The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The DMVPN Configuration Using FQDN feature enables next hop clients (NHCs) to register with the next hop server (NHS).
This feature allows you to configure a fully qualified domain name (FQDN) for the nonbroadcast multiple access network (NBMA)
address of the hub (NHS) on the spokes (NHCs). The spokes resolve the FQDN to IP address using the DNS service and get registered
with the hub using the newly resolved address. This allows spokes to dynamically locate the IP address of the hub using FQDN.
With this feature, spokes need not configure the protocol address of the hub. Spokes learn the protocol address of the hub
dynamically from the NHRP registration reply of the hub. According to RFC 2332, the hub to which the NHRP registration was
sent responds with its own protocol address in the NHRP registration reply and hence the spokes learn the protocol address
of the hub from the NHRP registration reply packet.
In Cisco IOS Release 15.1(2)T and earlier releases, in Dynamic Multipoint VPN (DMVPN), NHS NBMA addresses were configured
with either IPv4 or IPv6 addresses. Because NHS was configured to receive a dynamic NBMA address, it was difficult for NHCs
to get the updated NBMA address and register with the NHS. This limitation is addressed with the DMVPN Configuration Using
FQDN feature. This feature allows NHC to use an FQDN instead of an IP address to configure NBMA and register with the NHS
dynamically.
Finding Feature Information
Your software release may not support all the features documented in this module. For
the latest caveats and feature information, see Bug Search
Tool and the release notes for your platform and software release. To find
information about the features documented in this module, and to see a list of the
releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software
image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on
Cisco.com is not required.
Prerequisites for DMVPN Configuration Using FQDN
Cisco IOS Domain Name System (DNS) client must be available on the spoke.
Restrictions for DMVPN Configuration Using FQDN
If the NBMA IP address resolved from the FQDN is not mapped to an NHS configured with the protocol address, the spoke cannot
register with the hub.
Information About DMVPN Configuration Using FQDN
DNS Functionality
A Domain Name System (DNS) client communicates with a DNS server to translate a hostname to an IP address.
The intermediate DNS server or the DNS client on the route enters the FQDN DNS reply from the DNS server into the cache for
a lifetime. If the DNS client receives another query before the lifetime expires, the DNS client uses the entry information
from the cache. If the cache expires, the DNS client queries the DNS server. If the NBMA address of the NHS changes frequently,
the DNS entry lifetime must be short, otherwise the spokes may take some time before they start using the new NBMA address
for the NHS.
DNS Server Deployment Scenarios
A DNS server can be located either in a hub network or outside a hub and spoke network.
Following are the four DNS server load balancing models:
Round robin--Each DNS request is assigned an IP address sequentially from the list of IP addresses configured for an FQDN.
Weighted round robin--This is similar to round-robin load balancing except that the IP addresses are assigned weights and
nodes, where higher weights can take more load or traffic.
Geography or network--Geography-based load balancing allows the requests to be directed to the optimal node that is geographically
the nearest or the most efficient to the requester.
Failover--Failover load balancing sends all requests to a single host until the load balancer determines a particular node
to be no longer available. It then directs traffic to the next node available in the list.
How to Configure DMVPN Configuration Using FQDN
Configuring a DNS Server on a Spoke
Perform this task to configure a DNS server on a spoke. You must perform this task only if you want to resolve FQDN using
an external DNS server.
SUMMARY STEPS
enable
configureterminal
ipname-serverip-address
exit
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
ipname-serverip-address
Example:
Router(config)# ip name-server 192.0.2.1
Configures a DNS server on a spoke.
Step 4
exit
Example:
Router(config)# exit
Exits global configuration mode.
Configuring a DNS Server
Perform this task to configure a DNS server. You must perform the configuration on a DNS server.
SUMMARY STEPS
enable
configureterminal
ipdnsserver
iphosthostnameip-address
exit
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
ipdnsserver
Example:
Router(config)# ip dns server
Enables a DNS server.
Step 4
iphosthostnameip-address
Example:
Router(config)# ip host host1.example.com 192.0.2.2
Maps a FQDN (hostname) with the IP address in the DNS hostname cache for a DNS view.
Note
Configure the
iphost command on a DNS server if you have configured a DNS server on the spoke and configure the command on the spoke if you have
not configured a DNS server on the spoke. See the Configuring a DNS Server on a Spoke task.
Step 5
exit
Example:
Router(config)# exit
Exits global configuration mode.
Configuring an FQDN with a Protocol Address
Perform this task to configure an FQDN with a protocol address. You must know the protocol address of the NHS while you are
configuring the FQDN. This configuration registers spoke to a hub using NBMA.
Router(config-if)# ip nhrp nhs 192.0.2.1 nbma examplehub.example1.com multicast
Registers a spoke to a hub.
You can configure the command in the following two ways:
ipnhrpnhsprotocol-ipaddressnbmaFQDN-string--Use this command to register spoke to a hub using the FQDN string.
ipnhrpnhsprotocol-ipaddressnbmanbma-ipaddress--Use this command to register spoke to a hub using the NHS NBMA IP address.
Note
You can use the ipv6nhrpnhsprotocol-ipaddress [nbma {nhs-ipaddress | FQDN-string}] [multicast] [priorityvalue] [clusternumber] command for registering IPv6 address.
Step 5
end
Example:
Router(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.
Configuring a FQDN Without an NHS Protocol Address
Perform this task to configure an FQDN without an NHS protocol address.
Router(config-if)# ip nhrp nhs dynamic nbma examplehub.example1.com
Registers a spoke to a hub.
The NHS protocol address is dynamically fetched by the spoke. You can configure the command in the following two ways:
ipnhrpnhsdynamicnbmaFQDN-string--Use this command to register a spoke to a hub using the FQDN string.
ipnhrpnhsdynamicnbmanbma-address--Use this command to register a spoke to a hub using the NHS NBMA IP address.
Note
You can use the ipv6nhrpnhsdynamicnbma {nbma-address | FQDN-string} [multicast] [priorityvalue] [clustervalue] command for registering IPv6 address.
Step 5
end
Example:
Router(config-if)# end
Exits interface configuration mode and returns to privileged EXEC mode.
Verifying DMVPN FQDN
Configuration
This task shows how
to display information to verify DMVPN FQDN configuration. The following
show commands
can be entered in any order.
SUMMARY STEPS
enable
showdmvpn
showipnhrpnhs
showrunning-configinterfacetunneltunnel-number
showipnhrpmulticast
DETAILED STEPS
Step 1
enable
Enables
privileged EXEC mode. Enter your password if prompted.
Example:
Router# enable
Step 2
showdmvpn
Displays
DMVPN-specific session information.
Example:
Router# show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel1, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.0.2.1 192.0.2.2 UP 00:00:12 S
(h1.cisco.com)
Step 3
showipnhrpnhs
Displays the
status of the NHS.
Example:
Router# show ip nhrp nhs
IPv4 Registration Timer: 10 seconds
Legend: E=Expecting replies, R=Responding, W=Waiting
Tunnel1:
192.0.2.1 RE NBMA Address: 192.0.2.2 (h1.cisco.com) priority = 0 cluster = 0
Step 4
showrunning-configinterfacetunneltunnel-number
Displays the
contents of the current running configuration file or the tunnel interface
configuration.
Example:
Router# show running-config interface tunnel 1
Building configuration...
Current configuration : 462 bytes
!
interface Tunnel1
ip address 192.0.2.1 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication testing
ip nhrp group spoke_group2
ip nhrp network-id 123
ip nhrp holdtime 150
ip nhrp nhs dynamic nbma h1.cisco.com multicast
ip nhrp registration unique
ip nhrp registration timeout 10
ip nhrp shortcut
no ip route-cache cef
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 1001
tunnel protection ipsec profile DMVPN
end
Step 5
showipnhrpmulticast
Displays NHRP
multicast mapping information.
Example:
Route# show ip nhrp multicast
I/F NBMA address
Tunnel1 192.0.2.1 Flags: nhs
Configuration Examples for DMVPN Configuration Using FQDN
Example Configuring a Local DNS Server
The following example shows how to configure a local DNS server:
enable
configure terminal
ip host host1.example.com 192.0.2.2
Example Configuring an External DNS Server
The following example shows how to configure an external DNS server:
On a spoke
enable
configure terminal
ip name-server 192.0.2.1
On a DNS Server
enable
configure terminal
ip dns server
ip host host1.example.com 192.0.2.2
Example Configuring NHS with a Protocol Address and an NBMA Address
The following example shows how to configure NHS with a protocol address and an NBMA address:
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use
these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products
and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature Information for DMVPN Configuration Using FQDN
The following table provides release information about the feature or features described in this module. This table lists
only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for DMVPN Configuration Using FQDN
Feature Name
Releases
Feature Information
DMVPN Configuration Using FQDN
Cisco IOS XE Release 3.9S
The DMVPN Configuration Using FQDN feature enables the NHC to register with the NHS. It uses the NHRP without using the protocol
address of the NHS.
The following commands were introduced or modified:
cleardmvpnsession,
debugnhrpcondition,
ipnhrpnhs,and
ipv6nhrpnhs.