DMVPN:
DMVPN comes to the rescue by providing same output while keeping a low cost, less configuration complexity and increase flexibility of the overall network design. In DMVPN, one device acts as a central part of whole VPN topology while remaining ones acts as a client to the central device for fetching information regarding VPN connection and destination address for intended connections. The Central device is known as the HUB while the remaining devices are called SPOKE. Normally headquarter edge device is configured as HUB while branch office’s device is configured as SPOKE.
Modes of Deployment:
DMVPN Hub and Spoke: Used for interconnecting headquarters with branch office. In this mode of deployment, traffic between branch offices flow through hub as there is not direct communication between different spokes. DMVPN Spoke to Spoke: Used for branch to branch direct communication. It should be noted that Hub-Spoke is initially generated. Full or partial mesh network will be created once traffic from one Spoke to some other spoke is generated. Members are defined as:
- DMVPN Hub / Next-Hop-Server (NHS)
- DMVPN Spokes / Next-Hop-Clients (NHC)
Benefits of using DMVPN:
Simplified HUB Configuration: Only one tunnel interface (MGRE) needs to be created. Dynamic IP Address Support For SPOKE Devices: SPOKE devices use NHRP protocol to make communication with other SPOKES, it is not mandatory to have static IP address on SPOKE. Lower Configuration and Administration. Option Security Implementation by using IPSEC. Independent from which model is implemented, DMVPN creation always involves the following components or control planes:
- mGRE Tunnels Next Hop Resolution Protocol based dynamic routing
- IPSec based mGRE tunnel protocol