Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
3
Helpful
6
Replies

DMVPN Confusion

Ahmed Mukhtar
Level 1
Level 1

‎11-01-2014 02:28 AM - edited ‎02-21-2020 07:54 PM

Hello,

I have a little confustion about DMVPN phase 2, In Phase 2 you can enable 2 spokes to communicate directly to each other...Ok fine BUT We have the same Physical Topology i.e The Hub and Spoke Topology, So we still have to pass through the Hub right? so whats the point in using the Phase 2 then ?? and how come it reduces burden on the HUB? it still does have to proccess all the packets b/w the 2 Spokes.!

 

Please do clarify thank you

Labels:
0 Helpful
6 Replies 6

David_Che
Level 1
Level 1

‎11-01-2014 04:21 AM

In phase 1, spoke can only setup protected tunnel with hub, so the traffic between spokes will be directed to hub to decryption, then be delivered to destination spoke by encryption again.

In phase 2,  two spoke can dynamically setup protected tunnel between them, so the traffic between them will be delivered to hub by encryption to hub when each spoke has only physical connection with hub, however the hub don't need to decode this encrypted packet, it just forward this packet as other ip packet.

In most of DMVPN deployment scenarios, both hub and spoke are connected to internet, so the scenario you mentioned is very rare.

 

0 Helpful

Ahmed Mukhtar
Level 1
Level 1
In response to David_Che

‎11-01-2014 04:31 AM

Very well said sir, I had exactly the same thing in mind, actually iam dealing this kind of a project so needed to know what the clients are trying to acomplish, 

And another issue is that they are also using # ip nhrp Shortcut on spokes, They have a HUB and spoke toplogy over the MPLS cloud, i think this is phase 3 DMVPN, but can you explain why this command is there & what does it do?

0 Helpful

agumeniuc
Level 1
Level 1

‎11-01-2014 04:24 AM

Hi,

Using phase 2, spoke needs to communicate once with the Hub router to get nhrp record for the spoke it would like to communicate to. If you perform a traceroute between the spokes with phase 1 and phase 2 you will see the difference between the packetflows.

If you have static IPs on all routers, you can map nhrp records on all hosts and have no hub topology with full-mesh.

Ahmed Mukhtar
Level 1
Level 1
In response to agumeniuc

‎11-01-2014 04:33 AM

Thank You sir for your response, its been quite helpful, and they are using a Hub and spoke topology  over MPLS so it cant be full mesh as its not connected over the internet cloud

 

0 Helpful

David_Che
Level 1
Level 1
In response to Ahmed Mukhtar

‎11-01-2014 04:51 AM

If each site is connected over MPLS and the traffic need to be protected, GETVPN is better solution than DMVPN

0 Helpful

Ahmed Mukhtar
Level 1
Level 1
In response to David_Che

‎11-01-2014 05:00 AM

Ok great thanks il look into GETVPN, but can you tell me something about phase 3 of DMVPN? Why and when would you use it

0 Helpful
Customers Also Viewed These Support Documents