We are running our glorious DMVPN with one hub and some spokes across the globe. The hub is mapping spokes endpoint through NBMA address, which is typically a public address. But what happen if our spokes links are running over a public dynamic address allocation? How can the hub learn the new address? With default configuration NHRP will allow the spoke to register to the hub with a unique-flag, which will preserve the mapping for the whole hold time registration (default 2 hours). via Tunnel501 created 6w0d, expire 01:21:37 Type: dynamic, Flags: unique registered NBMA address:

And this will also deny any new registration if the NBMA (public) address has changed in the meantime. Any solution? Just enabling each spokes Tunnel interface:

 ip nhrp registration no-unique

And now we are happily mapping the new public address every time NHRP try e new registration towards the hub. via
   Tunnel3002 created 00:45:13, expire 01:16:49
   Type: dynamic, Flags: registered
   NBMA address:
    (Claimed NBMA address:

What means “Claimed NBMA” address? This is related to how DMVPN can figure out spokes behind NAT devices. And this aslo could be next post topic.