- Point to Multi-point Layer 3 overLay VPN
- Logical hub and spoke topology
- Direct spoke to spoke traffic is supported
- DMVPN uses a combination of
- Multipoint GRE tunnels (mGRE)
- Next Hop Resolution Protocol (NHRP)
- IPSec Crypto Profiles
- Independent of SP access method
- Only requirement is IP connectivity
- Routing policy is not dicitated by SP
- MPLS L3 VPN restrictions (E.g)
- Highly scalable
- If properly designed
- mGRE(Multipoint GRE Tunnnels)
- Next Hop Resolution Protocol (NHRP)
- IPsec Crypto Profiles
- Routing
- initial tunnel-mesh is hub-and-spoke (always on)
- Traffic patterns trigger spoke to spoke tunnels
- Solves management scalability problem
- Spoke-to spoke tunnel is on-demand
- Spoke-to spoke tunnel lifetime is based on traffic
- IPv4/IPv6 supported for both passenger and transport
- Two main components
- DMVPN Hub/NHRP Server (NHS)
- DMVPN Spokes /NHRP Clients (NHC)
- Spokes manually specify Hub's address
- Sent via NHRP registeration request
- Hub dynamically learns Spokes' VPN address & NBMA address
- Exchange IGP routing information over the tunnel
- Learns via tunnel to Hub
- Next-hop is spoke2's VPN IP for DMVPN phase 2
- Next-hop is Hub's VPN IP for DMVPN phase 3
- Maps next-hop (VPN) Ip to tunnel source (NBMA) IP
- Send via NHRP resolution request
- Hub only used for control plane exchange
- Spoke-to-spoke data plane may flow through hub initially
- NHRP Registration Request
- Spoke register their NBMA and VPN IP to NHS
- Required to build the spoke to hub tunnels
- NHRP Resolution Request
- Spoke queries for the NBMA-to-VPN mappings of other spokes
- Required to build spoke-to-spoke tunnels
- NHRP Redirect
- NHS answer to a spoke-to-spoke data-plane packet through it
- Similar to IP redirects, when packet in/out interface is the same
- Used only in DMVPN Phase 3 to build spoke-to-spoke tunnels
REFERENCE
No comments:
Post a Comment