DMVPN Phase 2 with OSPF Configuration and Next-Hop Resolution

DMVPN Phase 2 with OSPF – Complete Guide

This guide explains how to configure DMVPN Phase 2 with OSPF so that spoke-to-spoke traffic flows directly without unnecessarily traversing the hub.

---

📑 Table of Contents

• Goal of DMVPN Phase 2
• Core Concept
• Configuration
• Verification
• Old vs New IOS
• Key Takeaways
• Related Articles

---

🎯 Goal of DMVPN Phase 2

In DMVPN Phase 2, the objective is:

• Enable direct spoke-to-spoke communication
• Avoid routing traffic via the hub
• Preserve original next-hop IP

---

🧠 Core Concept Explained

Why OSPF Needs Special Handling

Unlike EIGRP (which uses no ip next-hop-self), OSPF behavior depends on the network type.

By default, OSPF may advertise routes with the hub as the next-hop, causing suboptimal routing.

Solution: Point-to-Multipoint Network Type

• Keeps original next-hop intact
• No DR/BDR election
• Supports direct spoke communication

---

⚙️ Configuration

🔹 Code Example (Concept Overview)

DMVPN Phase 2 + OSPF:
- Use GRE multipoint tunnel
- Enable NHRP
- Set OSPF network type to point-to-multipoint
- Ensure correct next-hop propagation

🛠️ Hub Configuration

Click to Expand

interface Tunnel0
 ip address 192.168.1.1 255.255.255.0
 ip nhrp network-id 1
 ip nhrp map multicast dynamic
 ip nhrp authentication dmvpn
 tunnel source <hub-interface>
 tunnel mode gre multipoint
 ip ospf network point-to-multipoint

Explanation:

• Dynamic multicast mapping allows all spokes
• Point-to-multipoint ensures correct next-hop retention

🛠️ Spoke Configuration

Click to Expand

interface Tunnel0
 ip address 192.168.1.2 255.255.255.0
 ip nhrp network-id 1
 ip nhrp map 192.168.1.1 <hub-ip>
 ip nhrp map multicast 192.168.1.1
 ip nhrp authentication dmvpn
 ip nhrp nhs 192.168.1.1
 tunnel source <spoke-interface>
 tunnel mode gre multipoint
 ip ospf network point-to-multipoint

Explanation:

• Static mapping to hub for control plane
• NHS defines hub as resolution server
• Maintains correct routing for spoke-to-spoke

---

🔍 Verification

Check OSPF Neighbors

show ip ospf neighbor

Sample Output

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/-          00:00:33    192.168.1.2     Tunnel0
3.3.3.3           0   FULL/-          00:00:31    192.168.1.3     Tunnel0

Check Routing Table

show ip route ospf

Sample Output

O    10.10.2.0/24 [110/2] via 192.168.1.2, Tunnel0
O    10.10.3.0/24 [110/2] via 192.168.1.3, Tunnel0

Ping Between Spokes

ping 10.10.3.1

Expected Result

Success rate is 100 percent (5/5)

---

⚡ Old vs New IOS

• Core configuration remains the same
• New IOS versions provide better debugging tools
• No major syntax changes for OSPF network type

---

💡 Key Takeaways

• ✔ Use point-to-multipoint OSPF network type
• ✔ Preserve original next-hop IP
• ✔ Enable direct spoke-to-spoke communication
• ✔ Avoid unnecessary hub traversal

---

🔗 Related Articles

• Cisco DMVPN Phase 3 OSPF Configuration and Optimization Guide
• How to Propagate a Default Route in OSPF
• Adjusting the BGP Next-Hop Attribute
• IKE Phase 1 Evolution in Cisco ASA
• IKE Phase 2 Handling Enhancements

---

🚀 Final Thought: Correct OSPF network type selection is the key to unlocking full DMVPN Phase 2 efficiency.