{"id":405,"date":"2017-09-29T15:13:29","date_gmt":"2017-09-29T13:13:29","guid":{"rendered":"http:\/\/www.quisted.net\/?p=405"},"modified":"2017-09-29T15:13:29","modified_gmt":"2017-09-29T13:13:29","slug":"dmvpn","status":"publish","type":"post","link":"https:\/\/www.quisted.net\/index.php\/2017\/09\/29\/dmvpn\/","title":{"rendered":"DMVPN"},"content":{"rendered":"<blockquote class=\"wp-embedded-content\" data-secret=\"hkeDgkZxbi\"><p><a href=\"http:\/\/www.quisted.net\/labs\/lab-iii-dmvpn\/\">LAB III ( DMVPN, MGRE, NHRP, EIGRP)<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" src=\"http:\/\/www.quisted.net\/labs\/lab-iii-dmvpn\/embed\/#?secret=hkeDgkZxbi\" data-secret=\"hkeDgkZxbi\" width=\"600\" height=\"338\" title=\"&#8220;LAB III ( DMVPN, MGRE, NHRP, EIGRP)&#8221; &#8212; CC&amp;P | CCDP\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<ul>\n<li>Point-to-multipoint layer 3 overlay VPN<\/li>\n<li>Logical hub and spoke topology<\/li>\n<li>Direct spoke to spoke is support<\/li>\n<\/ul>\n<p><strong>DMVPN uses a combination of:<\/strong><\/p>\n<ul>\n<li><span style=\"color: #008000;\"><em>Multipoint GRE tunnels (mGRE)<\/em><\/span><\/li>\n<li><span style=\"color: #008000;\"><em>Next Hop Resolution Protocol ( NHRP )<\/em><\/span><\/li>\n<li><span style=\"color: #008000;\"><em>IPsec Crypto Profiles<\/em><\/span><\/li>\n<li><span style=\"color: #008000;\"><em>Routing<\/em><\/span><\/li>\n<\/ul>\n<p><!--more--><\/p>\n<ul>\n<li><strong>Hub Router<\/strong>:\u00a0 Reachable via static, public IP address<\/li>\n<li><strong>Spoke Router:<\/strong> Reachable via static or dynamic public IP address<\/li>\n<li><strong>NHRP<\/strong>:\n<ul>\n<li>RFC 2332<\/li>\n<li>Layer-2 Resolution Protocol and Cache<\/li>\n<li>Used in DMVPN to map a peer&#8217;s tunnel IP address to that peer&#8217;s public address.<\/li>\n<li>NHRP can populate the NHRP cache via static or dynamic (like ARP).<\/li>\n<li>NHRP uses a registration request packet.<\/li>\n<\/ul>\n<\/li>\n<li><strong><span style=\"color: #ff6600;\">Phase-1<\/span><\/strong>\n<ul>\n<li>Hub and spoke only<\/li>\n<\/ul>\n<\/li>\n<li><strong><span style=\"color: #ff6600;\">Phase-2<\/span><\/strong>\n<ul>\n<li>Adds spoke-to-spoke capabilty<\/li>\n<li>Spoke routers must know all IP Routes of all other Spoke Routes<\/li>\n<\/ul>\n<\/li>\n<li><strong><span style=\"color: #ff6600;\">Phase-3<\/span><\/strong>\n<ul>\n<li>Hub allowed to summarize all routes from spokes<\/li>\n<li>Sets the next-hop of summarized routes to itself<\/li>\n<li>Hub can send NHRP redirect messages to Spokes.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Summary<\/strong><\/p>\n<ul>\n<li>Creates on demand tunnels between nodes<\/li>\n<li>Maintains tunnels based on traffic patterns<\/li>\n<li>Requires two IGPs: Underlaying and Overlay\n<ul>\n<li>For public routes<\/li>\n<li>For subnets from spokes<\/li>\n<\/ul>\n<\/li>\n<li>NHRP messages\n<ul>\n<li><strong>NHRP Registration Request<\/strong>\n<ul>\n<li>spokes register their NMBA and VPN IP to NHS<\/li>\n<li>Required to build spoke-to-hub tunnels<\/li>\n<\/ul>\n<\/li>\n<li><strong>NHRP Resolution Request<\/strong>\n<ul>\n<li>Spoke queries for the NBMA-to-VPN mappings of other spokes<\/li>\n<li>Required to build spoke-to-spoke tunnels<\/li>\n<\/ul>\n<\/li>\n<li><strong>NHRP Redirect<\/strong>\n<ul>\n<li>NHS Answer to a spoke-to-spoke data-plane packet through it<\/li>\n<li>Similar to IP redirects when packet in\/out interface is the same<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>LAB III ( DMVPN, MGRE, NHRP, EIGRP) Point-to-multipoint layer 3 overlay VPN Logical hub and spoke topology Direct spoke to spoke is support DMVPN uses a combination of: Multipoint GRE tunnels (mGRE) Next Hop Resolution Protocol ( NHRP ) IPsec Crypto Profiles Routing<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[8,11],"tags":[],"class_list":["post-405","post","type-post","status-publish","format-standard","hentry","category-route","category-various"],"_links":{"self":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/comments?post=405"}],"version-history":[{"count":0,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/405\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/media?parent=405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/categories?post=405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/tags?post=405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}