u/Pothandev

So, as per cisco's configuration guide: 

The GDOI protocol is protected by an ISAKMP Phase 1 exchange. The GDOI key server and the GDOI group
member must have the same ISAKMP policy. This Phase 1 ISAKMP policy should be strong enough to
protect the GDOI protocol that follows. The GDOI protocol is a four-message exchange that follows the Phase
1 ISAKMP policy. The Phase 1 ISAKMP exchange can occur in main mode or aggressive mode.
The ISAKMP Phase 1 messages and the four GDOI protocol messages are referred to as the GDOI registration,
and the entire exchange that is shown is a unicast exchange between the group member and the key server.

Interestingly I did a packet capture between something weird their are no ISAKMP Messages and I know that all the data is being in the UDP payloads with the port 848 (GDOI), but why it works like this? I saw no packets with ISAKMP Header it's just plain udp with port 848 and the payload as plain data(in hex ofcours), I didn't get it what kind of encryption is this??

I was just doing a packet capture of DMVPN phase 3 on wireshark, and I found something very interesting. I saw when I try to communicate between two spokes, first spoke sends a nhrp resolution request to the hub and get a direct reply from the second spoke, which is fine. But the behavior I coudn't understand is why our second spoke also sends a resolution request to our first spoke?? I don't think their is a lot to share through the resolution request because the only viable think I could found out are the NBMA addresses are shared. Unlike in phase 2 where I captured a single resolution request from first spoke to the second spoke their was no follow up. Could anyone please explain me this behavior

I saw in my wireshark captures some packets like STP, CDP etc.. goes with the LLC headers whereas some other packets Like ARP only uses Ethernet II header. I want a clear distinction here.

I was reading about CDP this morning when I came to know about On Demand Routing. I apply it with DMVPN since I'm learning about VPN in the weekdays. But I found it's just DMVPN phase 1 because the hub generates a default route. So it's not scalable anyhow. Is it still in use though or just a concept of textbooks??

I found it very strange when my ospf abr get's two similar subnets e.g. 1.1.1.0/24 from backbone and a non-backbone area it chooses the latter one which is quite strange for me atleast. If anyone has any idea about it please tell.

Recently I've been learning about DMVPN, and what troubles me understanding that in DMVPN phase2 and phase3 why does the resolution request packets needs to travel all the way from one spoke to another and that's too via the hub. If the hub has all the entries, then why don't just ask the hub and get those??