DMVPN

Categories

DMVPN is a dynamic method of VPN that allows point to multipoint communication between hub and spoke devices.

Main Advantage of DMVPN:

  1. Reduce the configuration overhead.
  2. On-demand full mesh connectivity with simple hub-and-spoke configuration.
  3. Dynamic addressing for spoke routers.
  4. Cost effective solution
  5. Reduced latency and bandwidth savings.

DMVPN relies on two basic technologies

  1. Multipoint GRE Tunnel Interface:

Click for more GRE info

GRE tunnels exist in two main flavors:

Point to Point GRE: We define  P2P GRE as below compulsory:


Point to multiport GRE:

Tunnel interface having multiple tunnel destinations unlike a point-to-point GRE tunnel that has a single tunnel destination.

Next Hop Resolution Protocol(NHRP):

  • NHRP is a layer 2 resolution protocol that dynamically maps a non broadcast multi access network or tunnel-to-physical interface address and works as Server/Client Model.
  • NHRP has two components: NH Client (NHC) and NH Server (NHS). The Hub router acts as server while the spoke routers act as the clients.  NHRP clients (spoke routers) send requests to the next hop server (hub router) to obtain the physical address of another spoke router.
  • The NHS maintains a special NHRP database with the public IP Addresses of all configured spokes.

DMVPN Phase 1

  • Hub is configured with mGRE tunnel and Spokes are configured with point-to-point GRE tunnel with the physical IP address of the HUB as the tunnel destination means DMVPN phase 1 reduce Hub configuration and also support dynamic/manual IP address scheme on spoke side.
  • Spoke-to-spoke communication has to go through the hub means no direct spoke to spoke communication which can lead bandwidth problem at Hub end.

what is difference between DMVPN phase 1 and GRE tunnel?

Topology:

Configuration as below:

Routing:

After enabling routing we can see that routers are exchanging routes with each other but eva-jpr-wr01 will not receive routes from eva-ggn-wr01 and vice versa due to EIGRP’s split horizon role therefore we have to disable split horizon on Hub location using below commands.
eva-bgl-hub-wr01(config)#int tunnel 1
eva-bgl-hub-wr01(config-if)#no ip split-horizon eigrp 1

please find the result as below after disabling split horizon on Hub:

Please have look at traceroute which prove that spokes will always go through the Hub.

 

DMVPN Phase 2

  • Point to multipoint communication between hub and spoke as well as spoke to spoke.
  • Spoke to spoke communication is triggered by spokes.
  • NHRP is required for registration to the Hub and spoke to spoke registration.
  • Route summarization and default route advertisement is NOT allowed to allow spoke to spoke routing
  • Next hop on spoke is always preserved by hub.
  • Spoke configuration for Phase 2: “tunnel mode gre multipoint”

DMVPN Phase 3

  • NHRP required for spoke registration to hub.
  • NHRP required for spoke-to-spoke resolution.
  • Spoke to spoke communication is achieved by the hub sending NHRP redirect messages back to source/spoke and a NHRP route of destination address.
  • Summarization and default route advertisement is allowed.
  • Hub and spoke configuration for phase 3:
    HUB: ip nhrp redirect
    SPOKE: ip nhrp shortcut

 

Leave a Reply

Your email address will not be published. Required fields are marked *

TOP
© 2017 evanetworktech. All rights reserved.
error: