Multipoint Generic Routing Encapsulation (mGRE)
- It is a multipoint GRE.
- It is point to multipoint tunnel.
- It uses GRE and NHRP.
Next Hop Resolution Protocol (NHRP)
NHRP is an ARP (Address Resolution Protocol) like protocol that dynamically maps a non-broadcast multi access network.
NHRP has two component; NH Client (NHC) and NH Server (NHS).
NHS is called as HUB and NHC is SPOKE.
NHRP protocol allows NHCs to dynamically register with NHSs.
It is a layer 2 protocol.
This allows the NHCs to join the NBMA network without configuration changes on the NHS.
NHRP allows one NHC (SPOKE) to dynamically discover the logical VPN IP to physical NBMA IP mapping for another NHC within the same NBMA network.
NHRP are CLIENT/SERVER protocol.
If we need to create more than one GRE tunnel interface then we use MGRE tunnel interface instead of point to point GRE interface
Why we need NHRP?
NHRP is an Address Resolution Protocol (ARP)-like protocol that dynamically maps non-broadcast multi-access (NBMA) Network. With NHRP, systems attached to an NBMA network can dynamically learn the NBMA (physical) address of the other systems that are part of that network, allowing these systems to directly communicate.
NHRP is an ARP-like protocol that allows Next Hop Clients (NHCs) to dynamically register with Next Hop Servers (NHSs). This allows the NHCs to join the NBMA network without configuration changes on the NHSs
NHRP is a resolution protocol that allows one NHC client (spoke) to dynamically discover the logical VPN IP to physical NBMA IP mapping for another NHC client (spoke) within the same NBMA network. Without this discovery, IP packets traversing from hosts behind one spoke to hosts behind another spoke would have to traverse by way of the NHS (hub) router. This would increase the utilization of the hub’s physical bandwidth and CPU to process these packets that come into the hub on the multipoint interface and go right back out the multipoint interface. This is often called hair-pinning. With NHRP, systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network, allowing these systems to directlycommunicate without requiring traffic to use an intermediate hop.
NHRP is a client/server protocol in which clients are said to be spokes & servers as hub.
Each spokes registers itself with hub by providing its real (NBMA/Physical) address with tunnel (Logical) address, so hub will dynamically learn about the spokes & form a GRE tunnel with them.
The last new command, ip nhrp map multicast dynamic, allows NHRP to automatically add spoke routers to the multicast NHRP mappings when these spoke routers initiate the mGRE+IPsec tunnel and register their unicast NHRP mappings. This is needed to enable dynamic routing protocols to work over the mGRE+IPsectunnels between hub and spokes. If this command was not available, then the hub router would need to have a separate configuration line for a multicast mapping to each spoke.
Topology
Configuration:
At NHS (HUB)
HUB(config)# interface tunnel <#>
HUB(config-if)# ip address <tunnel ip><mask>
HUB(config-if)# tunnel source <physical IP or interface name>
HUB(config-if)# tunnel mode gre multipoint
//Since it is point-to-multipoint tunnel, destination is many. So, instead of mentioning tunnel destination, we have to mention here as multipoint//
HUB(config-if)# tunnel key <key>
HUB(config-if)# ip nhrp map multicast dynamic
// Dynamically learn destinations from client registrations on hub//
HUB(config-if)# ip nhrp authentication <authentication key>
HUB(config-if)# ip nhrp network-id <#>
At NHC (SPOKE)
SPOKE(config)# interface tunnel <#>
SPOKE(config-if)# ip address <tunnel ip><mask>
SPOKE(config-if)# tunnel source <physical IP>
SPOKE(config-if)# tunnel mode gre multipoint
SPOKE(config-if)# tunnel key <key>
SPOKE(config-if)# ip nhrp map multicast <nbma ip>
SPOKE(config-if)# ip nhrp authentication <authentication key>
SPOKE(config-if)# ip nhrp network-id <#>
SPOKE(config-if)# ip nhrp nhs <tunnel IP of the NHS>
SPOKE(config-if)# ip nhrp map <tunnel IP of the NHS><physical ip of the NHS>
Verification Commands
#show ip nhrp
#show ip nhrp brief
#show ip nhrp detail
R1(config)#interface tunnel 0
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#tunnel source 10.1.1.1
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#tunnel key 123
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#ip nhrp authentication cisco
R1(config-if)#ip nhrp network-id 123
R1(config-if)#exit
R2(config)#interface tunnel 1
R2(config-if)#ip address 172.16.1.2 255.255.255.0
R2(config-if)#tunnel source 20.1.1.1
R2(config-if)#tunnel mode gre multipoint
R2(config-if)#tunnel key 123
R2(config-if)#ip nhrp map multicast 10.1.1.1
R2(config-if)#ip nhrp authentication 123
R2(config-if)#ip nhrp network-id 123
R2(config-if)#ip nhrp nhs 172.16.1.1
R2(config-if)#ip nhrp map 172.16.1.1 10.1.1.1
R2(config-if)#exit
R3(config)#interface tunnel 1
R3(config-if)#ip address 172.16.1.3 255.255.255.0
R3(config-if)#tunnel source 30.1.1.1
R3(config-if)#tunnel mode gre multipoint
R3(config-if)#tunnel key 123
R3(config-if)#ip nhrp map multicast 10.1.1.1
R3(config-if)#ip nhrp authentication 123
R3(config-if)#ip nhrp network-id 123
R3(config-if)#ip nhrp nhs 172.16.1.1
R3(config-if)#ip nhrp map 172.16.1.1 10.1.1.1
R3(config-if)#exit
.html.resources/18B50B97-1A8D-48AA-AD5D-50390846C846.jpg)
.html.resources/B56F7B52-5739-4953-BC71-E8663F570ADC.jpg)
.html.resources/A94D7695-41A4-4032-BA20-E0C8B910F9DF.jpg)
.html.resources/C17C4303-B026-45B2-9C05-0BFBC502C3EC.jpg)
.html.resources/F8C5330A-B668-48D5-8EA8-C735A102B992.jpg)
.html.resources/6B951E79-FB3F-48B4-9818-8E2B9C155810.jpg)
.html.resources/484EAB75-7C3D-4904-938C-34DDF1424842.jpg)
.html.resources/71858729-B102-4714-B1BE-D9F5F9F6A900.jpg)
.html.resources/195A4420-AB85-4C7C-9395-521A51E099C3.png){kind=small}