Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Quagga>
  3. Dev
nhrpd / shortcut tunnel not built up
patrick.oeschger at bluewin
May 8, 2017, 2:08 PM
Post #1 of 2 (467 views)
Permalink
Dear all
I have one DMVPN hub plus two Spokes.
Traffic between hub and spokes is working well but shortcut tunnels
(spoke2spoke) do not build up.
Maybe not a bug but my very own stupidity (aka. config issue)
Anyone ready to give a hint?
Thanks
/pat

### nhrp on hub ###
interface tun1
ip nhrp holdtime 3600
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 217.193.211.21
ip nhrp redirect
ip nhrp registration no-unique
ip nhrp shortcut
no link-detect
tunnel protection vici profile dmvpn
tunnel source ens160

sh ip nhrp cache
Iface Type Protocol NBMA Flags Identity
tun1 local 10.0.0.1 - -
tun1 dynamic 10.0.0.3 194.209.75.37 T 194.209.75.37
tun1 dynamic 10.0.0.2 194.209.75.35 T 194.209.75.35

### nhrp on spoke1 ###

interface tun1
ip nhrp holdtime 3600
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 217.193.211.21
ip nhrp registration no-unique
ip nhrp shortcut
no link-detect
tunnel protection vici profile dmvpn
tunnel source inet1

sh ip nhrp cache
Iface Type Protocol NBMA Flags Identity
tun1 nhs 10.0.0.1 217.193.211.21 UT 217.193.211.21
tun1 local 10.0.0.2 - -

### nhrp on spoke2 ###

interface tun1
ip nhrp holdtime 3600
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 217.193.211.21
ip nhrp registration no-unique
ip nhrp shortcut
tunnel protection vici profile dmvpn
tunnel source enp1s0

sh ip nhrp cache
Iface Type Protocol NBMA Flags Identity
tun1 nhs 10.0.0.1 217.193.211.21 UT 217.193.211.21
tun1 local 10.0.0.3 - -

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev
Re: nhrpd / shortcut tunnel not built up [ In reply to ]
timo.teras at iki
May 8, 2017, 9:26 PM
Post #2 of 2 (467 views)
Permalink
Hi,

On Mon, 8 May 2017 23:08:41 +0200
Patrick Oeschger <patrick.oeschger@bluewin.ch> wrote:

> I have one DMVPN hub plus two Spokes.
> Traffic between hub and spokes is working well but shortcut tunnels
> (spoke2spoke) do not build up.
> Maybe not a bug but my very own stupidity (aka. config issue)
> Anyone ready to give a hint?

There is an additional step to enable hub functionality.
For documentation see:
http://git.savannah.gnu.org/cgit/quagga.git/tree/nhrpd/README.nhrpd#n85

The iptables rule is a requirement currently. It would be nice if nhrpd
could automatically configure kernel for this. Unfortunately hashlimit
like functionality cannot be done of PF_PACKET socket filters AFAIK.
But it is needed to not keep nhrpd scalable when shortcuts don't form
for some reason.

And at least for now, I prefer not to automatically adjust firewall
rules from nhrpd.

Cheers,
Timo
_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal