NHRP

What is NHRP?

Next Hop Resolution Protocol (NHRP) is an automated configuration technology that optimizes data routing in distributed networks by identifying the best path between endpoints. It helps a sending computer determine the most efficient route—minimizing hops—to the receiving computer.

When the receiving computer is within the same subnetwork, NHRP informs the sender that the recipient is local, allowing it to send further data packets directly using the subnetwork address instead of the global network address. If the recipient is in a different subnetwork, NHRP directs the sender to the router in the local subnetwork that offers the most direct connection to the receiving computer, enabling efficient packet forwarding.

Networks That Benefit from NHRP

NHRP is particularly beneficial for large networks with multiple wide area network (WAN) connections and numerous subnets. Although any endpoint can theoretically communicate with another in a logical model, most practical implementations require point-to-point links for data traffic.

These connections may include physical fiber links, virtual private networks (VPNs), or Generic Routing Encapsulation (GRE) tunnels, leading to multiple potential paths between clients. Additionally, WANs typically block broadcast requests for address resolution, resulting in a Non-Broadcast Multi-Access (NBMA) environment. In such networks, traffic must often pass through a core router, which can complicate configuration and create routing inefficiencies and bandwidth bottlenecks.

In NBMA networks, endpoints and routers lack knowledge of the physical paths to one another. While this routing information can be set up manually, it can be challenging to maintain. NHRP simplifies this by allowing routers to automatically discover the correct physical paths and corresponding IP addresses.

Interaction Between NHRP and NBMA Networks

Most WANs consist of point-to-point links, including virtual tunnel networks like GRE tunnels. To enhance the scalability of these connections, they are often organized into single or multilayer hub-and-spoke networks. Multipoint interfaces, such as GRE tunnel interfaces, help simplify configuration on hub routers, resulting in an NBMA network.

In these networks, multiple tunnel endpoints connect through a single multipoint interface, requiring a mapping from the logical tunnel endpoint IP addresses to the physical addresses for packet forwarding. While this mapping can be manually configured, dynamic discovery is preferred.

NHRP functions like ARP, addressing issues in NBMA networks by enabling systems to dynamically learn the NBMA addresses of other connected systems. This allows direct communication without intermediate hops, streamlining traffic flow.

Routers, access servers, and hosts utilize NHRP to discover each other’s addresses within the NBMA network. In partially meshed configurations, packets may need multiple hops to reach the exit router. When combined with IPsec, the NBMA network resembles a collection of point-to-point logical tunnels over a physical IP network.

NHRP supports NBMA networks through two key functions:

• 1. NHRP Registration: NHRP allows Next Hop Clients (NHCs) to register dynamically with Next Hop Servers (NHSs), facilitating their integration into the NBMA network without requiring configuration changes. This is particularly useful for NHCs with dynamic IP addresses or those behind NAT routers.

• 2. NHRP Resolution: NHRP enables one NHC (spoke) to discover the VPN IP to physical NBMA IP mapping of another NHC within the same network. This discovery eliminates the need for traffic to traverse the NHS (hub) router, reducing its bandwidth and CPU load. Consequently, direct communication between spokes can increase the overall bandwidth of the NBMA network beyond the capacity of the hub router.

Dynamically Built Hub-and-Spoke Networks with NHRP

NHRP allows for the establishment of a hub-and-spoke network in an NBMA environment, where multiple layers of NHCs serve as spokes and Next Hop Servers (NHSs) act as hubs. Initially, NHCs configure static mappings to reach their NHSs and send registration requests that enable NHSs to dynamically learn these mappings. This reduces the need for extensive hub configurations and facilitates dynamic assignment of NBMA (physical) IP addresses.

Once the foundational hub-and-spoke network is set up, NHRP resolution requests can dynamically discover spoke-to-spoke mappings, enabling direct communication between spokes and bypassing the hub. This dynamic mesh adapts to traffic patterns, allowing smaller spoke routers to efficiently participate in a larger NBMA network without requiring a complete mesh configuration. These smaller routers only need to establish connections to the actively communicating spokes.

Next Hop Server Selection

NHRP resolution requests to traverse one or more hops within the hub-and-spoke NBMA subnetwork before reaching their destination. Each device, including the source, selects a neighboring NHS based on the destination address of the NHRP request. Eventually, the request arrives at a station that generates a resolution reply, either serving or being the intended destination. The reply uses the source address from the NHRP packet to determine where to send the response.

The NHRP protocol adheres to IETF RFC 2332, facilitating efficient routing in NBMA networks. For instance, in a network of four routers connected via GRE tunnels, when a router needs to forward an IP packet to a destination host, it sends an NHRP resolution request encapsulated in a GRE packet. This request traverses several hops to reach the router connected to the destination host. Upon receiving a positive resolution reply, the sending router identifies the next hop and subsequently sends data packets directly.

Once the NBMA next hop is established, the source can either begin sending data packets directly to the destination or establish a virtual circuit (VC) connection configured with specific bandwidth and quality of service (QoS) requirements. This is applicable to both connectionless (e.g., GRE IP) and connection-oriented networks (e.g., Frame Relay, ATM, or DMVPN) that utilize IPsec for encryption.

NHRP can also coexist with other address resolution methods. For example, hosts using the Logical IP Subnet (LIS) model may continue to rely on ARP services. While NHRP aims to enhance routing efficiency compared to the LIS model, it can operate alongside existing ARP systems.

NHRP Registration Process

NHRP registrations are sent from NHCs to their designated NHSs every one-third of the configured holdtime, unless an alternative timeout value is specified. If a registration reply is not received, the request is retransmitted at increasing intervals (1, 2, 4, 8, 16, and 32 seconds). After three failed attempts (totaling 7 seconds), the NHS is marked as down, stopping any NHRP resolution packets to or through that NHS. Registrations will continue to probe the NHS until a reply is received. Once acknowledged, the NHS is marked as up, and registration intervals revert to the original configuration.

Dynamic Spoke-to-Spoke Connectivity

Dynamic spoke-to-spoke tunnels are established only when there is active data traffic, allowing for their creation and removal as needed. In addition to NHRP registration of NHCs with NHSs, NHRP enables NHCs to discover shortcut paths over the network infrastructure or to create switched virtual circuits (SVCs) directly to another NHC, bypassing hops through NHSs. This functionality supports the development of large NHRP NBMA networks without being constrained by the hub's bandwidth and CPU limitations.

This results in a dynamic mesh network that includes a foundational hub-and-spoke structure for NHRP and dynamic routing protocol information, along with direct spoke-to-spoke links that are formed when data traffic exists and removed when it ceases. Individual spoke routers can connect to any point in the NBMA network, even if they can only manage a limited number of connections simultaneously. This design allows each spoke to engage in the broader network according to its capabilities without restricting others.

For instance, in a network of 1,000 nodes, a full-mesh configuration would require a spoke to support connections to all other nodes, necessitating significant resources. In contrast, a dynamic mesh network allows a spoke to maintain connections only to its NHSs and currently active tunnels to other spokes. If a spoke reaches its limit for spoke-to-spoke tunnels, it can route data via the spoke-hub-spoke path, ensuring connectivity remains intact even if the preferred single-hop route is unavailable.