4.1.d Implement and troubleshoot DMVPN [single hub]

4.1.d [i] NHRP

NHRP is an ARP -like protocol that alleviates these NBMA network problems. With NHRP, systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network, allowing these systems to directly communicate without requiring traffic to use an intermediate hop.

NHRP allows Next Hop Clients (NHCs ) to dynamically register with Next Hop Servers (NHSs). This allows the NHCs to join the NBMA network without configuration changes on the NHSs, especially in cases where the NHC has a dynamic physical IP address or is behind a Network Address Translation (NAT) router that dynamically changes the physical IP address. In these cases it would be impossible to preconfigure the logical virtual private network (VPN IP) to physical (NBMA IP) mapping for the NHC on the NHS. This function is called NHRP registration. NHRP also allows one NHC client (spoke) to dynamically discover the logical VPN IP to physical NBMA IP mapping for another NHC client (spoke) within the same NBMA network. Without this discovery, IP packets traversing from hosts behind one spoke to hosts behind another spoke would have to traverse by way of the NHS (hub) router . This would increase the utilization of the hub’s physical bandwidth and CPU to process these packets that come into the hub on the multipoint interface and go right back out the multipoint interface. This is often called hair-pinning. With NHRP, systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network, allowing these systems to directly communicate without requiring traffic to use an intermediate hop. This alleviates the load on the intermediate hop (NHS) and can increase the overall bandwidth of the NBMA network to be greater than the bandwidth of the hub router.

NHRP is used to facilitate building a VPN. In this context, a VPN consists of a virtual Layer 3 network that is built on top of an actual Layer 3 network. The topology you use over the VPN is largely independent of the underlying network, and the protocols you run over it are completely independent of it. The Dynamic Multipoint VPN network (DMVPN) is based on GRE IP logical tunnels that can be protected by adding in IPsec to encrypt the GRE IP tunnels.

You can use debug nhrp to troubleshoot NHRP related problems (e.g . authentication errors).

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 4508-4513).  . Kindle Edition.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094690.shtml

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nhrp/configuration/xe-3s/asr1000/config-nhrp.html