Dynamic Multipoint Virtual Private Network
This article needs additional citations for verification. (August 2012) (Learn how and when to remove this template message)
Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco IOS-based routers, Huawei AR G3 routers and USG firewalls, and on Unix-like operating systems.
DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks..
- Generic Routing Encapsulation (GRE), RFC 1701, or multipoint GRE if spoke-to-spoke tunnels are desired
- NHRP (next-hop resolution protocol), RFC 2332
- IPsec (Internet Protocol Security) using an IPsec profile, which is associated with a virtual tunnel interface in IOS software. All traffic sent via the tunnel is encrypted per the policy configured (IPsec transform set)
- An IP-based routing protocol, EIGRP, OSPF, RIPv2, BGP or ODR (DMVPN hub-and-spoke only).
Routing protocols such as OSPF, EIGRP v1 or v2 or BGP are generally run between the hub and spoke to allow for growth and scalability. Both EIGRP and BGP allow a higher number of supported spokes per hub.
- Cisco engineers. "Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)". Cisco. Cisco. Retrieved 24 September 2017.
- Huawei DSVPN Configuration
- DMVPN Design Guide: Using a Routing Protocol Across the VPN
- DMVPN Design Guide: Routing Protocol Configuration
- DMVPN Design Guide: Best Practices and Known Limitations
- Cisco Systems
- Cisco DMVPN Design Guide
- Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)
-  DMVPN Management
-  Open source NHRP protocol implementation