Introduction of DMVPN

 Now we hear a word “DMVPN” more and more often, then what is “DMVPN” and what is the advantages DMVPN owning? Here we give a brief introduction of DMVPN.

DMVPN (Dynamic Multipoint VPN) is a routing technique we can use to build a VPN network with multiple sites without having to statically configure all devices. It’s a “hub and spoke” network where the spokes will be able to communicate with each other directly without having to go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice for connecting different sites using regular Internet connections. It’s a great backup or alternative to private networks like MPLS VPN.

There are 2 important pieces to the DMVPN puzzle:

• Multipoint GRE
• NHRP (Next Hop Resolution Protocol)

Let me explain these 2 topics…

1.Multipoint GRE

Our “regular” GRE tunnels are point-to-point and don’t scale well. For example, let’s say we have a company network with some sites that we want to connect to each other using regular Internet connections:

Above we have one router that represents the HQ and there are four branch offices. Let’s say that we have the following requirements:

• Each branch office has to be connected to the HQ.
• Traffic between Branch 1 and Branch 2 has to be tunneled directly.
• Traffic between Branch 3 and Branch 4 has to be tunneled directly.

To accomplish this we will have to configure a bunch of GRE tunnels which will look like this:

2.NHRP (Next Hop Resolution Protocol)

We need something that helps our branch1 router figure out what the public IP address is of the branch2 router, we do this with a protocol called NHRP (Next Hop Resolution Protocol). Here’s an explanation of how NHRP works:

• One router will be the NHRP server.
• All other routers will be NHRP clients.
• NHRP clients register themselves with the NHRP server and report their public IP address.
• The NHRP server keeps track of all public IP addresses in its  cache.
• When one router wants to tunnel something to another router, it will request the NHRP server for the public IP address of the other router.

Since NHRP uses this server and clients model, it makes sense to use a hub and spoke topology for multipoint GRE. Our hub router will be the NHRP server and all other routers will be the spokes.

Here’s an an illustration of how NHRP works with multipoint GRE:

Above we have two spoke routers (NHRP clients) which establish a tunnel to the hub router. Later once we look at the configurations you will see that the destination IP address of the hub router will be statically configured on the spoke routers. The hub router will dynamically accept spoke routers. The routers will use a NHRP registration request message to register their public IP addresses to the hub.

The hub, our NHRP server will create a mapping between the public IP addresses and the IP addresses of the tunnel interfaces.

A few seconds later, spoke1 decides that it wants to send something to spoke2. It needs to figure out the destination public IP address of spoke2 so it will send a NHRP resolution request, asking the Hub router what the public IP address of spoke 2 is.

DMVPN is new tech and we need more time and know well about it. It will become more and more popular in the router’s applications.

E-Lins is also study and developing DMVPN and plan to add this feature in E-Lins’ series routers.

Visit E-Lins Technology for more information.