• What is it?
    • Point to multipoint Layer 3 overlay VPN
      • Logical hub and spoke.
      • Direct spoke to spoke supported.
    • Uses combination of the following:
      • Multipoint GRE Tunnels
      • Next Hop Resolution Protocol
      • IPSEC Crypto Profiles
      • Routing
  • Why?
    • Independent of SP access method
      • Only requirement is IP connectivity
      • Can be used with different types of WAN connectivity
    • Routing policy not dictated by SP.
      • E.g MPLS L3VPN restrictions
    • Highly scalable
      • If properly designed.
  • How?
    • Allows on-demand full mesh IPSEC tunnels with minimal configuration.
      • mGRE
      • NHRP
      • IPSEC Profiles
      • Routing
    • Reduces need for amount of tunnels required for full mesh.
      • Uses one mGRE interface for all connections.
      • Tunnels are created on-demand between nodes.
      • Encryption is optional.
        • Almost always used.
    • On demand tunnels between nodes.
      • Initial tunnel-mesh is hub and spoke (always on)
      • Traffic patterns trigger spoke to spoke.
      • Solves management scalability.
    • Maintains tunnels based on traffic patterns.
      • Spoke to spoke on demand.
      • spoke to spoke lifetime based on traffic.
    • Requires 2 IGPs
      • Underlay and overlay.
      • IPv4 and IPv6 supported for both passenger and transport.
    • Main components
      • Hub/NHRP Server (NHS)
      • Spokes/NHRP Clients (NHS)
    • Spokes/Clients register with Hub/Server
      • Spokes manually specify Hub’s address
      • Sent via NHRP Registration Request
      • Hub dynamically learns spokes’ VPN address and NBMA address.
    • Spokes establish tunnels to hub
      • Exchange IGP routing info over tunnel.
  • Spoke 1 knows Spoke2’s routes via IGP.
    • Learned via tunnel to hub
    • Next-hop is spoke2’s VPN IP for DMVPN Phase 2.
    • Next-hop is hub’s VPN IP for DMVPN Phase 3.
  • Spoke 1 asks for Spoke2’s real address
    • Maps next-hop (VPN) IP to tunnel source (NBMA) IP
    • Sent via NHRP Resolution.
  • Spoke to Spoke tunnel is formed
    • Hub only used for control plane exchange
    • Spoke to spoke data plane may flow through hub initially.
  • NHRP Messages
    • Registration Request
      • Spokes register their NBMA and VPN IP to NHS
      • Required to build the spoke to hub tunnels.
    • NHRP Resolution Request
      • Spoke queries for the NBMA-to-VPN mappings of other spokes.
      • Required to build spoke to spoke tunnels
    • NHRP Redirect
      • NHS answer to a spoke to spoke data plane packet through it.
      • Similar to IP redirects when packet in/out is same.
      • Used only in DMVPN Phase 3 to build spoke to spoke tunnels.
        • Go to next hop for spoke to spoke.

Published by Yup2k

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s