DMVPN Tidbit

In this tidbit I want to cover an overview & general understanding of DMVPN (Dynamic Multipoint Virtual Private Network). Plain & simple DMVPN is a VPN technology that is used to connect several sites/branches/customers. The topology includes hub/s & spokes.


The DMVPN core components include:

  • GRE

  • IGP route protocol

  • NHRP

  • IPsec

With DMVPN there are 3 "phases". The overview of the phases are as follows:

  • Phase 1: In phase 1 this introduces the hub-spoke tunnel deployment. All spokes have a statically configured gre tunnel to the hub. This also means all traffic for spoke to spoke communication flows through the hub (not ideal). With phase1 there are no dynamic tunnels.

  • Phase 2: In phase 2 the major configuration changes are conducted on the spokes. Instead of a single static gre tunnel interfaces to the hub the configuration on the tunnel interface uses mGRE (multipoint GRE). Introducing this allows the spokes to spin up dynamic spoke to spoke tunnels (more ideal). Alleviating possible bandwidth or latency concerns due to all traffic traversing the hub while in phase1. The downside with phase 2 is that all spokes must receive specific routes for all remote spoke subnets. NHRP plays a crucial role.

  • Phase 3: With phase 3 spokes can build dynamic spoke to spoke tunnels using NHRP traffic indication messages from the hub that essentially tell the originating spoke that a better path exists to reach the destination. The major configuration changes here include enabled nhpr redirect (#ip nhrp redirect) on the hub AND nhrp shortcut on the spokes (#ip nhrp shortcut). The redirect command tells the hub to send NHRP traffic indication messages & the shortcut command tells the spokes to accept the redirects and install the shortcut route.

Stay tuned for more DMVPN posts to come. Cheers!

0 comments

Recent Posts

See All

Email Security - S/MIME Tidbit

So it has definitely been a minute since I produced a tidbit. Lately I have been investing personal time into email security. The topics that I have covered thus far are in no particular order, but

November 21 Update Tidbit

Sharing some quick personal news as well as an update with where my head is currently at. I recently invested most of my time with VPNs the last couple of months. So I finally decided to take a stab

Personal Tidbit - Oct 2021

Sharing some exciting news. I recently participated in a Cisco Championship Content competition, & actually claimed first place! Pretty excited to receive the news since I frequently spend time on Ci