As I’m currently preparing for Cisco CCIE R&S Written exam I’d like to share some information on the subject of DMVPN (Dynamic Multipoint Virtual Private Network) as this is one of the new topics added to the Cisco CCIE R&S blueprint (on the written and lab exams). You only have to know about the single-hub toplogy, but it’s also not very difficult to do a dual-hub dual-cloud topology.
What is DMVPN?
DMVPN is a VPN which uses dynamic tunnels, this means that on the hub only 1 tunnel is needed to connect all the different spokes to the hub (so no more configuring an IPSEC-tunnel for each site you want to connect). It even automatically forms spoke-to-spoke tunnels on demand, so spoke-to-spoke traffic does not need traverse the hub. Another advantage in my opinion that it is very easy to setup and a very stable solution.
DMVPN is based on:
- mGRE (Multipoint Generic Routing Encapsulation)
- NHRP (Next Hop Resolution Protocol)
- a Dynamic Routing Protocol (EIGRP, OSPF, BGP)
- IPSEC (optional)