Yep, all PSK between spokes are present and correct. Interesting thing happens. I ping the remote subnet protected by the peer spoke router sourcing it from the address of the local protected network and then traffic starts flowing directly. It requires only first few packets to be sent like this and then pings sent without specifying the source go directly.
See what was happening and check out the RTT for pings R5(config)#do ping 10.255.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.255.4.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/142/196 ms // via the hub router R5(config)#do ping 10.255.4.4 so loop1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.255.4.4, timeout is 2 seconds: Packet sent with a source address of 10.255.5.5 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms // direct spoke-to-spoke R5(config)#do ping 10.255.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.255.4.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms //still direct spoke-to-spoke And I have "point-to-multipoint" OSPF network type thinking why would I need DR and BDR router elections with "broadcast" type. Eugene From: Kingsley Charles [mailto:[email protected]] Sent: Sunday, June 10, 2012 10:00 PM To: Eugene Pefti Cc: CCIE Security Subject: Re: [OSL | CCIE_Security] How to troubleshot direct communication between two spokes in DMVPN Do you have psk for the spokes for each other?ar With regards Kings On Mon, Jun 11, 2012 at 7:51 AM, Eugene Pefti <[email protected]<mailto:[email protected]>> wrote: How would I dig it around, guys ? I have three routers in DMVPN cloud. They established full connectivity and adjacency in the so-called Phase 2 (all traffic goes via the Hub router). I configured "ip nhrp redirect" and "ip nhrp shortcut" on all tunnel interfaces but the traffic between two spokes still flows through the hub router. E.g. R5 (10.255.5.5) and R4 (10.255.4.4) are spokes. R1 (10.255.1.1) is the hub. R5#show ip route ospf 10.0.0.0/8<http://10.0.0.0/8> is variably subnetted, 7 subnets, 2 masks O 10.255.255.1/32<http://10.255.255.1/32> [110/11111] via 10.255.255.1, 00:10:05, Tunnel0 O 10.255.4.4/32<http://10.255.4.4/32> [110/22223] via 10.255.255.1, 00:10:05, Tunnel0 O 10.255.1.1/32<http://10.255.1.1/32> [110/11112] via 10.255.255.1, 00:10:05, Tunnel0 R5#sh ip cef 10.255.4.4 10.255.4.4/32<http://10.255.4.4/32>, version 49, epoch 0 0 packets, 0 bytes via 10.255.255.1, Tunnel0, 0 dependencies next hop 10.255.255.1, Tunnel0 valid adjacency _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
