Thanks, Kings.
From: Kingsley Charles [mailto:[email protected]] Sent: 15 February 2010 08:41 To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] DMVPN Hi Johan The redirect and shortcut commands are used as part of DMVPN phase 3. In the case of DMVPN phase 2, the first packet from a spoke to other spoke is process switched as there is not valid CEF entry. The spoke sends NHRP request to the hub and gets the resolution for the spoke's NBMA address. After the resolution, the CEF table is complete and then CEF switched. So you can see a double lookup happening for phase 2. For phase, we should use "ip ospf network broadcast". In the case, DMVPN phase 3, the CEF is complete at beginning itself pointing towards the Hub. When the spoke sends the traffic to other spoke, it goes through the hub. With ip nhrp redirect configured, any traffic entering and leaving the same tunnel interface triggers a redirect. After getting the reidrect, the spoke sends the NHRP request to spoke directly and gets the NBMA address. The nhrp shortcuts is responsible for rewriting the CEF entry for the spoke address. You can check it using sh ip nhrp. For DMVPN phase 3, we should use ip ospf network point to multipoint. With EIGRP, you no longer need to use "no ip next split-horizon" and also use summarization. For your question of using "no ip redirects. Just a guess "ip redirects", sends redirect to the sender, if the router feels that it is not the best next hop. Since we have cases, where the spoke sends the traffic to other spoke through the hub, it might trigger the redirect. Hence, may be "no ip redirect" is configured to not cause a confusion in the DMVPN network. DMVPN is NHRP based and hence it does not require ip redirects. Again, ip nhrp direct is something different. I think, "no ip redirect" are relevant to the cases where, DMVPN is in actual hub and spoke scenario i.e., the spoke is connected via frame-relay and spokes are connected to each other only through hub. With regards Kings On Mon, Feb 15, 2010 at 6:31 AM, Johan Bornman <[email protected]> wrote: Hi, Please explain the commands in bold: interface Tunnel2456 ip mtu 1400 ip nhrp authentication ipexpert ip nhrp map 10.24.56.1 192.24.56.2 ip nhrp map multicast 192.24.56.2 ip nhrp network-id 2456 ip nhrp nhs 10.24.56.2 ip nhrp shortcut ip nhrp redirect ip ospf network point-to-multipoint ip ospf 1 area 0 tunnel source serial0/1/0 tunnel mode gre multipoint Not part of the above but I have seen it on another config on the cisco documentation: What does no ip redirects do? Thanks Johan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
