CDP with DMVPN
Right from the Cisco
kool-aid website: On-Demand Routing (ODR) is an enhancement to Cisco Discovery
Protocol (CDP), a protocol used to discover other Cisco devices on either
broadcast or non-broadcast media. With the help of CDP, it is possible to find
the device type, the IP address, the Cisco IOS® version running on the neighbor
Cisco device, the capabilities of the neighbor device, and so on. In Cisco IOS
software release 11.2, ODR was added to CDP to advertise the connected IP
prefix of a stub router via CDP. This feature takes an extra five bytes for
each network or subnet, four bytes for the IP address, and one byte to
advertise the subnet mask along with the IP. ODR is able to carry Variable
Length Subnet Mask (VLSM) information.
Router/Switch
Output
Commands
Notes
DMVPN Hub
First we need to add a default
route
HQ(config)# ip route 0.0.0.0 0.0.0.0 150.1.254.7
Since we are going to be using CDP
for a routing protocol we should tune-down the timers. The default timer
of 60 seconds is probably a bit too long
HQ (config)# cdp timer 10
Now we can create the loopback
interface
HQ (config)# interface
Loopback0
HQ (config-if)# ip address 100.100.100.100 255.255.255.255
We need to enable CDP on the
tunnel interface
HQ (config)# interface Tunnel0
HQ (config-if)# cdp enable
Now
before we configure ODR, we need to create an access-list to specify the
networks we want to learn from the hub. This needs to be done in order to
prevent the outside interface from being learned over the tunnel
HQ (config-if)# access-list 123 permit ip any host 3.3.3.3
HQ (config-if)# access-list 123 permit ip any host 4.4.4.4
HQ (config-if)# access-list 123 permit ip any host 5.5.5.5
Now we can configure ODR
HQ (config-if)# router odr
HQ (config-if)# network 192.168.11.0
And
specifiy the distribute list
HQ(config-if)# distribute-list 123 in
Time for the spokes.
R3 first
Lets get that loopback created
R3(config)# interface
Loopback0
R3(config-if)# ip address 3.3.3.3 255.255.255.255
And change that default rotue
R3(config)# ip route 150.0.0.0 255.0.0.0 150.1.13.13
R3(config)# no ip route 0.0.0.0 0.0.0.0 150.1.13.13
Lets tweak our CDP timers
R3(config)# cdp timer 10
Now all we have to do is enable
CDP on the tunnel interface.
R3(config)# interface Tunnel0
R3(config-if)# cdp enable
No need for a router statement,
CDP being enabled is all that is needed.
R4 time!
Lets get that loopback created
R4(config)# interface Loopback0
R4(config-if)# ip address 4.4.4.4 255.255.255.255
Now we can modify that default
route
R4(config)# ip route 150.0.0.0 255.0.0.0 150.1.9.9
R4(config)# no ip route 0.0.0.0 0.0.0.0 150.1.9.9
Lets tweak our CDP timers
R4(config)# cdp timer 10
Now
we can enabled CDP on the tunnel interface
R4(config)# interface Tunnel0
R4(config-if)# cdp enable
Again,
no router command necessary – CDP will take care of everything.
Last up, R5
Create the loopback
R5(config)# interface Loopback0
R5(config-if)# ip address 5.5.5.5 255.255.255.255
Tweak our CDp timer
R5(config)# cdp timer 10
Modify the default route
R5(config)# ip route 150.0.0.0 255.0.0.0 150.1.10.10
R5(config)# no ip route 0.0.0.0 0.0.0.0 150.1.10.10
Now enable CDP
R5(config)# interface Tunnel0
R5(config-if)# cdp enable
Once
again, no router command necessary.
And like that, ODR is configured. Now we can look at the CDP neighbors on
the DMVPN hub now
HQ#sh
cdp nei
Capability Codes: R – Router, T
– Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP,
r – Repeater
Device
ID Local
Intrfce Holdtme Capability
Platform Port ID
R3
Tunnel0
171 R S
I 3845 Tunnel0
R4
Tunnel0
171 R S
I 3845 Tunnel0
R5
Tunnel0
175 R S
I 3825 Tunnel0
HQ#
There, we have full CDP
neighbors on the DMVPN hub router.
Lets Check R3, R4, and R5
R3
R3#sh
cdp nei
Capability Codes: R – Router, T
– Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP,
r – Repeater
Device
ID Local
Intrfce Holdtme Capability
Platform Port ID
DMVPN
Tunnel0
174
R 7204VXR Tunnel0
R3#
R4#sh
cdp nei
Capability Codes: R – Router, T
– Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP,
r – Repeater
Device
ID Local
Intrfce Holdtme Capability
Platform Port ID
DMVPN
Tunnel0
170
R 7204VXR Tunnel0
R4#
R5#sh
cdp nei
Capability Codes: R – Router, T
– Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP,
r – Repeater
Device
ID Local
Intrfce Holdtme Capability
Platform Port ID
DMVPN
Tunnel0
177
R 7204VXR Tunnel0
R5#
So the hub has all the spokes
as CDP neighbors and the spokes only have the hub. That is what we would
expect to see.
Now we should look at the
routing table on the DMVPN hub:
HQ#sh
ip route
Codes: C – connected, S –
static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external,
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1,
N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 –
OSPF external type 2
i – IS-IS, su – IS-IS summary,
L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * –
candidate default, U – per-user static route
o – ODR, P – periodic
downloaded static route
Gateway of last resort is not
set
100.0.0.0/32 is subnetted, 1
subnets
C
100.100.100.100 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
o 3.3.3.3
[160/1] via 192.168.11.3, 00:00:04, Tunnel0
4.0.0.0/32 is subnetted, 1 subnets
o 4.4.4.4
[160/1] via 192.168.11.4, 00:00:04, Tunnel0
5.0.0.0/32 is subnetted, 1 subnets
o 5.5.5.5
[160/1] via 192.168.11.5, 00:00:00, Tunnel0
C 192.168.11.0/24 is
directly connected, Tunnel0
150.1.0.0/24 is subnetted, 1 subnets
C
150.1.254.0 is directly connected, GigabitEthernet0/1
S 150.0.0.0/8 [1/0] via
150.1.254.7
HQ#
You will ntoice that all the
routes are there and annotated with a small o to indicate ODR.
Now, lets look at the routing
table on R3
R3#sh
ip route
Codes: C – connected, S –
static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external,
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1,
N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 –
OSPF external type 2
i – IS-IS, su – IS-IS summary,
L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * –
candidate default, U – per-user static route
o – ODR, P – periodic
downloaded static route
Gateway of last
resort is 192.168.11.1 to network 0.0.0.0
3.0.0.0/32 is subnetted, 1
subnets
C 3.3.3.3
is directly connected, Loopback0
C 192.168.11.0/24 is
directly connected, Tunnel0
150.1.0.0/24 is subnetted, 1 subnets
C
150.1.13.0 is directly connected, GigabitEthernet0/1
o* 0.0.0.0/0 [160/1] via
192.168.11.1, 00:00:06, Tunnel0
S 150.0.0.0/8 [1/0] via
150.1.13.13
R3#
As you can see, there is a 0/0
route pointing to the DMVPN hub now – 192.168.11.1. ODR will advertise a
default route via cdp.
To see this you can enable debug cdp ip
R3#debug
cdp ip
R3#
*Aug 5 14:45:50.718:
CDP-IP: Reading default route 192.168.11.1 via Tunnel0
*Aug 5 14:45:50.718:
CDP-IP: Updating default route 192.168.11.1 in routing table
R3#
*Aug 5 14:45:56.526: CDP-IP:
Writing prefix 3.3.3.3/32
*Aug 5 14:45:56.526:
CDP-IP: Writing prefix 150.1.13.0/24
R3#
From that debug you can see
that we receive the default route from 192.168.11.1 via the Tunnel, we update
our routing table.
Then we update our CDP packet and include prefix 3.3.3.3/32 and
prefix 150.1.13.0/24. That is why we need the distribute list on the ODR
hub, to prevent the outside IP (150.1.x.x) from being recieved on the hub.
So, lets look at the DMVPN connections on R3
R3#sh
dmvpn
Legend: Attrb –> S – Static,
D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No
Socket
# Ent –> Number of NHRP
entries with same NBMA peer
NHS Status: E –> Expecting
Replies, R –> Responding
UpDn Time –> Up or Down Time
for a Tunnel
================================================
Interface: Tunnel0, IPv4 NHRP
Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer
Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1
150.1.254.254 192.168.11.1 UP
00:45:27 S
R3#
Only one mapping – just like we
have traditionally seen.
Lets PING R4 loopback and R5
loopback. You might notice that we do not have a specific route, but we
do have the default.
R3#p
4.4.4.4 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source
address of 3.3.3.3
!!!!!
Success rate is 100 percent
(5/5), round-trip min/avg/max = 1/4/8 ms
R3#p
5.5.5.5 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source
address of 3.3.3.3
!!!!!
Success rate is 100 percent
(5/5), round-trip min/avg/max = 1/2/4 ms
R3#
Look at that, we have full
connectivity.
So, what does the DMVPN mapping look like?
R3#sh
dmvpn
Legend: Attrb –> S – Static,
D – Dynamic, I – Incomplete
N – NATed, L – Local, X – No
Socket
# Ent –> Number of NHRP
entries with same NBMA peer
NHS Status: E –> Expecting
Replies, R –> Responding
UpDn Time –> Up or Down Time
for a Tunnel
================================================
Interface: Tunnel0, IPv4 NHRP
Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer
Tunnel Add State UpDn Tm Attrb
—– ————— ————— —– ——– —–
1
150.1.254.254 192.168.11.1 UP
01:10:59 S
R3#
Just one connection – the
hub. This is because ODR only has a default pointing to the hub router,
so all traffic flows through the hub router.
ODR is a curious protocol, that is for sure!
