DMVPN – What is it?
DMVPN is considered to be an overlay hub and spoke technology that would be allowing an enterprise to connect its offices across an NBMA network. The most general implementations of DMVPN are being used as backup WAN connections over the internet. The main advantages that DMVPN could have is that spoke devices don’t need a static IP address as you would be typically having with another layer 2 WAN circuit alternatives like the frame-relay or ATM. Equally, Dynamic spoke-to-spoke traffic could be generated to prevent the action of hair-pin of a hub.
In order to complete this on Frame-relay or ATM, you would be required to purchase additional VCs or Virtual Circuits, in order to obtain full mesh connectivity. DMVPN could achieve this dynamically through a protocol which would be known as NHRP or Next Hop Resolution Protocol. As you would go through this article, DMVPN and where it would be fitting would become more apparent to you. A final note that must be iterated is that DMVPN is a considered to be routing technique and is NOT a feature of security. By default, any traffic that would be sent over DMVPN would be in the clear text since GRE would be utilized as the transport tunnel however this traffic could be referenced in an IPSec transform-set and could be encrypted if you wanted.
The best resource which you could use to learn the DMVPN would be by joining the training modules that are being offered by the SPOTO. Here are a few more details that you should know about the DMVPN:
NHRP – How does it work?
NHRP or Next Hop Resolution Protocol is considered to be the secret sauce if you would for DMVPN. It is what that would allow the dynamic spoke-to-spoke traffic flows and how spokes can have dynamically allocated addresses on the underlying topology. Basic point-to-point GRE would be required a tunnel destination to be specified so that routing to devices within the tunnel could occur. The problem with multipoint GRE is that these tunnel destinations could be different for each packet and consequently, some sort of protocol would be needed to map an NBMA address with the VPN address. Much like how in Frame-Relay or ATM they would require a mapping between an IP address as well as a DLCI number or VPI or VCI pair. NHRP would be able to solve this issue. In each DMVPN network, there would be at least one next hop server, NHS – Normally located on the hub, which would be receiving NHRP registration information that each spoke would send to the hub containing their dynamically allocated NBMA address as well as a VPN address. This is then used by the network so as to allow spoke-to-spoke traffic which would be flowing via NHRP Resolution Requests or normal hub and spoke communications.
DMVPN is quite flexible in it’s routing design and thus has been broken down into 3 phases of configurations. Each of which with slightly unique properties in routing would be able to meet your policy or design. If you wish to go through all the phases, it would be better to gain the hands-on practical knowledge, which you could either obtain through making your own lab or you could join some good training provider like the SPOTO, where you would be able to have all the hands-on practice on their virtual labs, which would help you out in going through all the topics that are going to be covered in your Cisco Lab Examinations.
Along with Cisco, SPOTO also provides you with lots of other certification programs, so visit them and gain the best training in your dream certifications getting involved the training provided by SPOTO.