Comparison of the three stages of DMVPN

DMVPN is a common technology used by enterprises to deploy VPNs on the Internet. It is most suitable for deployment in the Hub-Spoke structure. It mainly uses the combination of mGRE, NHRP and IPsec to provide dynamic multipoint and security functions. DMVPN is also the knowledge point of EI CCIE.


There are three stages in the development process of DMVPN. Let's discuss it below.

Phase 1 (Phase 1) is as follows:


In Phase 1, the Hub uses mGRE, the Spoke uses P2P GRE, and the Hub and all Spokes use the same network segment. In this case, Spoke cannot access each other directly through Spoke, and must first go through the Hub.

If you run the routing protocol in Phase 1, you must ensure that the Hub side is used as the next hop for Spoke to access other Spoke routes. If you use EIGRP, you need to turn off the split horizon at the Hub side; if you use OSPF, you need to use a point-to-multipoint network interface in the Hub Type; if using BGP, eBGP is recommended.

The main problem in Phase 1 is that the Spoke end cannot directly access the Spoke end, and must pass through the Hub end, which creates a sub-optimal path and increases delay, so the DMVPN was improved in Phase 2 as shown below:


In phase two, both Hub and Spoke are configured with mGRE so that Spoke can automatically establish tunnels to other Spokes.

If you want to achieve direct communication between Spokes in Phase 2, you need to adjust the parameters of the routing protocol to ensure that Spoke A learns the routing of Spoke B, and the next hop is not on the Hub but on Spoke B, so that Spoke A can be established directly. Go to the other Spoke's tunnel.

If you use EIGRP, you need to turn off not only split horizon, but also disable next-hop self on the Hub side; if you use OSPF, you need to use the broadcast interface network type, and ensure that the Hub side is DR, all The Spoke end of the port should be configured with a priority of 0; when using BGP, use next-hop-unchanged in iBGP or eBGP.

After running the second stage of DMVPN, you will find that the problem of the second stage is that the Hub side cannot be summarized because the next hop of the summarized route is on the Hub. Then, if Spoke goes to Spoke, it will first send a packet to the Hub side The second best path increases the delay.

Therefore, the third stage of DMVPN has been improved, as shown below:


In phase three, there is also the function of phase two, which is to support the direct tunnel between Spoke and Spoke, but instead of using the routing protocol to solve the problem of Spoke learning the next hop of other Spoke routes, it uses NHRP redirection to solve .

When Spoke1 wants to access Spoke2's route, if the next hop is on Hub, the first packet will be sent to Hub, Hub will forward the packet to Spoke2, and at the same time it will send a NHRP redirect message to Spoke1, Spoke1 received After that, it will store the redirect message and send NHRP query message to Spoke2. Spoke2 will store the information of Spoke1 after receiving the NHRP query. A tunnel will be automatically established between Spoke1 and Spoke2. Hub.

The advantage of this optimization is that Spoke learns that the next hop of other Spoke routes does not need to be on Spoke, so the Hub can only send the summary route and the default route to the Spoke end, which can solve the scalability problem of Phase 2.

When running the routing protocol in phase three, it is not necessary to retain the next hop information, EIGRP can be turned off horizontal splitting; OSPF runs P2MP interface network type, broadcast is not required.

Summarize the three stages of DMVPN:

Phase one: Hub configures mGRE, Spoke end configures P2P GRE, there is no direct tunnel from Spoke to Spoke;

Phase 2: All Hub and Spoke terminals are configured with mGRE, and the routing protocol is used to solve the problem of Spoke learning the next hop of Spoke routing;

Phase three: mGRE is configured on both Hub and Spoke ends, and NHRP is used to solve the next hop resolution problem, so that the Hub end can summarize routes and solve the scalability problem.

The above is the news sharing from the PASSHOT. I hope it can be inspired you. If you think today' s content is not too bad, you are welcome to share it with other friends. There are more latest Linux dumps, CCNA 200-301 dumpsCCNP Written dumps and CCIE Written dumps waiting for you.

Comments

Post a Comment

Popular posts from this blog

What is proxy communication?

Image
Is it correct to understand the working level of forward proxy reverse proxy transparent proxy? Forward proxy and reverse proxy (application load balancing, some NG reverse proxy) can be understood as a man-in-the-middle mode. At the same time, both ends establish a TCP connection, and then the man-in-the-middle performs TCP connection between the two ends. Can a transparent proxy be understood as a simple and crude "hijacking" of a passing data packet, without splitting the complete TCP connection into two independent segments. So, in this sense, this kind of transparent proxy is similar to the working hierarchy of NAT devices? Preface I once saw a person write tens of thousands of words to answer a question, and read it after three days. Shocked, what is all this for? These words can produce a book, and it is also a reward for your hard work. However, I think the man has always been happy, but there is no doubt that his reputation (Reputation) is in full swin
Read more

How to choose Cisco dumps?

Image
In this era of lack of trust between people, if you want to buy one thing, in addition to buying on a platform such as a regular platform, such as Amazon. Do you still believe in other self-built platforms? I believe many people have the experience of being cheated. lowest The means of defrauding money is: Your good friend comes to borrow money from you, and you have a relationship card with you so that you can lend him money. At this time, according to the normal person’s thinking, this friend has known me for many years that he might not take the money away. Note that it is often the same idea that gives others the opportunity to owe money. If the amount borrowed is not high, then it is okay. Once the amount you borrowed is too large, you should be careful and your money may not be returned! Back to the topic, in this era of lack of trust, how to choose the Cisco dumps have become an important topic. First, when you buy it depends on whether the website's URL link is https
Read more

What are CCNP Data Center jobs in Dubai?

Image
  What are CCNP Data Center jobs in Dubai? Over the last few years, Cisco accreditations have gotten popular astonishingly. Undoubtedly, Cisco certifications would be deemed the outright most necessary certificates in the field of computer system networking. About Cisco certifications, there would be an extensive range of choices. To help your career and assist you in opening brand-new doors in your career, you need the ideal accreditations. Cisco introduced its primary certification program in 1998. The essential idea behind the accreditations was to supplement the CCIE or Cisco Certified Internetwork Expert program. Cisco would have extended its qualifications and supplies lots of certifications for experts of all experience levels from that point forward. CCNP Overview: CCNP or Cisco Certified Network Professional is considered the certification available for IT specialists with one year of expert experience in computer system networking. A diploma or equivalent in a significant fie
Read more