.1.1.99/32 via 10.1.1.99 Tunnel0 created 4d04h, never expire Type: static, Flags: used NBMA address: 10.11.11.99 172.16.11.0/24 via 10.1.1.11 Tunnel0 created 00:00:06, expire 00:02:23 Type: dynamic, Flags: router unique local NBMA address: 10.11.11.11 (no-socket) 172.16.22.0/24 via 10.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24 Type: dynamic, Flags: router rib nho NBMA address: 10.11.11.22
The following example shows the output displayed by the show ip nhrp shortcut command. This command displays only the NHRP cache entries that have an associated NHRP route or NHRP next-hop override.
Router# show ip nhrp shortcut 172.16.22.0/24 via 10.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24 Type: dynamic, Flags: router rib NBMA address: 10.11.11.22 172.16.22.0/24 via 10.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24 Type: dynamic, Flags: router rib nho NBMA address: 10.11.11.22
The following example shows the output displayed by the show dmvpn command. The output indicates a route installation in the attributes section of the command output.
Router# show dmvpn Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete N - NATed, L - Local, X - No Socket, T1 - Route Installed, T2 - Nexthop-override # Ent --> Number of NHRP entries with same NBMA peer NHS Status: E --> Expecting Replies, R --> Responding UpDn Time --> Up or Down Time for a Tunnel ========================================================================== Interface: Tunnel0, IPv4 NHRP Details IPv4 Registration Timer: 60 seconds IPv4 NHS: 10.1.1.99 RE Type:Spoke, Total NBMA Peers (v4/v6): 2 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb Target Network ----- --------------- --------------- ----- -------- ----- ----------------- 2 10.11.11.22 192.1.1.22 UP 00:10:11 D 192.1.1.22/32 0 10.11.11.22 173.1.1.22 UP 00:10:11 DT1 172.16.22.0/24 1 10.11.11.99 173.1.1.99 UP 02:18:29 S 173.1.1.99/32
The example shows how to clear NHRP cache entries on tunnel interface 1 that have associated NHRP routes or nexthop overrides:
Router(config)# clear ip nhrp shortcut Tunnel1
Additional References
The following sections provide references related to NHRP and DMVPN.
Related Documents
Related Topic |
Document Title |
---|---|
NHRP information and configuration tasks |
"Configuring NHRP" module of the Cisco IOS XE IP Addressing Services Configuration Guide . |
Cisco IOS commands |
|
NHRP commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples |
Cisco IOS IP Addressing Services Command Reference |
Dynamic Multipoint VPN |
"Dynamic Multipoint VPN" module |
Standards
Standard |
Title |
---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIBs
MIB |
MIBs Link |
---|---|
None |
To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
RFC |
Title |
---|---|
None |
-- |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
|
Feature Information for Shortcut Switching Enhancements for NHRP in DMVPN Networks
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1 | Feature Information for Shortcut Switching Enhancements for NHRP in DMVPN Networks |
Feature Name |
Releases |
Feature Information |
---|---|---|
Next Hop Resolution Protocol (NHRP)-CEF Rewrite for DMVPN Phase 3 Networks. |
Cisco IOS XE Release 2.5 |
Routers in a Dynamic Multipoint VPN (DMVPN) Phase 3 network use Next Hop Resolution Protocol (NHRP) Shortcut Switching to discover shorter paths to a destination network after receiving an NHRP redirect message from the hub. This allows the routers to communicate directly with each other without the need for an intermediate hop. The following commands were introduced or modified: clear ip nhrp shortcut, debug dmvpn, debug nhrp routing, ip nhrp shortcut, show dmvpn, show ip nhrp, show ip nhrp shortcut, show ip route, show ip route next-hop-override. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.