DMVPN
   HOME

TheInfoList



Click Here for Items Related To - DMVPN
OR:
DMVPN on:   [Wikipedia]   [Google]   [Amazon]

Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a
virtual private network Virtual private network (VPN) is a network architecture for virtually extending a private network (i.e. any computer network which is not the public Internet) across one or multiple other networks which are either untrusted (as they are not con ...
(VPN) supported on
Cisco IOS The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems Cisco Systems, Inc. (using the trademark Cisco) is an American ...
-based routers, and Huawei AR G3 routers, and on
Unix Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
-like operating systems.


Process

DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including IPsec (Internet Protocol Security) and
ISAKMP Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing security association (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication a ...
(Internet Security Association and Key Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks.


Technologies

* Next Hop Resolution Protocol, * An IP-based routing protocol,
EIGRP Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary pr ...
,
OSPF Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous sys ...
, RIPv2,
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
or ODR (DMVPN hub-and-spoke only). * Generic Routing Encapsulation (GRE), , or multipoint GRE if spoke-to-spoke tunnels are desired * IPsec (Internet Protocol Security) using an IPsec profile, which is associated with a virtual tunnel interface in IOS software. All traffic sent via the tunnel is
encrypted In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plain ...
per the policy configured (IPsec transform set) ;Internal routing
Routing protocol A routing protocol specifies how routers communicate with each other to distribute information that enables them to select paths between nodes on a computer network. Routers perform the traffic directing functions on the Internet; data packet ...
s such as
OSPF Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous sys ...
, EIGRP v1 or v2 or
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
are generally run between the hub and spoke to allow for growth and scalability. Both
EIGRP Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary pr ...
and BGP allow a higher number of supported spokes per hub. ;Encryption As with GRE tunnels, DMVPN allows for several
encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
schemes (including none) for the encryption of data traversing the tunnels. For security reasons Cisco recommend that customers use AES.DMVPN Design Guide: Best Practices and Known Limitations
/ref> ;Phases DMVPN has three phases that route data differently. * Phase 1: All traffic flows from spokes to and through the hub. * Phase 2: Start with Phase 1 then allows spoke-to-spoke tunnels based on demand and triggers. * Phase 3: Starts with Phase 1 and improves scalability of and has fewer restrictions than Phase 2.


References


External links


Cisco DMVPNDatacenter Proxies
{{VPN Cisco protocols Network architecture Virtual private networks