Hi Timo et al,
I'm having a problem with shortcuts not installing with
ubuntu/strongswan/Frr.
Setup is as follows:
1 hub 2 spokes (single machine lab setup with lxc)
strongswan loads dmvpn conns ok
both spokes register fine
Hub has [N] routes back to spokes
Spokes have single [N] route back to hub... spoke to hub pings fine and
vise-a-versa
ibgp works fine - hub bgp sees routes from spokes and spokes see routes
from hub and reflected routes sent by hub from other spoke in RIB
But the FIB does not install these routes
and a
sh ip nhrp shortcuts
returns no entries
nhrp nflog-group 1 is enabled on hub
and iptables NFLOG rule also installed on hub
Additonally, I've turned on 'nhrp nflog-group 1' along with iptables
rule on hub and spokes but not sure if this is needed on spokes.
Also put 'ip nhrp redirect' in addition to ' ip nhrp shortcut' on spokes
but also not sure if 'ip nhrp redirect' is needed on spokes.
I also tried adding 'ip nhrp shortcut' on hub but again not sure if this
does anyting on the hub.
After a long weekend I just can't seem to figure this one out. Help pls!
Also have full debug log from frr if that will help
=====
Configs
::Hub=================
nhrp nflog-group 1
debug nhrp all
interface gre1
ip nhrp holdtime 3600
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 192.168.0.5
ip nhrp redirect
ip nhrp registration no-unique
ip nhrp shortcut
no link-detect
tunnel protection vici profile dmvpn
tunnel source eth0
router bgp 65000
bgp router-id 10.0.0.1
bgp default show-hostname
no bgp default ipv4-unicast
neighbor DMVPN peer-group
neighbor DMVPN remote-as 65000
neighbor DMVPN disable-connected-check
neighbor DMVPN advertisement-interval 1
neighbor 10.0.0.6 peer-group DMVPN
neighbor 10.0.0.7 peer-group DMVPN
!
address-family ipv4 unicast
network 10.0.0.0/8
network 10.0.0.1/32
redistribute nhrp
neighbor DMVPN activate
neighbor DMVPN route-reflector-client
neighbor DMVPN next-hop-self force
neighbor DMVPN soft-reconfiguration inbound
exit-address-family
::Spoke1=================
nhrp nflog-group 1
debug nhrp all
interface gre1
ip nhrp holdtime 3600
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 192.168.0.5
ip nhrp redirect
ip nhrp registration no-unique
ip nhrp shortcut
no link-detect
tunnel protection vici profile dmvpn
tunnel source eth0
router bgp 65000
bgp router-id 10.0.0.6
bgp default show-hostname
no bgp default ipv4-unicast
neighbor DMVPN peer-group
neighbor DMVPN remote-as 65000
neighbor DMVPN disable-connected-check
neighbor DMVPN advertisement-interval 1
neighbor 10.0.0.1 peer-group DMVPN
!
address-family ipv4 unicast
network 10.50.0.0/16
network 10.0.0.6/32
redistribute nhrp
neighbor DMVPN activate
neighbor DMVPN soft-reconfiguration inbound
exit-address-family
::Spoke2=================
nhrp nflog-group 1
debug nhrp all
interface gre1
ip nhrp holdtime 3600
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 192.168.0.5
ip nhrp redirect
ip nhrp registration no-unique
ip nhrp shortcut
no link-detect
tunnel protection vici profile dmvpn
tunnel source eth0
router bgp 65000
bgp router-id 10.0.0.7
bgp default show-hostname
no bgp default ipv4-unicast
neighbor DMVPN peer-group
neighbor DMVPN remote-as 65000
neighbor DMVPN disable-connected-check
neighbor DMVPN advertisement-interval 1
neighbor 10.0.0.1 peer-group DMVPN
!
address-family ipv4 unicast
network 172.31.0.0/16
network 10.0.0.7/32
redistribute nhrp
neighbor DMVPN activate
neighbor DMVPN soft-reconfiguration inbound
exit-address-family
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
