DMVPN - NHRP session attributes

In a DMVPN topology, each established GRE tunnel on a hub has at least one DMVPN session with each DMVPN peer. Indeed, there may be multiple DMVPN sessions for each individual peer. DMVPN-specific session information can be displayed using the show dmvpn command. An example of such a command and its output can be found here:

Spoke1#show dmvpn Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete N - NATed, L - Local, X - No Socket T1 - Route Installed, T2 - Nexthop-override C - CTS Capable, I2 - Temporary # Ent --> Number of NHRP entries with same NBMA peer NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting UpDn Time --> Up or Down Time for a Tunnel -------------------------------------------------------------------------------- Interface: Tunnel0, IPv4 NHRP Details Type:Spoke, NHRP Peers:2, # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb ----- -------------- --------------- ----- ------- ----- 5 UP 00:01:31 DT1 UP 00:01:31 DT2 UP 00:00:55 DT2 UP 00:00:10 DT2 UP 00:00:08 DT2 1 UP 03:45:07 S Spoke1#

The output shows multiple NHRP entries for the spoke. The first entry has an attribute of DT1 while the rest have an attribute of DT2. What does this mean and why does it happen?

Well, looking at the legend, we can see that the D means dynamic (as opposed to statically assigned). The T1 and T2 indicators are the important factor here:

  • T1 (Route Installed): This attribute typically appears for the primary NHRP mapping. It indicates that the route for this particular network has been installed in the routing table of the router. This entry signifies that the hub has a direct route to the spoke via the NHRP network ID and that this route is actively being used for routing traffic.
  • T2 (Next-Hop Override): These additional entries with the ‘DT2’ attribute represent the ‘next-hop override’ feature in DMVPN. This feature allows the hub to direct traffic between spokes directly, bypassing the hub for data packets, allowing for ‘spoke-to-spoke’ communication.

Under what circumstances would multiple DT2 entries appear? Any event that changes the next hop or the route of a spoke to spoke communication may generate a new DT2 entry. This includes making changes to the config of the routers. Because it takes time for stale entries to be eliminated, for a time, they remain in the NHRP cache.

Note that some platforms (as seen in the Cisco documentation linked below) don't include the T1, T2, C, and I2 attributes.