Thumbnail: logo

no-unique flag on DMVPN

by on under blog

We are running our glorious DMVPN with one hub and some spokes across the globe. The hub is mapping spokes endpoint through NBMA address, which is typically a public address. But what happen if our spokes links are running over a public dynamic address allocation? How can the hub learn the new address? With default configuration NHRP will allow the spoke to register to the hub with a unique-flag, which will preserve the mapping for the whole hold time registration (default 2 hours).

10.107.194.4/32 via 10.107.194.4
 Tunnel501 created 6w0d, expire 01:21:37
 Type: dynamic, <strong>Flags: unique registered</strong>
 NBMA address: 10.139.2.78

And this will also deny any new registration if the NBMA (public) address has changed in the meantime. Any solution? Just enabling each spokes Tunnel interface:

 ip nhrp registration no-unique

And now we are happily mapping the new public address every time NHRP try e new registration towards the hub.

10.107.171.58/32 via 10.107.171.58
   Tunnel3002 created 00:45:13, expire 01:16:49
   Type: dynamic, Flags: registered
   NBMA address: 10.1.2.3
    (Claimed NBMA address: 192.168.1.2)

What means “Claimed NBMA” address? This is related to how DMVPN can figure out spokes behind NAT devices. And this aslo could be next post topic.



© 2018 Matteo Malvica. Illustrations by Sergio Kalisiak.