RE: large number of OSPF neighbors

From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Sun Jun 26 2005 - 14:24:19 GMT-3

OK,

With regular GRE you have to define a tunnel source and destination, so
it is a point to point technology. If you need to create a large mesh,
this makes for a lot of CLI, as you need to create n(n-1)/2 tunnels.

mGRE simplifies this for you. Normally when a GRE encapsulated packet is
received, one of the checks is to check the source address of the
incoming packet to make sure it came from a configured source. This is
bypassed for mGRE, so basically all you need setup for mGRE is a single
multipoint interface on each device in the mesh, rather than n squared.

As to how the destination address for the tunnel is derived, that is
thanks to the magic of NHRP (don't let it's association with MPOA scare
you, it actually works quite well by itself). In DMVPN each member of
the VPN registers with an NHRP server and the NHRP server works out next
hops to get to destinations and informs sources on an as needed basis.
 
If you really want to go in to the details, it is all here at, but it
does take a bit of work to get comfortable with it and its not part of
the R&S exam!
http://www.cisco.com/warp/public/732/Tech/security/ipsec/dmvpn/

Chris

-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Sunday, June 26, 2005 12:00 PM
To: Chris Lewis (chrlewis); 'Danshtr'; 'Ram Shummoogum'
Cc: caccamucca@hotmail.com; ccielab@groupstudy.com
Subject: RE: large number of OSPF neighbors

Hi Chris,
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile cisco

This multipoint GRE tunnel stuff is new to me.

Can you confirm my assumption that this is an alternative to configuring
multiple p2p GRE tunnels?

And, when the tunnel endpoint isn't configured, how does GRE know or
find out what destination ip address to use?

TIA, Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Sunday, June 26, 2005 12:48 PM
To: Danshtr; Ram Shummoogum
Cc: caccamucca@hotmail.com; ccielab@groupstudy.com
Subject: RE: large number of OSPF neighbors

Multipoint GRE is just the same as regular GRE, the only diffrence is
that with multipoint GRE, the source address is not checked on incoming
packets, so if you know how to configure regular GRE, mgre is basically
the same with two exceptions, first is tunnel mode gre multipoint, the
second is you do not have to specify a tunnel destination, just the
tunnel source. You can just take the encryption and nhrp parts out of
the config in http://www.cisco.com/warp/public/471/dcmvpn.html#configs
as follows:

interface Tunnel0
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip mtu 1440
tunnel source FastEthernet0/0
tunnel mode gre multipoint

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Danshtr
Sent: Sunday, June 26, 2005 7:23 AM
To: Ram Shummoogum
Cc: caccamucca@hotmail.com; ccielab@groupstudy.com
Subject: Re: large number of OSPF neighbors

Hi All,

Where can I find documentation about multipoint GRE, whithout IPSec?

On 6/24/05, Ram Shummoogum <rshummoo@ca.ibm.com> wrote:
> This is a DMVPN network where all the 250 neighbors are stubs.
>
>
>
>
>
> "cacca mucca"
> <caccamucca@hotma
> il.com>
To
> Ram
Shummoogum/Quebec/IBM@IBMCA,
> 06/23/2005 05:08 ccielab@groupstudy.com
> PM
cc
>
>
Subject
> RE: large number of OSPF
> neighbors
>
>
>
>
>
>
>
>
>
>
> Obiously, you have a design issue. At one time, Cisco recommended max
> of 100 routers in an area. I don't know what the number is, but you
> need a good core network design and 250 routers in one area is in my
> opinion "BAD, REALLY BAD." When 1 router's link flaps all other
> routers in an area need to recalculate and reconverge.
>
> Break up the areas, back bone, stubby, not so stubby, etc.
>
> I'm assuming that most routers have only one path back to the core
> router, break them into managable stub areas.
>
>
>
> >From: Ram Shummoogum <rshummoo@ca.ibm.com>
> >Reply-To: Ram Shummoogum <rshummoo@ca.ibm.com>
> >To: ccielab@groupstudy.com
> >Subject: large number of OSPF neighbors
> >Date: Thu, 23 Jun 2005 13:56:43 -0400
> >
> >I have a 7206 router with 250 ospf neighbors and intermittently
> >losing neighors that go into init mode for as long as 5 minutes
sometime.
> >Anyone out there running successfully with that many neighbors? If
> >yes,
> are
> >you tuning any special parameters.
> >
> >Thanks
> >
> >_____________________________________________________________________
> >__ Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's
FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
> 

--
Best regards,
Dan

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:44 GMT-3