Spoke-to-Spoke NHRP Summary Maps

The Spoke-to-Spoke NHRP Summary Maps feature summarizes and reduces the NHRP resolution traffic on the network.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About Spoke-to-Spoke NHRP Summary Maps

Spoke-to-Spoke NHRP Summary Maps

In DMVPN phase 3, route summarization is performed at a hub. The hub is the next-hop for any spoke to reach any network behind a spoke. On receiving a packet, the hub sends a redirect message to a local spoke and indicates the local spoke to send Next Hop Resolution Protocol (NHRP) resolution request for the destination network. The resolution request is forwarded by the hub to a remote spoke with the destination LAN network. The remote spoke responds to the resolution request and initiates a tunnel with the local spoke.

When a spoke answers an NHRP resolution request for a local host, it uses the explicit IP address network and subnet mask from the Routing Information Base (RIB) in response. Multiple networks behind a local spoke require similar NHRP messages for a host behind remote spoke to exchange packets with the hosts in these networks. It is difficult to handle NHRP messages for a huge number of spokes and large networks behind each spoke.

The number of NHRP messages between spokes can be limited when the first NHRP resolution reply provides information about the network behind a local spoke instead of a specific network. The spoke-to-spoke NHRP summary map uses the configured IP address network and subnet mask in the NHRP resolution response instead of the IP address network and subnet mask from RIB. If RIB has more number of IP address networks (lesser subnet mask length) than the configured IP address network and subnet mask, the spoke still uses the configured IP address network and subnet mask for NHRP resolution response thereby summarizing and reducing the NHRP resolution traffic on the network. Use the ip nhrp summary-map command to configure NHRP summary map on a spoke.


Note

In DMVPN, it is recommended to configure a Rendezvous Point (RP) at or behind the hub. If there is an IP multicast source behind a spoke, the ip pim spt-threshold infinity command must be configured on spokes to avoid multicast traffic going through spoke-to-spoke tunnels.

How Spoke-to-Spoke NHRP Summary Maps Works

On receiving the resolution request, the spoke

  1. Looks into the RIB for the IP address and subnet mask and returns.

  2. Checks the IP address and subnet mask against the configured NHRP summary map and verifies if the destination IP address is covered.

  3. Sends the summary map in the NHRP resolution reply to the remote spoke and NHRP on the remote spoke adds the IP address and subnet mask with the next-hop of the local spoke to the RIB.

The entire network behind the local spoke is identified to the remote spoke with one NHRP resolution request.

The following figure shows the working of spoke-to-spoke NHRP summary maps.

Figure 1. Spoke-to-Spoke NHRP Summary Maps

A local spoke with the address space 192.0.0.0/19 on its local LAN has all 32-24 RIB entries – 192.0.0.0/24,….192.0.31.0/24. When a routing protocol like EIGRP is used to advertise this local address space, the routing protocol is configured to summarize the networks to 192.0.0.0/19 and advertise that to the hub. The hub summarizes this further, to 192.0.0.0/16, when it advertises it to the other spokes. The other spokes starts with only a 192.0.0.0/16 routing table entry with the next-hop of the hub in the RIB.

If a remote host communicates with 192.0.12.1, the local spoke receives the NHRP resolution request for 192.0.12.1/32. it looks into the RIB and return 192.0.12.0/24 in NHRP resolution reply.

If the local spoke is configured with NHRP summary map for eg. "ip nhrp summary-map 192.0.0.0/19", the local spoke upon receing the resolution request for 192.0.12.1 checks the RIB which return 192.0.12.0/24. the local spoke then check for summary map configuration 192.0.0.0/19 and verifies if the destination 192.0.12.1/32 is covered and returns 192.0.0.0/19 in NHRP resolution reply.

NHRP Summary Map Support for IPv6 Overlay

Spoke-to-spoke NHRP summary maps feature is supported on IPv6 and is configured using ipv6 nhrp summary-map command.

How to Configure Spoke-to-Spoke NHRP Summary Maps

Configuring Spoke-to-Spoke NHRP Summary Maps on Spoke


Note

The following task can be performed to configure the spoke device.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface tunnel number
  4. ip address ip-address mask secondary ip-address mask
  5. ip nhrp authentication string
  6. ip nhrp summary-map {ip-address | mask }
  7. ip nhrp network-id number
  8. ip nhrp nhs [hub-tunnel-ip-address ] nbma [hub-wan--ip ] multicast
  9. ip nhrp shortcut
  10. tunnel source {ip-address | type number }
  11. tunnel mode gre multipoint
  12. tunnel key key-number
  13. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

interface tunnel number

Example:


Device(config)# interface tunnel 5

Configures a tunnel interface and enters interface configuration mode.

  • number —Specifies the number of the tunnel interface that you want to create or configure. There is no limit on the number of tunnel interfaces you can create.

Step 4

ip address ip-address mask secondary ip-address mask

Example:


Device(config-if)# ip address 10.0.0.2 255.255.255.0

Sets a primary or secondary IP address for the tunnel interface.

Note 

All hubs and spokes that are in the same DMVPN network must be addressed in the same IP subnet.

Step 5

ip nhrp authentication string

Example:


Device(config-if)# ip nhrp authentication donttell

Configures an authentication string for an interface using NHRP.

Step 6

ip nhrp summary-map {ip-address | mask }

Example:


Device(config-if)# ip nhrp summary-map 10.0.0.0/24

Summarizes and reduces the NHRP resolution traffic on the network.

Step 7

ip nhrp network-id number

Example:


Device(config-if)# ip nhrp network-id 99

Enables NHRP on an interface.

  • number —Specifies a globally unique 32-bit network identifier from a nonbroadcast multiaccess (NBMA) network.

Step 8

ip nhrp nhs [hub-tunnel-ip-address ] nbma [hub-wan--ip ] multicast

Example:


Device(config-if)# ip nhrp nhs 10.0.0.1 nbma 172.17.0.1 multicast

Configures the hub router as the NHRP next-hop server.

Step 9

ip nhrp shortcut

Example:


Device(config-if)# ip nhrp shortcut

Enables NHRP shortcut switching.

Step 10

tunnel source {ip-address | type number }

Example:


Device(config-if)# tunnel source Gigabitethernet 0/0/0

Sets the source address for a tunnel interface.

Step 11

tunnel mode gre multipoint

Example:


Device(config-if)# tunnel mode gre multipoint

Sets the encapsulation mode to Multiple Generic Routing Encapsulation (mGRE) for the tunnel interface.

  • Use this command if data traffic can use dynamic spoke-to-spoke traffic.

Step 12

tunnel key key-number

Example:


Device(config-if)# tunnel key 100000

(Optional) Enables an ID key for a tunnel interface.

  • key-number —Specifies a number to identify a tunnel key. This must be set to the same value on all hubs and spokes that are in the same DMVPN network.

Step 13

end

Example:

Device(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Verifying Spoke-to Spoke NHRP Summary Maps

SUMMARY STEPS

  1. enable
  2. show ip nhrp

DETAILED STEPS

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

show ip nhrp

Example:

The following is an example of show command output on spoke. 

Device# show ip nhrp

15.0.0.1/32 (vrf1) via 15.0.0.1
   Tunnel3 created 09:09:00, never expire 
   Type: static, Flags: used 
   NBMA address: 123.0.0.1 
15.0.0.20/32 (vrf1) via 15.0.0.20
   Tunnel3 created 00:00:54, expire 00:04:05
   Type: dynamic, Flags: router nhop rib 
   NBMA address: 42.0.0.1 
190.0.0.0/22 (vrf1) via 15.0.0.10
   Tunnel3 created 09:09:00, never expire 
   Type: static, Flags: local 
   NBMA address: 121.0.0.1 
    (no-socket) 
201.0.0.0/22 (vrf1) via 15.0.0.20
   Tunnel3 created 00:00:54, expire 00:04:05
   Type: dynamic, Flags: router rib nho 
   NBMA address: 42.0.0.1

Displays Next Hop Resolution Protocol (NHRP) mapping information.

Troubleshooting Spoke-to-Spoke NHRP Summary Maps

SUMMARY STEPS

  1. debug dmvpn all nhrp

DETAILED STEPS

debug dmvpn all nhrp

Checks the IP address and subnet mask received by the spoke for a resolution request.

Example:


Device# debug dmvpn all nhrp

NHRP-RT: Attempting to create instance PDB for vrf global(0x0)(0x0)
NHRP-CACHE: Tunnel0: Cache add for target 67.0.0.1/32 vrf global(0x0) label none next-hop 67.0.0.1
            
NHRP-CACHE: Tunnel0: Cache add for target 67.0.0.0/24 vrf global(0x0) label none next-hop 15.0.0.30
            80.0.0.1
NHRP-CACHE: Inserted subblock node(2 now) for cache: Target 67.0.0.0/24 nhop 15.0.0.30
NHRP-CACHE: Converted internal dynamic cache entry for 67.0.0.0/24 interface Tunnel0 vrf global(0x0) to external
NHRP-RT: Adding route entry for 67.0.0.0/24 (Tunnel0 vrf:global(0x0)) to RIB
NHRP-RT: Route addition to RIB Successful 
NHRP-RT: Route watch started for 67.0.0.0/23 
NHRP-CACHE: Updating label on Tunnel0 for 15.0.0.30 vrf global(0x0), old none new none nhop 15.0.0.30
NHRP-CACHE: Tunnel0: Cache update for target 15.0.0.30/32 vrf global(0x0) label none next-hop 15.0.0.30
            80.0.0.1
NHRP-CACHE: Deleting incomplete entry for 67.0.0.1/32 interface Tunnel0 vrf global(0x0)
NHRP-CACHE: Still other cache entries with same overlay nhop 67.0.0.1
NHRP-RT: Received route watch notification for  67.0.0.0/24  
NHRP-RT: Covering prefix is 67.0.0.0/22 
NHRP-RT: Received route watch notification for  67.0.0.0/24  
NHRP-RT: (0x0):NHRP RIB entry for  67.0.0.0/24  is unreachable

Configuration Examples for Spoke-to-Spoke NHRP Summary Maps

Example: Spoke-to-Spoke NHRP Summary Maps

Example: Spoke-to-Spoke NHRP Summary Maps

The following is an example of configuring DMVPN phase 3 on hub for summary map . 



interface Tunnel0
 ip address 15.0.0.1 255.255.255.0
 no ip redirects
 no ip split-horizon eigrp 2
 ip nhrp authentication cisco123
 ip nhrp network-id 23
 ip nhrp redirect
 ip summary-address eigrp 2 190.0.0.0 255.255.252.0
 ip summary-address eigrp 2 201.0.0.0 255.255.252.0
 tunnel source GigabitEthernet1/0/0
 tunnel mode gre multipoint
 tunnel key 6
end

The following example shows how to configure spoke-to-spoke NHRP summary maps on spoke 1. 



interface Tunnel0
 vrf forwarding vrf1
 ip address 15.0.0.10 255.255.255.0
 ip nhrp authentication cisco123
 ip nhrp summary-map 190.0.0.0/22 
 ip nhrp network-id 5
 ip nhrp nhs 15.0.0.1 nbma 123.0.0.1 multicast
 ip nhrp shortcut
 tunnel source GigabitEthernet0/1/0
 tunnel mode gre multipoint
 tunnel key 6
end

The following example shows how to configure spoke-to-spoke NHRP summary maps on spoke 2. 



interface Tunnel0
 ip address 15.0.0.20 255.255.255.0
 ip nhrp authentication cisco123
 ip nhrp summary-map 201.0.0.0/22  
 ip nhrp network-id 5
 ip nhrp nhs 15.0.0.1 nbma 123.0.0.1 multicast
 ip nhrp shortcut
 tunnel source GigabitEthernet0/0/0
 tunnel mode gre multipoint
 tunnel key 6
end

The following is a sample output of the show ip nhrp command on the hub. 


Device# show ip nhrp

15.0.0.10/32 via 15.0.0.10
   Tunnel0 created 00:22:26, expire 00:07:35
   Type: dynamic, Flags: registered used nhop 
   NBMA address: 41.0.0.1 
15.0.0.20/32 via 15.0.0.20
   Tunnel0 created 00:13:43, expire 00:09:36
   Type: dynamic, Flags: registered used nhop 
   NBMA address: 42.0.0.1

The following is a sample output of the show ip nhrp command on spoke 1. 


Device# show ip nhrp

15.0.0.1/32 (vrf1) via 15.0.0.1
   Tunnel3 created 09:09:00, never expire 
   Type: static, Flags: used 
   NBMA address: 123.0.0.1 
15.0.0.20/32 (vrf1) via 15.0.0.20
   Tunnel3 created 00:00:54, expire 00:04:05
   Type: dynamic, Flags: router nhop rib 
   NBMA address: 42.0.0.1 
190.0.0.0/22 (vrf1) via 15.0.0.10
   Tunnel3 created 09:09:00, never expire 
   Type: static, Flags: local 
   NBMA address: 121.0.0.1 
    (no-socket) 
201.0.0.0/22 (vrf1) via 15.0.0.20
   Tunnel3 created 00:00:54, expire 00:04:05
   Type: dynamic, Flags: router rib nho 
   NBMA address: 42.0.0.1

The following is a sample output of the show ip nhrp command on spoke 2. 


Device# show ip nhrp

15.0.0.1/32 via 15.0.0.1
   Tunnel0 created 09:08:16, never expire 
   Type: static, Flags: used 
   NBMA address: 123.0.0.1 
15.0.0.10/32 via 15.0.0.10
   Tunnel0 created 00:00:04, expire 01:59:55
   Type: dynamic, Flags: router nhop rib 
   NBMA address: 121.0.0.1 
190.0.0.0/22 via 15.0.0.10
   Tunnel0 created 00:00:04, expire 01:59:55
   Type: dynamic, Flags: router rib nho 
   NBMA address: 121.0.0.1 
201.0.0.0/22 via 15.0.0.20
   Tunnel0 created 09:08:16, never expire 
   Type: static, Flags: local 
   NBMA address: 42.0.0.1 
    (no-socket)

Additional References for Spoke-to-Spoke NHRP Summary Maps

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

Cisco IOS security commands

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Spoke-to-Spoke NHRP Summary Maps

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Spoke-to-Spoke NHRP Summary Maps

Feature Name

Releases

Feature Information

Spoke-to-Spoke NHRP Summary Maps

Cisco IOS XE Release 3.17S

The Spoke-to-Spoke Next Hop Resolution Protocol (NHRP) Summary Maps feature summarizes and reduces the NHRP resolution traffic on the network.

The following commands were introduced or modified by this feature: ip nhrp summary-map, ipv6 summary-map .