NHRP is an important protocol used with DMVPNs & FlexVPNs that allows spokes to directly connect to other spokes. To break it down further, NHRP is essentially a resolution arp-like protocol that allows "next hop clients" (spokes) to dynamically register with "next hop servers" (hubs). In a topology, once all clients register with the hub/s, clients have the ability to discover other clients within the same NBMA (non-broadcast multiple-access) network.
Let's breakdown the phases & flow so we better understand how things work:
NHRP Redirect:
Spoke to spoke traffic is forwarded to hub
The hub then determines the ingress/egress interfaces sharing the same NHRP ID
The hub then sends a NHRP traffic redirection indicator to the source spoke with the destination spoke overlay tunnel address
NHRP Resolution:
The redirect receiving spoke then will initiate NHRP Resolution to the hub to resolve destination spoke
The hub will then forward the resolution request to the destination spoke
The destination spoke now receives the request, deploys a virtual-access interface and ipsec tunnel to the source spoke
Then the same destination spoke will send resolution reply via the direct spoke-spoke tunnel
Lastly, the destination spoke adds NHRP cache entry for source spoke
NHRP Shortcut:
The source spoke receives NHRP resolution reply
The source spoke adds a NHRP cache entry & shortcut route for the destination
NHRP Shortcut Overview:
To see NHRP in action check out other VPN related posts. Cheers!