What is DMVPN
The DMVPN solution uses
Multi point GRE (mGRE) and Next Hop Resolution Protocol
(NHRP),A DMVPN is a Secure network that exchange data between
sites without needing to pass traffic through an
organisation headquarters's private network server or routers
DMVPN relies on two
proven technologies:
Next Hop Resolution Protocol (NHRP): Creates a distributed
(NHRP) mapping database of all the spoke tunnels to real
(public interface) addresses
Multipoint GRE Tunnel Interface: Single GRE interface to
support multiple GRE and IPsec tunnels; simplifies size and
complexity of configuration
Next Hop Resolution Protocol (NHRP):
Creates a distributed
(NHRP) mapping database of all the spoke tunnels to real (public
interface) addresses.
Multipoint GRE Tunnel
Interface: Single GRE interface to support multiple GRE and IPsec
tunnels; simplifies size and complexity of configuration
The DMVPN solution uses Multi point GRE (mGRE) and Next Hop Resolution Protocol (NHRP),A DMVPN is a Secure network that exchange data between sites without needing to pass traffic through an organisation headquarters's private network server or routers
DMVPN relies on two proven technologies:
(NHRP) mapping database of all the spoke tunnels to real
(public interface) addresses
Multipoint GRE Tunnel Interface: Single GRE interface to
support multiple GRE and IPsec tunnels; simplifies size and
complexity of configuration
Multipoint GRE Tunnel Interface: Single GRE interface to support multiple GRE and IPsec tunnels; simplifies size and complexity of configuration
DMVPN Components:
NHRP
NHRP registration
Spoke dynamically registers its mapping with NHS
Supports spokes with dynamic NBMA addresses or NAT
NHRP resolutions and redirects
Supports building dynamic spoke-to-spoke tunnels
Control and IP Multicast traffic still through hub
Unicast data traffic direct; reduced load on hub routers
DMVPN Components:Multipoint GRE Tunnels
Single tunnel interface (multipoint)
Non-Broadcast Multi-Access (NBMA) network
Smaller hub configuration
Multicast and broadcast support
Dynamic tunnel destination
Next Hop Resolution Protocol (NHRP)
VPN IP-to-NBMA IP address mapping
Short-cut forwarding
Direct support for dynamic addresses and NAT
NETWORK DESIGN
(1)Hub-and-spoke
Spoke-to-spoke traffic through hub; requires about the same
number of tunnels as spokes
– Hub bandwidth and CPU limit VPN
– Server Load Balancing: Many “identical” hubs increase
CPU power; spoke-to-spoke design under consideration
(2)Spoke-to-spoke: Dynamic spoke-to-spoke tunnels
Control traffic: Hub-and-spoke; hub to hub
– Hub-and-spoke single-layer
– Hierarchical hub-and-spoke layers
Unicast data traffic: Dynamic mesh
– Spoke routers support spoke-to-hub and spoke-to-spoke tunnels
Number of tunnels falls between the number of spokes n and n2
where n is the number of spokes (full-mesh)
LAB SESSION :
OBJECTIVE : SPOKE 1 and SPOKE 2 Will directly communicate with each other. NHRP protocol will dynamically discovered the route
TOPOLOGY
R1 CONFIGURATION
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
no shutdown
interface Serial1/0
ip address 50.10.1.2 255.255.255.252
no ip split-horizon
no shutdown
interface Tunnel0
ip address 192.168.1.1 255.255.255.248
no ip redirects
ip nhrp authentication aosl
ip nhrp map multicast dynamic
ip nhrp network-id 1
no ip split-horizon
tunnel source Serial1/0
tunnel mode gre multipoint
tunnel key 1234
router rip
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 50.10.1.1
R2: ISP CONFIGURATION
interface Serial1/0
ip address 50.10.1.1 255.255.255.252
no shutdown
interface Serial1/1
ip address 50.10.1.9 255.255.255.252
no shutdown
interface Serial1/2
ip address 50.10.1.5 255.255.255.252
no shutdown
R3 CONFIGURATION
DMVPN Components:
NHRP
NHRP registration
Spoke dynamically registers its mapping with NHSSupports spokes with dynamic NBMA addresses or NAT
NHRP resolutions and redirects
Supports building dynamic spoke-to-spoke tunnels
Control and IP Multicast traffic still through hub
Unicast data traffic direct; reduced load on hub routers
DMVPN Components:Multipoint GRE Tunnels
Single tunnel interface (multipoint)
Non-Broadcast Multi-Access (NBMA) network
Smaller hub configuration
Multicast and broadcast support
Dynamic tunnel destination
Next Hop Resolution Protocol (NHRP)
VPN IP-to-NBMA IP address mapping
Short-cut forwarding
Direct support for dynamic addresses and NAT
NETWORK DESIGN
(1)Hub-and-spoke
Spoke-to-spoke traffic through hub; requires about the same
number of tunnels as spokes
– Hub bandwidth and CPU limit VPN
– Server Load Balancing: Many “identical” hubs increase
CPU power; spoke-to-spoke design under consideration
(2)Spoke-to-spoke: Dynamic spoke-to-spoke tunnels
Control traffic: Hub-and-spoke; hub to hub
– Hub-and-spoke single-layer
– Hierarchical hub-and-spoke layers
Unicast data traffic: Dynamic mesh
– Spoke routers support spoke-to-hub and spoke-to-spoke tunnels
Number of tunnels falls between the number of spokes n and n2
where n is the number of spokes (full-mesh)
nterface FastEthernet0/0
ip address 10.1.3.1 255.255.255.0
no shutdown
interface Serial1/0
ip address 50.10.1.10 255.255.255.252
no shutdown
interface Tunnel0
ip address 192.168.1.3 255.255.255.248
no ip redirects
ip nhrp authentication aosl
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 50.10.1.2
ip nhrp map multicast 50.10.1.2
ip nhrp network-id 1
ip nhrp nhs 192.168.1.1
no ip split-horizon
tunnel source Serial1/0
tunnel mode gre multipoint
tunnel key 1234
router rip
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 50.10.1.9
R4 CONFIGURATION
interface FastEthernet0/0
ip address 10.1.2.1 255.255.255.0
no shutdown
interface Serial1/0
ip address 50.10.1.6 255.255.255.252
no shutdown
interface Tunnel0
ip address 192.168.1.2 255.255.255.248
no ip redirects
ip nhrp authentication aosl
ip nhrp map multicast dynamic
ip nhrp map 192.168.1.1 50.10.1.2
ip nhrp map multicast 50.10.1.2
ip nhrp network-id 1
ip nhrp nhs 192.168.1.1
no ip split-horizon
tunnel source Serial1/0
tunnel mode gre multipoint
tunnel key 1234
router rip
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 50.10.1.5
Out put To Veryfy the DMPVN :
Go to R3 Console and
R3#ping 10.1.2.1
192.168.1.2/32 via 192.168.1.2, Tunnel0 created 22:36:56, expire 01:50:45
Type: dynamic, Flags: router nat
NBMA address: 50.10.1.6
192.168.1.3/32 via 192.168.1.3, Tunnel0 created 22:36:55, expire 01:58:03
Type: dynamic, Flags: unique nat registered
NBMA address: 50.10.1.10
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 50.10.1.9
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
Go to R3 Console and
R3#ping 10.1.2.1
192.168.1.2/32 via 192.168.1.2, Tunnel0 created 22:36:56, expire 01:50:45
Type: dynamic, Flags: router nat
NBMA address: 50.10.1.6
192.168.1.3/32 via 192.168.1.3, Tunnel0 created 22:36:55, expire 01:58:03
Type: dynamic, Flags: unique nat registered
NBMA address: 50.10.1.10
No comments:
Post a Comment