DMVPN allowas-in

2023年8月26日 16:29

Env

Physical: 169.254.100.0/24
Tunnel1: 155.1.0.0/24
Loopback0: 150.1.x.x/32

config

iosv-5(Hub)

R5#sh run | s Tunnel1|router bgp|route-map|prefix-list
interface Tunnel1
 ip address 155.1.0.5 255.255.255.0
 no ip redirects
 ip nhrp authentication PRIMARY
 ip nhrp network-id 1
 ip nhrp redirect
 tunnel source 169.254.100.5
 tunnel mode gre multipoint
 tunnel key 1

router bgp 100
 bgp log-neighbor-changes
 bgp listen range 155.1.0.0/24 peer-group spoke1
 neighbor spoke1 peer-group
 neighbor spoke1 remote-as 200
 neighbor spoke1 update-source Tunnel1
 neighbor spoke1 default-originate
 neighbor spoke1 route-map DEFAULT out

ip prefix-list PRE seq 5 permit 0.0.0.0/0
route-map DEFAULT permit 10
 match ip address prefix-list PRE

iosv-1(Spoke)

R1#sh run | s Tunnel1|router bgp
interface Tunnel1
ip address 155.1.0.1 255.255.255.0
no ip redirects
ip nhrp authentication PRIMARY
ip nhrp map multicast 169.254.100.5
ip nhrp map 155.1.0.5 169.254.100.5
ip nhrp network-id 1
ip nhrp nhs 155.1.0.5
ip nhrp redirect
tunnel source 169.254.100.1
tunnel mode gre multipoint
tunnel key 1

router bgp 200
bgp log-neighbor-changes
network 150.1.1.1 mask 255.255.255.255
neighbor 155.1.0.5 remote-as 100
neighbor 155.1.0.5 update-source Tunnel1

iosv-2(Spoke)

R2#sh run | s Tunnel1|router bgp
interface Tunnel1
ip address 155.1.0.2 255.255.255.0
no ip redirects
ip nhrp authentication PRIMARY
ip nhrp map multicast 169.254.100.5
ip nhrp map 155.1.0.5 169.254.100.5
ip nhrp network-id 1
ip nhrp nhs 155.1.0.5
ip nhrp redirect
tunnel source 169.254.100.2
tunnel mode gre multipoint
tunnel key 1

router bgp 200
bgp log-neighbor-changes
network 150.1.2.2 mask 255.255.255.255
neighbor 155.1.0.5 remote-as 100
neighbor 155.1.0.5 update-source Tunnel1

Verifying

show dmvpn

R5#sh dm | b Interface
Interface: Tunnel1, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 169.254.100.1         155.1.0.1    UP 00:24:34     D
     1 169.254.100.2         155.1.0.2    UP 00:23:48     D

R1#sh dm | b Interface
Interface: Tunnel1, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:1, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 169.254.100.5         155.1.0.5    UP 00:13:46     S

R2#sh dm | b Interface   
Interface: Tunnel1, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:1, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 169.254.100.5         155.1.0.5    UP 00:26:03     S

show ip route

In this case, R5`s routing table is not important, so it`s skipped.

R1#sh ip ro | b Gate
Gateway of last resort is 155.1.0.5 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 155.1.0.5, 00:09:38
      150.1.0.0/32 is subnetted, 1 subnets
C        150.1.1.1 is directly connected, Loopback0
      150.2.0.0/32 is subnetted, 1 subnets
C        150.2.1.1 is directly connected, Loopback2
      155.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C        155.1.0.0/24 is directly connected, Tunnel1
L        155.1.0.1/32 is directly connected, Tunnel1
      169.254.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        169.254.100.0/24 is directly connected, GigabitEthernet0/0
L        169.254.100.1/32 is directly connected, GigabitEthernet0/0

R2#sh ip ro | b Gate
Gateway of last resort is 155.1.0.5 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 155.1.0.5, 00:09:49
      150.1.0.0/32 is subnetted, 1 subnets
C        150.1.2.2 is directly connected, Loopback0
      150.2.0.0/32 is subnetted, 1 subnets
C        150.2.2.2 is directly connected, Loopback2
      155.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        155.1.0.0/24 is directly connected, Tunnel1
L        155.1.0.2/32 is directly connected, Tunnel1
      169.254.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        169.254.100.0/24 is directly connected, GigabitEthernet0/0
L        169.254.100.2/32 is directly connected, GigabitEthernet0/0

2 times traceroute & show commands

R1#traceroute 150.1.2.2
Type escape sequence to abort.
Tracing the route to 150.1.2.2
VRF info: (vrf in name/id, vrf out name/id)
  1 155.1.0.5 [AS 100] 4 msec 3 msec 2 msec
  2 155.1.0.2 [AS 100] 7 msec 3 msec 6 msec
R1#traceroute 150.1.2.2
Type escape sequence to abort.
Tracing the route to 150.1.2.2
VRF info: (vrf in name/id, vrf out name/id)
  1 155.1.0.2 [AS 100] 3 msec 3 msec 2 msec

R1#sh dm | b Interface
Interface: Tunnel1, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     2 169.254.100.2         155.1.0.2    UP 00:00:57   DT1
                             155.1.0.2    UP 00:00:57   DT1
     1 169.254.100.5         155.1.0.5    UP 00:19:48     S

R1#sh ip ro | b Gate
Gateway of last resort is 155.1.0.5 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 155.1.0.5, 00:12:58
      150.1.0.0/32 is subnetted, 2 subnets
C        150.1.1.1 is directly connected, Loopback0
H        150.1.2.2 [250/255] via 155.1.0.2, 00:01:15, Tunnel1
      150.2.0.0/32 is subnetted, 1 subnets
C        150.2.1.1 is directly connected, Loopback2
      155.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
C        155.1.0.0/24 is directly connected, Tunnel1
L        155.1.0.1/32 is directly connected, Tunnel1
H        155.1.0.2/32 is directly connected, 00:01:15, Tunnel1
C        155.1.146.0/24 is directly connected, GigabitEthernet0/2
L        155.1.146.1/32 is directly connected, GigabitEthernet0/2
      169.254.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        169.254.100.0/24 is directly connected, GigabitEthernet0/0
L        169.254.100.1/32 is directly connected, GigabitEthernet0/0

show ip bgp(Main Theme)

If they were in MPLS topology(iosv-1&2 were CE), they would have to be configured "allowas-in" because both of routers are in same Autonomous-system, 200.
However, in this DMVPN topology, they do not need the allowas-in command, because Hub(iosv-5) originates and advertises a default-route to Spokes, and it suppresses other prefixes.

R1#sh ip bgp
BGP table version is 5, local router ID is 150.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   0.0.0.0          155.1.0.5                              0 100 i
 *>   150.1.1.1/32     0.0.0.0                  0         32768 i

Therefore, the "show ip bgp" command on iosv-1 shows that the default-route which is advertised by Hub(iosv-5) has "100 i" AS_PATH attributes with no 200.

Reference

CCIE Enterprise Infrastructure Foundation, 2nd Edition

この記事が気に入ったらサポートをしてみませんか？