Dynamic Multipoint VPN (DMVPN)

blog » tags » DMVPN

DMVPN is an old1 Cisco-proprietary technology that combines NHRP, IPsec, IKEv2 and multipoint GRE tunnels to build dynamically-provisioned multi-access VPNs.

The easiest way to master DMVPN is to watch the ipSpace.net DMVPN webinars, and every now and then someone still finds them somewhat useful:

I also wrote dozens of DMVPN-related blog posts. Hope you’ll enjoy them!

The Basics

DMVPN always relies on a hub-and-spoke topology, but enables direct communication between spokes (Phase-2 DMVPN) and simplified routing with NHRP redirects (Phase-3 DMVPN).

Routing Protocols in DMVPN Networks

Routing protocols face significant challenges in DMVPN networks due to very large number of directly-connected neighbors, with EIGRP faring better than OSPF, and BGP being the only viable solution in deployments with a very large hub-to-spoke ratio.

Typical DMVPN Designs

DMVPN Deployment Guidelines

Integration with Other Network Technologies

DMVPN Alternatives

Quirks and Implementation Details

I wrote numerous blog posts documenting DMVPN quirks while preparing the materials for the DMVPN webinars. Most of these blog posts were written in early 2010s and might no longer be relevant.


  1. As in: created around 2010. For more details, listen to the History of DMVPN with Mike Sullenberger↩︎

Sidebar