We are running our glorious DMVPN with one hub and some spokes across the globe. The hub is mapping spokes endpoint through NBMA address, which is typically a public address. But what happen if our spokes links are running over a public dynamic address allocation? How can the hub learn the new address? With default configuration NHRP will allow the spoke to register to the hub with a unique-flag, which will preserve the mapping for the whole hold time registration (default 2 hours).

10.107.194.432 via 10.107.194.4 Tunnel501 created 6w0d, expire 01:21:37 Type: dynamic, Flags: unique registered NBMA address: 10.139.2.78

And this will also deny any new registration if the NBMA (public) address has changed in the meantime. Any solution? Just enabling each spokes Tunnel interface:

 ip nhrp registration no-unique

And now we are happily mapping the new public address every time NHRP try e new registration towards the hub.

10.107.171.58/32 via 10.107.171.58
   Tunnel3002 created 00:45:13, expire 01:16:49
   Type: dynamic, Flags: registered
   NBMA address: 10.1.2.3
    (Claimed NBMA address: 192.168.1.2)

What means “Claimed NBMA” address? This is related to how DMVPN can figure out spokes behind NAT devices. And this aslo could be next post topic.