We are running our glorious DMVPN with one hub and some spokes across the globe. The hub is mapping spokes endpoint through NBMA address, which is typically a public address. But what happen if our spokes links are running over a public dynamic address allocation? How can the hub learn the new address? With default configuration NHRP will allow the spoke to register to the hub with a unique-flag, which will preserve the mapping for the whole hold time registration (default 2 hours).
10.107.194.4⁄32 via 10.107.194.4 Tunnel501 created 6w0d, expire 01:21:37 Type: dynamic, Flags: unique registered NBMA address: 10.139.2.78
And this will also deny any new registration if the NBMA (public) address has changed in the meantime. Any solution? Just enabling each spokes Tunnel interface:
ip nhrp registration no-unique
And now we are happily mapping the new public address every time NHRP try e new registration towards the hub.
10.107.171.58/32 via 10.107.171.58 Tunnel3002 created 00:45:13, expire 01:16:49 Type: dynamic, Flags: registered NBMA address: 10.1.2.3 (Claimed NBMA address: 192.168.1.2)
What means “Claimed NBMA” address? This is related to how DMVPN can figure out spokes behind NAT devices. And this aslo could be next post topic.
ac41a23 @ 2019-11-20