DMVPN

LAB III ( DMVPN, MGRE, NHRP, EIGRP)

• Point-to-multipoint layer 3 overlay VPN
• Logical hub and spoke topology
• Direct spoke to spoke is support

DMVPN uses a combination of:

• Multipoint GRE tunnels (mGRE)
• Next Hop Resolution Protocol ( NHRP )
• IPsec Crypto Profiles
• Routing

• Hub Router:  Reachable via static, public IP address
• Spoke Router: Reachable via static or dynamic public IP address
• NHRP:
  • RFC 2332
  • Layer-2 Resolution Protocol and Cache
  • Used in DMVPN to map a peer’s tunnel IP address to that peer’s public address.
  • NHRP can populate the NHRP cache via static or dynamic (like ARP).
  • NHRP uses a registration request packet.
• Phase-1
  • Hub and spoke only
• Phase-2
  • Adds spoke-to-spoke capabilty
  • Spoke routers must know all IP Routes of all other Spoke Routes
• Phase-3
  • Hub allowed to summarize all routes from spokes
  • Sets the next-hop of summarized routes to itself
  • Hub can send NHRP redirect messages to Spokes.

Summary

• Creates on demand tunnels between nodes
• Maintains tunnels based on traffic patterns
• Requires two IGPs: Underlaying and Overlay
  • For public routes
  • For subnets from spokes
• NHRP messages
  • NHRP Registration Request
    • spokes register their NMBA and VPN IP to NHS
    • Required to build spoke-to-hub tunnels
  • NHRP Resolution Request
    • Spoke queries for the NBMA-to-VPN mappings of other spokes
    • Required to build spoke-to-spoke tunnels
  • NHRP Redirect
    • NHS Answer to a spoke-to-spoke data-plane packet through it
    • Similar to IP redirects when packet in/out interface is the same