Scribd Logo
Upload

Welcome to Scribd!

  • Clase 8. DMVPN

    Uploaded by

    krlosmafla
    7 views21 pages
    clase redes wan 8

    Original Title

    Clase 8. Dmvpn

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    clase redes wan 8

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views21 pages

    Clase 8. DMVPN

    Uploaded by

    krlosmafla
    clase redes wan 8

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    REDES WAN

    Tema 8. DMVPN

    Alberto Arellano A. Ing. Msc.


    aarellano@espoch.edu.ec
    CCNA CCNP - CCSP
    What is a DMVPN?
    When we have multiple branches connected to each other via
    INTERNET and we want secure communication, solution is SITE-SITE
    VPN. But site-site VPN configuration in full mesh connectivity is hard
    to configure maintain and troubleshoot. This problem is solved by
    DMVPN.

    Regional branch with


    a VPN enabled
    router
    What is a DMVNP?
    In DMVPN the HUB is a SERVER and the SPOKES are the CLIENTS.
    When client will boot up it will register itself with the server and create
    a static tunnel. When one SPOKE wants to communicate with others
    SPOKEs a dynamic tunnel is created automatically.
    DMVPN Operation

    Main benefit of using DMVPN:


    Better, scalable Hub-and-Spoke network design

    This enhanced ability also means reduced


    latency and optimized performance for
    traffic exchange between spoke sites
    Peering occurs linearly in IGP versus
    exponentially in full mesh
    E.g. 100 spokes = 100 IGP peers in DMVPN
    versus n(n-1/2), or 100*98/2 = 4,900 Full Mesh Peerings
    DMVPN Components

    DMVPN is broken down into a combination of


    these technologies:
    IPSec
    Generic Routing Encapsulation (GRE)
    Next-Hop Resolution Protocol (NHRP)
    Dynamic Routing Protocol (IGP)
    GRE
    Packets that are destined to the Tunnel
    interface are encapsulated in GRE, sent to the
    tunnel destination
    IP Protocol 47
    Transports packets across the Internet, even
    multicast packets
    Enables use of routing protocols.
    DMVPN uses multipoint GRE (mGRE) since no
    destination is specified in tunnel interface, only
    source
    GRE vs mGRE
    NHRP
    Next-hop Resolution Protocol
    Used by spokes to lookup outside addresses (next-hop) of other
    spokes
    The Hub acts as next-hop server (NHS), stores the table (Routing
    and NHRP)
    Implies that spokes must first query the hub before forming direct
    tunnel to each other
    One router will be the NHRP server.
    All other routers will be NHRP clients.
    NHRP clients register themselves with the NHRP server
    and report their public IP address.
    The NHRP server keeps track of all public IP addresses in
    its cache.
    When one router wants to tunnel something to another router, it
    will request the NHRP server for the public IP address of the
    other router.
    NHRP
    Next-hop Resolution Protocol
    NHRP
    Next-hop Resolution Protocol
    NHRP
    Next-hop Resolution Protocol
    DMVPN Example

    Tunnel mGRE address: 192.168.200.0/24


    Configure MAT Router
    Configure AG_1 Router
    Configure AG_2 Router
    Verifying and Testing the
    DMVPN Setup
    Verifying and Testing the
    DMVPN Setup
    Protect and Encrypt the
    Tunnel(s) with IPSEC
    Protect and Encrypt the
    Tunnel(s) with IPSEC
    Protect and Encrypt the
    Tunnel(s) with IPSEC
    Protect and Encrypt the
    Tunnel(s) with IPSEC

    You might also like