Dynamic Multipoint Virtual Private Network

Dynamic Multipoint Virtual Private Network

A Dynamic Multipoint Virtual Private Network is an enhancement of the virtual private network (VPN) configuration process of Cisco IOS-based routers. DMVPN prevents the need for pre-configured (static) IPsec (Internet Protocol Security) peers in crypto-map configurations and ISAKMP (Internet Security Association and Key Management Protocol) peer statements. This feature of Cisco IOS allows greater scalability over previous IPsec configurations. An IPsec tunnel between two Cisco routers may be created on an as needed basis. Tunnels may be created between a spoke router and a hub router (VPN headend), or between spokes. This greatly alleviates the need for the hub to route data between spoke networks, as was common in a non-fully meshed frame relay topology.

Contents

Configuration details

A DMVPN Spoke is configured with one or more hub IP addresses. DMVPN hub IP addresses are typically static, such as at a corporate headquarters. DMVPN spoke IP addresses may be static, or dynamic. An example would be a DMVPN spoke router acting as a DHCP client on a DSL or cable provider's network. The spoke router is configured with the hub's IP address, allowing it to connect when online. The hub router does not need to be configured with the IP addresses of the spoke routers. This allows many-spoke VPN routers to be deployed without the need to configure additional peers on the hub(s). In the past the configuration of the hub grew whenever a spoke VPN router was added to the ipsec network.

Internal routing

For internal routing, a dynamic routing protocol is used between the spokes and the hub, as well as other spokes. Cisco EIGRP, or OSPF routing protocols are commonly used for further scalability. DMVPN is considered by many engineers as superior to early dynamic ipsec technologies such as TED (tunnel endpoint discovery).

Summary

In summary, DMVPN is a frame-work technology, consisting of:

  • An IPsec profile, which is associated to a virtual tunnel interface in IOS software. Traffic sent via the tunnel is encrypted per the policy configured (IPsec transform set)
  • Generic Routing Encapsulation (GRE), or multipoint GRE if spoke-to-spoke tunnels are desired
  • NHRP (next-hop resolution protocol), RFC 2332
  • A dynamic routing protocol, DUAN, ODR, RIP, EIGRP, OSPF, ISIS, BGP

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Dynamic Multipoint Virtual Private Network — Dieser Artikel wurde aufgrund von inhaltlichen Mängeln auf der Qualitätssicherungsseite der Redaktion Informatik eingetragen. Dies geschieht, um die Qualität der Artikel aus dem Themengebiet Informatik auf ein akzeptables Niveau zu bringen. Hilf… …   Deutsch Wikipedia

  • Dynamic Multipoint Virtual Private Network — DMVPN (англ. Dynamic Multipoint Virtual Private Network  динамическая многоточечная виртуальная частная сеть)  технология для создания виртуальных частных сетей, разработанная Cisco Systems. Является дальнейшим развитием VPN, и… …   Википедия

  • Passive optical network — A passive optical network (PON) is a point to multipoint, fiber to the premises network architecture in which unpowered optical splitters are used to enable a single optical fiber to serve multiple premises, typically 32 128. A PON consists of an …   Wikipedia

  • VPN — технология VPN (англ. Virtual Private Network&# …   Википедия

  • History of virtual learning environments — A virtual learning environment (VLE) is a system that creates an environment designed to facilitate teachers in the management of educational courses for their students, especially a system using computer hardware and software, which involves… …   Wikipedia

  • Liste der Telekommunikationsstandards — Liste von Standards und Richtlinien aus der Telekommunikation. Inhaltsverzeichnis 1 ETSI 1.1 Nomenklatur 1.1.1 derzeit gültige Nomenklatur 1.1.2 vorherige Nomenklatur …   Deutsch Wikipedia

  • Multiprotocol Label Switching — MPLS redirects here. For other uses, see Mpls. MPLS Layer Multiprotocol Label Switching (MPLS) is a mechanism in high performance telecommunications networks that directs data from one network node to the next based on short path labels rather… …   Wikipedia

  • Metro Ethernet — A Metro Ethernet is a computer network that covers a metropolitan area and that is based on the Ethernet standard. It is commonly used as a metropolitan access network to connect subscribers and businesses to a larger service network or the… …   Wikipedia

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

  • Nexcom Bulgaria LLC — Type limited liability company Industry telecommunications Founded 1998 Headquarters Sofia, Bulgaria Key people Emil Nikolov, President CEO Nexcom Tele …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”