This example is about DMVPN Phase 2 with IPsec Profile and EIGRP where spoke to spoke communication is needed but traffic still needs to traverse the hub location. Phase 2 is a routing protocol modification where split horizon is disabled on the tunnel. This allows spoke advertised routes to be sent to the hub and then re-advertised back to the other spokes.
No additional IKE or IPsec SAs are created.
R3
int tun1
no ip split-horizon eigrp 10
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.8 (Tunnel1) is resync: split horizon changed
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.10 (Tunnel1) is resync: split horizon changed
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.9 (Tunnel1) is resync: split horizon changed
CSR8, CSR9 and CSR10
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.3 (Tunnel1) is resync: peer graceful-restart
CSR8#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 108.0.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
D 10.1.0.0/16 [90/26880256] via 10.1.1.3, 00:40:01, Tunnel1
D 10.2.9.0/24 [90/28160256] via 10.1.1.3, 00:13:03, Tunnel1
101.0.0.0/32 is subnetted, 1 subnets
D 101.101.101.101 [90/28288000] via 10.1.1.3, 00:13:03, Tunnel1
CSR9#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 109.0.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
D 10.1.0.0/16 [90/26880256] via 10.1.1.3, 00:40:32, Tunnel1
88.0.0.0/32 is subnetted, 1 subnets
D 88.88.88.88 [90/28288000] via 10.1.1.3, 00:13:35, Tunnel1
101.0.0.0/32 is subnetted, 1 subnets
D 101.101.101.101 [90/28288000] via 10.1.1.3, 00:13:35, Tunnel1
CSR10#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 110.0.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
D 10.1.0.0/16 [90/26880256] via 10.1.1.3, 00:40:58, Tunnel1
D 10.2.9.0/24 [90/28160256] via 10.1.1.3, 00:14:00, Tunnel1
88.0.0.0/32 is subnetted, 1 subnets
D 88.88.88.88 [90/28288000] via 10.1.1.3, 00:14:00, Tunnel1
CSR10#show crypto isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
103.0.0.3 110.0.0.10 QM_IDLE 1015 ACTIVE
IPv6 Crypto ISAKMP SA
CSR10#show ip eigrp nei
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.1.3 Tu1 11 00:51:11 98 1470 0 80
CSR10#traceroute 88.88.88.88 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 88.88.88.88
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.3 36 msec 40 msec 29 msec
2 10.1.1.8 60 msec * 52 msec
Even with Phase 2 enabled and spoke to spoke communication enabled, traffic still must traverse the hub to reach remote spokes.
No additional IKE or IPsec SAs are created.
R3
int tun1
no ip split-horizon eigrp 10
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.8 (Tunnel1) is resync: split horizon changed
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.10 (Tunnel1) is resync: split horizon changed
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.9 (Tunnel1) is resync: split horizon changed
CSR8, CSR9 and CSR10
%DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.1.1.3 (Tunnel1) is resync: peer graceful-restart
CSR8#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 108.0.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
D 10.1.0.0/16 [90/26880256] via 10.1.1.3, 00:40:01, Tunnel1
D 10.2.9.0/24 [90/28160256] via 10.1.1.3, 00:13:03, Tunnel1
101.0.0.0/32 is subnetted, 1 subnets
D 101.101.101.101 [90/28288000] via 10.1.1.3, 00:13:03, Tunnel1
CSR9#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 109.0.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
D 10.1.0.0/16 [90/26880256] via 10.1.1.3, 00:40:32, Tunnel1
88.0.0.0/32 is subnetted, 1 subnets
D 88.88.88.88 [90/28288000] via 10.1.1.3, 00:13:35, Tunnel1
101.0.0.0/32 is subnetted, 1 subnets
D 101.101.101.101 [90/28288000] via 10.1.1.3, 00:13:35, Tunnel1
CSR10#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 110.0.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
D 10.1.0.0/16 [90/26880256] via 10.1.1.3, 00:40:58, Tunnel1
D 10.2.9.0/24 [90/28160256] via 10.1.1.3, 00:14:00, Tunnel1
88.0.0.0/32 is subnetted, 1 subnets
D 88.88.88.88 [90/28288000] via 10.1.1.3, 00:14:00, Tunnel1
CSR10#show crypto isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
103.0.0.3 110.0.0.10 QM_IDLE 1015 ACTIVE
IPv6 Crypto ISAKMP SA
CSR10#show ip eigrp nei
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.1.3 Tu1 11 00:51:11 98 1470 0 80
CSR10#traceroute 88.88.88.88 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 88.88.88.88
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.3 36 msec 40 msec 29 msec
2 10.1.1.8 60 msec * 52 msec
Even with Phase 2 enabled and spoke to spoke communication enabled, traffic still must traverse the hub to reach remote spokes.
