Thursday, September 4, 2014

DMVPN - Overview

DMVPN Overview

DMVPN is a dynamic GRE tunnel VPN that allows for point to multipoint communication between hub and spoke devices. DMVPN can be deployed in three different phases. Each phase providing additional features and capabilities.

  • Phase 1
  • Phase 2
  • Phase 3

Currently Phase 1 and 2 are considered obsolete but should be understood for the CCIE lab exam. Unlike P2P GRE tunnels, DMVPN allows for the dynamic creation and addressing of multiple tunnels from hub to spoke and even spoke to spoke in the later versions.

DMVPN relies on two basic technologies

  • Next Hop Resolution Protocol (NHRP): Creates a distributed (NHRP) mapping database of all the spoke tunnels to real (public interface addresses).
  • Multipoint GRE Tunnel Interface: Single GRE interface to support multiple GRE and IPsec tunnels; simplifies size and complexity of configuration.


Definitions 

  • Overlay network = GRE encapsulated traffic / Tunnel traffic
  • Underlay network = Un-Encapsulated traffic / public or NBMA network


DMVPN Phase 1 attributes

  • Basic point to multipoint communication between hub and spokes.
  • Each spoke manually creates a P2P GRE tunnel back to the hub
  • No spoke to spoke tunnels allowed
  • Spoke configuration for Phase 1:
    • Tunnel destination NBMA_HUB_ADDRESS (underlay network)
  • Route summarization and default route advertisement is allowed
  • NHRP is still needed for spoke registration with the hub
  • Next hop is always changed to the Hub overlay address



DMVPN Phase 2 attributes

  • Point to multipoint communication between hub and spoke as well as spoke to spoke.
  • Spoke to spoke communication is triggered by spokes
  • NHRP is required for registration to the Hub.
  • NHRP is required for spoke to spoke registration
  • Route summarization and default route advertisement is NOT allowed to allow spoke to spoke routing
  • Next hop on spoke is always preserved by hub
  • Spoke configuration for Phase 2:
    • Tunnel mode gre multipoint
  
DMVPN phase 3 attributes


  • NHRP required for spoke registration to hub
  • NHRP required for spoke-to-spoke resolution
  • Spoke to spoke communication is achieved by the hub sending NHRP redirect messages back to source/spoke and a NHRP route of destination address
  • Summarization and default route advertisement is allowed
  • Hub and spoke configuration for phase 3:
    • HUB: ip nhrp redirect
    • SPOKE: ip nhrp shortcut



In another post I will review how to configure DMVPN for each phase and review some of the more common routing issues and caveats related to IGP routing designs

Posted by on No comments:
Labels: ,
Subscribe to: Posts (Atom)