DMVPN Configuration Using FQDN

The DMVPN Configuration Using FQDN feature enables next hop clients (NHCs) to register with the next hop server (NHS).

This feature allows you to configure a fully qualified domain name (FQDN) for the nonbroadcast multiple access network (NBMA) address of the hub (NHS) on the spokes (NHCs). The spokes resolve the FQDN to IP address using the DNS service and get registered with the hub using the newly resolved address. This allows spokes to dynamically locate the IP address of the hub using FQDN.

With this feature, spokes need not configure the protocol address of the hub. Spokes learn the protocol address of the hub dynamically from the NHRP registration reply of the hub. According to RFC 2332, the hub to which the NHRP registration was sent responds with its own protocol address in the NHRP registration reply and hence the spokes learn the protocol address of the hub from the NHRP registration reply packet.

In Cisco IOS Release 15.1(2)T and earlier releases, in Dynamic Multipoint VPN (DMVPN), NHS NBMA addresses were configured with either IPv4 or IPv6 addresses. Because NHS was configured to receive a dynamic NBMA address, it was difficult for NHCs to get the updated NBMA address and register with the NHS. This limitation is addressed with the DMVPN Configuration Using FQDN feature. This feature allows NHC to use an FQDN instead of an IP address to configure NBMA and register with the NHS dynamically.

Prerequisites for DMVPN Configuration Using FQDN

Cisco IOS Domain Name System (DNS) client must be available on the spoke.

Restrictions for DMVPN Configuration Using FQDN

If the NBMA IP address resolved from the FQDN is not mapped to an NHS configured with the protocol address, the spoke cannot register with the hub.

Information About DMVPN Configuration Using FQDN

DNS Functionality

A Domain Name System (DNS) client communicates with a DNS server to translate a hostname to an IP address.

The intermediate DNS server or the DNS client on the route enters the FQDN DNS reply from the DNS server into the cache for a lifetime. If the DNS client receives another query before the lifetime expires, the DNS client uses the entry information from the cache. If the cache expires, the DNS client queries the DNS server. If the NBMA address of the NHS changes frequently, the DNS entry lifetime must be short, otherwise the spokes may take some time before they start using the new NBMA address for the NHS.

DNS Server Deployment Scenarios

A DNS server can be located either in a hub network or outside a hub and spoke network.

Following are the four DNS server load balancing models:

  • Round robin--Each DNS request is assigned an IP address sequentially from the list of IP addresses configured for an FQDN.

  • Weighted round robin--This is similar to round-robin load balancing except that the IP addresses are assigned weights and nodes, where higher weights can take more load or traffic.

  • Geography or network--Geography-based load balancing allows the requests to be directed to the optimal node that is geographically the nearest or the most efficient to the requester.

  • Failover--Failover load balancing sends all requests to a single host until the load balancer determines a particular node to be no longer available. It then directs traffic to the next node available in the list.

How to Configure DMVPN Configuration Using FQDN

Configuring a DNS Server on a Spoke

Perform this task to configure a DNS server on a spoke. You must perform this task only if you want to resolve FQDN using an external DNS server.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip name-server ip-address
  4. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

ip name-server ip-address

Example:


Router(config)# ip name-server 192.0.2.1

Configures a DNS server on a spoke.

Step 4

exit

Example:


Router(config)# exit

Exits global configuration mode.

Configuring a DNS Server

Perform this task to configure a DNS server. You must perform the configuration on a DNS server.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip dns server
  4. ip host hostname ip-address
  5. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

ip dns server

Example:


Router(config)# ip dns server

Enables a DNS server.

Step 4

ip host hostname ip-address

Example:


Router(config)# ip host host1.example.com 192.0.2.2

Maps a FQDN (hostname) with the IP address in the DNS hostname cache for a DNS view.

Note

 

Configure the ip host command on a DNS server if you have configured a DNS server on the spoke and configure the command on the spoke if you have not configured a DNS server on the spoke. See the Configuring a DNS Server on a Spoke task.

Step 5

exit

Example:


Router(config)# exit

Exits global configuration mode.

Configuring an FQDN with a Protocol Address

Perform this task to configure an FQDN with a protocol address. You must know the protocol address of the NHS while you are configuring the FQDN. This configuration registers spoke to a hub using NBMA.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface tunnel number
  4. ip nhrp nhs nhs-address [nbma {nbma-address | FQDN-string }] [multicast ] [priority value ] [cluster number ]
  5. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

interface tunnel number

Example:


Router(config)# interface tunnel 1

Enters interface configuration mode.

Step 4

ip nhrp nhs nhs-address [nbma {nbma-address | FQDN-string }] [multicast ] [priority value ] [cluster number ]

Example:


Router(config-if)# ip nhrp nhs 192.0.2.1 nbma examplehub.example1.com multicast

Registers a spoke to a hub.

  • You can configure the command in the following two ways:
    • ip nhrp nhs protocol-ipaddress nbma FQDN-string-- Use this command to register spoke to a hub using the FQDN string.
    • ip nhrp nhs protocol-ipaddress nbma nbma-ipaddress-- Use this command to register spoke to a hub using the NHS NBMA IP address.

Note

 

You can use the ipv6 nhrp nhs protocol-ipaddress [nbma {nhs-ipaddress | FQDN-string }] [multicast ] [priority value ] [cluster number ] command for registering IPv6 address.

Step 5

end

Example:


Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Configuring a FQDN Without an NHS Protocol Address

Perform this task to configure an FQDN without an NHS protocol address.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface tunnel number
  4. ip nhrp nhs dynamic nbma {nbma-address | FQDN-string } [multicast ] [priority value ] [cluster value ]
  5. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

interface tunnel number

Example:


Router(config)# interface tunnel 1

Enters interface configuration mode.

Step 4

ip nhrp nhs dynamic nbma {nbma-address | FQDN-string } [multicast ] [priority value ] [cluster value ]

Example:


Router(config-if)# ip nhrp nhs dynamic nbma examplehub.example1.com

Registers a spoke to a hub.

  • The NHS protocol address is dynamically fetched by the spoke. You can configure the command in the following two ways:
    • ip nhrp nhs dynamic nbma FQDN-string-- Use this command to register a spoke to a hub using the FQDN string.
    • ip nhrp nhs dynamic nbma nbma-address-- Use this command to register a spoke to a hub using the NHS NBMA IP address.

Note

 

You can use the ipv6 nhrp nhs dynamic nbma {nbma-address | FQDN-string } [multicast ] [priority value ] [cluster value ] command for registering IPv6 address.

Step 5

end

Example:


Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Verifying DMVPN FQDN Configuration

This task shows how to display information to verify DMVPN FQDN configuration. The following show commands can be entered in any order.

SUMMARY STEPS

  1. enable
  2. show dmvpn
  3. show ip nhrp nhs
  4. show running-config interface tunnel tunnel-number
  5. show ip nhrp multicast

DETAILED STEPS

Step 1

enable

Enables privileged EXEC mode. Enter your password if prompted.

Example:


Router# enable

Step 2

show dmvpn

Displays DMVPN-specific session information.

Example:


Router# show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel1, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1       192.0.2.1         192.0.2.2 UP 00:00:12     S
               (h1.cisco.com)

Step 3

show ip nhrp nhs

Displays the status of the NHS.

Example:


Router# show ip nhrp nhs
IPv4 Registration Timer: 10 seconds
Legend: E=Expecting replies, R=Responding, W=Waiting
Tunnel1:
192.0.2.1 RE NBMA Address: 192.0.2.2 (h1.cisco.com) priority = 0 cluster = 0

Step 4

show running-config interface tunnel tunnel-number

Displays the contents of the current running configuration file or the tunnel interface configuration.

Example:


Router# show running-config interface tunnel 1
Building configuration...
Current configuration : 462 bytes
!
interface Tunnel1
 ip address 192.0.2.1 255.255.255.0
 no ip redirects
 ip mtu 1440
 ip nhrp authentication testing
 ip nhrp group spoke_group2
 ip nhrp network-id 123
 ip nhrp holdtime 150
 ip nhrp nhs dynamic nbma h1.cisco.com multicast
 ip nhrp registration unique
 ip nhrp registration timeout 10
 ip nhrp shortcut
 no ip route-cache cef
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel key 1001
 tunnel protection ipsec profile DMVPN
end

Step 5

show ip nhrp multicast

Displays NHRP multicast mapping information.

Example:


Route# show ip nhrp multicast
I/F     NBMA address
Tunnel1   192.0.2.1   Flags: nhs

Configuration Examples for DMVPN Configuration Using FQDN

Example: Configuring a Local DNS Server

The following example shows how to configure a local DNS server:


enable
 configure terminal
  ip host host1.example.com 192.0.2.2

Example: Configuring an External DNS Server

The following example shows how to configure an external DNS server:

On a spoke


enable
 configure terminal
  ip name-server 192.0.2.1

On a DNS Server


enable
 configure terminal
  ip dns server
  ip host host1.example.com 192.0.2.2

Example: Configuring NHS with a Protocol Address and an NBMA Address

The following example shows how to configure NHS with a protocol address and an NBMA address:


enable
 configure terminal
  interface tunnel 1
   ip nhrp nhs 192.0.2.1 nbma 209.165.200.225

Example: Configuring NHS with a Protocol Address and an FQDN

The following example shows how to configure NHS with a protocol address and an FQDN:


enable
 configure terminal
  interface tunnel 1
   ip nhrp nhs 192.0.2.1 nbma examplehub.example1.com

Example: Configuring NHS Without a Protocol Address and with an NBMA Address

The following example shows how to configure NHS without a protocol address and with an NBMA address:


enable
 configure terminal
  interface tunnel 1
   ip nhrp nhs dynamic nbma 192.0.2.1

Example: Configuring NHS Without a Protocol Address and with an FQDN

The following example shows how to configure NHS without a protocol address and with an FQDN:


enable
 configure terminal
  interface tunnel 1
   ip nhrp nhs dynamic nbma examplehub.example1.com

Additional References

Related Documents

Related Topic

Document Title

DMVPN complete command syntax, command mode, defaults, usage guidelines, and examples

Cisco IOS Security Command Reference

Standards

Standard

Title

No new or modified standards are supported by this feature and support for existing standards has not been modified by this feature.

--

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

RFC 2332

NBMA Next Hop Resolution Protocol (NHRP)

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for DMVPN Configuration Using FQDN

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for DMVPN Configuration Using FQDN

Feature Name

Releases

Feature Information

DMVPN Configuration Using FQDN

The DMVPN Configuration Using FQDN feature enables the NHC to register with the NHS. It uses the NHRP without using the protocol address of the NHS.

The following commands were introduced or modified: clear dmvpn session , debug nhrp condition , ip nhrp nhs ,and ipv6 nhrp nhs .