Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

6 week online course

reserve a seat
back to overview

DMVPN Phase 2 Fundamentals

Continuing with the DMVPN Fundamentals series, the following video explains the DMVPN Phase 2 fundamentals and detailed spoke-to-spoke packet flow with dynamic NHRP resolution and IPSec session establishment. Before watching it, you might want to read the “Sometimes you need to step back and change your design” article and watch the Phase 1 Fundamentals video.

Let’s summarize:

  • Phase 2 DMVPN uses multipoint GRE tunnels on all routers.
  • NHRP is used for dynamic spoke registrations (like with Phase 1 DMVPN), but also for on-demand resolution of spoke transport addresses.
  • Traffic between the spokes initially flows through the hub router until NHRP resolves the remote spoke transport IP address and IKE establishes the IPSec session with it.
  • The IP next-hop address for any prefix reachable over DMVPN must be the egress router (hub or spoke). From the routing perspective, Phase 2 DMVPN subnet should behave like a LAN.
  • Multicast packets (including routing protocol hello packets and routing updates) are exchanged only between the hub and the spoke routers.
  • Routing adjacencies are established only between the hub and the spoke routers unless you use statically-configured neighbors.

More information

The Phase 2 DMVPN section of the DMVPN: from Basics to Scalable Networks webinar (register here or buy a recording) also includes the following topics:

  • Spoke and hub router configuration;
  • Routing protocol configuration, including OSPF, EIGRP and BGP;
  • DMVPN redundancy and shared IPSec tunnel protection;
  • Monitoring and troubleshooting guidelines.

No comments:

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Sidebar