Dynamic Multipoint VPN Configuration Guide, Cisco IOS Release 15M&T
DMVPN Configuration Using FQDN
Downloads: This chapterpdf (PDF - 1.35MB) The complete bookPDF (PDF - 3.64MB) | The complete bookePub (ePub - 606.0KB) | Feedback

Contents

DMVPN Configuration Using FQDN

The DMVPN Configuration Using FQDN feature enables next hop clients (NHCs) to register with the next hop server (NHS).

This feature allows you to configure a fully qualified domain name (FQDN) for the nonbroadcast multiple access network (NBMA) address of the hub (NHS) on the spokes (NHCs). The spokes resolve the FQDN to IP address using the DNS service and get registered with the hub using the newly resolved address. This allows spokes to dynamically locate the IP address of the hub using FQDN.

With this feature, spokes need not configure the protocol address of the hub. Spokes learn the protocol address of the hub dynamically from the NHRP registration reply of the hub. According to RFC 2332, the hub to which the NHRP registration was sent responds with its own protocol address in the NHRP registration reply and hence the spokes learn the protocol address of the hub from the NHRP registration reply packet.

In Cisco IOS Release 15.1(2)T and earlier releases, in Dynamic Multipoint VPN (DMVPN), NHS NBMA addresses were configured with either IPv4 or IPv6 addresses. Because NHS was configured to receive a dynamic NBMA address, it was difficult for NHCs to get the updated NBMA address and register with the NHS. This limitation is addressed with the DMVPN Configuration Using FQDN feature. This feature allows NHC to use an FQDN instead of an IP address to configure NBMA and register with the NHS dynamically.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for DMVPN Configuration Using FQDN

Cisco IOS Domain Name System (DNS) client must be available on the spoke.

Restrictions for DMVPN Configuration Using FQDN

If the NBMA IP address resolved from the FQDN is not mapped to an NHS configured with the protocol address, the spoke cannot register with the hub.

Information About DMVPN Configuration Using FQDN

DNS Functionality

A Domain Name System (DNS) client communicates with a DNS server to translate a hostname to an IP address.

The intermediate DNS server or the DNS client on the route enters the FQDN DNS reply from the DNS server into the cache for a lifetime. If the DNS client receives another query before the lifetime expires, the DNS client uses the entry information from the cache. If the cache expires, the DNS client queries the DNS server. If the NBMA address of the NHS changes frequently, the DNS entry lifetime must be short, otherwise the spokes may take some time before they start using the new NBMA address for the NHS.

DNS Server Deployment Scenarios

A DNS server can be located either in a hub network or outside a hub and spoke network.

Following are the four DNS server load balancing models:

  • Round robin--Each DNS request is assigned an IP address sequentially from the list of IP addresses configured for an FQDN.
  • Weighted round robin--This is similar to round-robin load balancing except that the IP addresses are assigned weights and nodes, where higher weights can take more load or traffic.
  • Geography or network--Geography-based load balancing allows the requests to be directed to the optimal node that is geographically the nearest or the most efficient to the requester.
  • Failover--Failover load balancing sends all requests to a single host until the load balancer determines a particular node to be no longer available. It then directs traffic to the next node available in the list.

How to Configure DMVPN Configuration Using FQDN

Configuring a DNS Server on a Spoke

Perform this task to configure a DNS server on a spoke. You must perform this task only if you want to resolve FQDN using an external DNS server.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip name-server ip-address

    4.    exit


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip name-server ip-address


    Example:
    Router(config)# ip name-server 192.0.2.1
     

    Configures a DNS server on a spoke.

     
    Step 4 exit


    Example:
    Router(config)# exit
     

    Exits global configuration mode.

     

    Configuring a DNS Server

    Perform this task to configure a DNS server. You must perform the configuration on a DNS server.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    ip dns server

      4.    ip host hostname ip-address

      5.    exit


    DETAILED STEPS
        Command or Action Purpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 ip dns server


      Example:
      Router(config)# ip dns server
       

      Enables a DNS server.

       
      Step 4 ip host hostname ip-address


      Example:
      Router(config)# ip host host1.example.com 192.0.2.2
       

      Maps a FQDN (hostname) with the IP address in the DNS hostname cache for a DNS view.

      Note   

      Configure the ip host command on a DNS server if you have configured a DNS server on the spoke and configure the command on the spoke if you have not configured a DNS server on the spoke. See the Configuring a DNS Server on a Spoke task.

       
      Step 5 exit


      Example:
      Router(config)# exit
       

      Exits global configuration mode.

       

      Configuring an FQDN with a Protocol Address

      Perform this task to configure an FQDN with a protocol address. You must know the protocol address of the NHS while you are configuring the FQDN. This configuration registers spoke to a hub using NBMA.

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    interface tunnel number

        4.    ip nhrp nhs nhs-address [nbma {nbma-address | FQDN-string}] [multicast] [priority value] [cluster number]

        5.    end


      DETAILED STEPS
          Command or Action Purpose
        Step 1 enable


        Example:
        Router> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 configure terminal


        Example:
        Router# configure terminal
         

        Enters global configuration mode.

         
        Step 3 interface tunnel number


        Example:
        Router(config)# interface tunnel 1
         

        Enters interface configuration mode.

         
        Step 4 ip nhrp nhs nhs-address [nbma {nbma-address | FQDN-string}] [multicast] [priority value] [cluster number]


        Example:
        Router(config-if)# ip nhrp nhs 192.0.2.1 nbma examplehub.example1.com multicast
         

        Registers a spoke to a hub.

        • You can configure the command in the following two ways:
          • ip nhrp nhs protocol-ipaddress nbma FQDN-string--Use this command to register spoke to a hub using the FQDN string.
          • ip nhrp nhs protocol-ipaddress nbma nbma-ipaddress--Use this command to register spoke to a hub using the NHS NBMA IP address.
        Note   

        You can use the ipv6 nhrp nhs protocol-ipaddress [nbma {nhs-ipaddress | FQDN-string}] [multicast] [priority value] [cluster number] command for registering IPv6 address.

         
        Step 5 end


        Example:
        Router(config-if)# end
         

        Exits interface configuration mode and returns to privileged EXEC mode.

         

        Configuring a FQDN Without an NHS Protocol Address

        Perform this task to configure an FQDN without an NHS protocol address.

        SUMMARY STEPS

          1.    enable

          2.    configure terminal

          3.    interface tunnel number

          4.    ip nhrp nhs dynamic nbma {nbma-address | FQDN-string} [multicast] [priority value] [cluster value]

          5.    end


        DETAILED STEPS
            Command or Action Purpose
          Step 1 enable


          Example:
          Router> enable
           

          Enables privileged EXEC mode.

          • Enter your password if prompted.
           
          Step 2 configure terminal


          Example:
          Router# configure terminal
           

          Enters global configuration mode.

           
          Step 3 interface tunnel number


          Example:
          Router(config)# interface tunnel 1
           

          Enters interface configuration mode.

           
          Step 4 ip nhrp nhs dynamic nbma {nbma-address | FQDN-string} [multicast] [priority value] [cluster value]


          Example:
          Router(config-if)# ip nhrp nhs dynamic nbma examplehub.example1.com
           

          Registers a spoke to a hub.

          • The NHS protocol address is dynamically fetched by the spoke. You can configure the command in the following two ways:
            • ip nhrp nhs dynamic nbma FQDN-string--Use this command to register a spoke to a hub using the FQDN string.
            • ip nhrp nhs dynamic nbma nbma-address--Use this command to register a spoke to a hub using the NHS NBMA IP address.
          Note   

          You can use the ipv6 nhrp nhs dynamic nbma {nbma-address | FQDN-string} [multicast] [priority value] [cluster value] command for registering IPv6 address.

           
          Step 5 end


          Example:
          Router(config-if)# end
           

          Exits interface configuration mode and returns to privileged EXEC mode.

           

          Verifying DMVPN FQDN Configuration

          This task shows how to display information to verify DMVPN FQDN configuration. The following show commands can be entered in any order.

          SUMMARY STEPS

            1.    enable

            2.    show dmvpn

            3.    show ip nhrp nhs

            4.    show running-config interface tunnel tunnel-number

            5.    show ip nhrp multicast


          DETAILED STEPS
            Step 1   enable

            Enables privileged EXEC mode. Enter your password if prompted.



            Example:
            Router# enable
            
            Step 2   show dmvpn

            Displays DMVPN-specific session information.



            Example:
            Router# show dmvpn
            Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
                    N - NATed, L - Local, X - No Socket
                    # Ent --> Number of NHRP entries with same NBMA peer
                    NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
                    UpDn Time --> Up or Down Time for a Tunnel
            ==========================================================================
            Interface: Tunnel1, IPv4 NHRP Details
            Type:Spoke, NHRP Peers:1,
             # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
             ----- --------------- --------------- ----- -------- -----
                 1       192.0.2.1         192.0.2.2 UP 00:00:12     S
                           (h1.cisco.com)
            
            Step 3   show ip nhrp nhs

            Displays the status of the NHS.



            Example:
            Router# show ip nhrp nhs
            IPv4 Registration Timer: 10 seconds
            Legend: E=Expecting replies, R=Responding, W=Waiting
            Tunnel1:
            192.0.2.1 RE NBMA Address: 192.0.2.2 (h1.cisco.com) priority = 0 cluster = 0
            
            Step 4   show running-config interface tunnel tunnel-number

            Displays the contents of the current running configuration file or the tunnel interface configuration.



            Example:
            Router# show running-config interface tunnel 1
            Building configuration...
            Current configuration : 462 bytes
            !
            interface Tunnel1
             ip address 192.0.2.1 255.255.255.0
             no ip redirects
             ip mtu 1440
             ip nhrp authentication testing
             ip nhrp group spoke_group2
             ip nhrp network-id 123
             ip nhrp holdtime 150
             ip nhrp nhs dynamic nbma h1.cisco.com multicast
             ip nhrp registration no-unique
             ip nhrp registration timeout 10
             ip nhrp shortcut
             no ip route-cache cef
             tunnel source Ethernet0/0
             tunnel mode gre multipoint
             tunnel key 1001
             tunnel protection ipsec profile DMVPN
            end
            
            Step 5   show ip nhrp multicast

            Displays NHRP multicast mapping information.



            Example:
            Route# show ip nhrp multicast
            I/F     NBMA address
            Tunnel1   192.0.2.1   Flags: nhs

            Configuration Examples for DMVPN Configuration Using FQDN

            Example Configuring a Local DNS Server

            The following example shows how to configure a local DNS server:

            enable
             configure terminal
              ip host host1.example.com 192.0.2.2

            Example Configuring an External DNS Server

            The following example shows how to configure an external DNS server:

            On a spoke

            enable
             configure terminal
              ip name-server 192.0.2.1

            On a DNS Server

            enable
             configure terminal
              ip dns server
              ip host host1.example.com 192.0.2.2

            Example Configuring NHS with a Protocol Address and an NBMA Address

            The following example shows how to configure NHS with a protocol address and an NBMA address:

            enable
             configure terminal
              interface tunnel 1
               ip nhrp nhs 192.0.2.1 nbma 209.165.200.225

            Example Configuring NHS with a Protocol Address and an FQDN

            The following example shows how to configure NHS with a protocol address and an FQDN:

            enable
             configure terminal
              interface tunnel 1
               ip nhrp nhs 192.0.2.1 nbma examplehub.example1.com

            Example Configuring NHS Without a Protocol Address and with an NBMA Address

            The following example shows how to configure NHS without a protocol address and with an NBMA address:

            enable
             configure terminal
              interface tunnel 1
               ip nhrp nhs dynamic nbma 192.0.2.1

            Example Configuring NHS Without a Protocol Address and with an FQDN

            The following example shows how to configure NHS without a protocol address and with an FQDN:

            enable
             configure terminal
              interface tunnel 1
               ip nhrp nhs dynamic nbma examplehub.example1.com

            Additional References

            Related Documents

            Related Topic

            Document Title

            Cisco IOS commands

            Cisco IOS Master Commands List, All Releases

            DMVPN complete command syntax, command mode, defaults, usage guidelines, and examples

            Cisco IOS Security Command Reference

            Standards

            Standard

            Title

            No new or modified standards are supported by this feature and support for existing standards has not been modified by this feature.

            --

            MIBs

            MIB

            MIBs Link

            No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

            To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

            http:/​/​www.cisco.com/​go/​mibs

            RFCs

            RFC

            Title

            RFC 2332

            NBMA Next Hop Resolution Protocol (NHRP)

            Technical Assistance

            Description

            Link

            The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

            http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

            Feature Information for DMVPN Configuration Using FQDN

            The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

            Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

            Table 1 Feature Information for DMVPN Configuration Using FQDN

            Feature Name

            Releases

            Feature Information

            DMVPN Configuration Using FQDN

            15.1(2)T

            The DMVPN Configuration Using FQDN feature enables the NHC to register with the NHS. It uses the NHRP without using the protocol address of the NHS.

            The following commands were introduced or modified: clear dmvpn session, debug nhrp condition, ip nhrp nhs,and ipv6 nhrp nhs.