8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

Home > DMVPN Tutorial

DMVPN Tutorial
February 14th, 2015 in ROUTE Knowledge Go to comments

One of the most popular network topology in practical nowadays is shown below with one HeadQuarter connecting to branch offices at some locations. The
main enterprise resources are located in the HeadQuarter.

The router at the HeadQuarter undertakes the role of a Hub while branch routers take the role of Spokes. In this Hub-and-Spoke topology, each Branch can
access some resources on the HeadQuarter. But there are some disadvantages with this topology:

+ When a spoke wants to communicate with another Spoke, it must go through the Hub which increases the traffic passing through the Hub, increase CPU and
memory usage on Hub and can create bottle-neck problem. This also increases latency for time-sensitive applications such as VoIP, video conference
+ Each site requires a static public IP address if the environment between them are public (like the Internet).
+ The configuration is complex, especially with large network. When a new Spoke is added, additional configuration is required on Hub

Dynamic Multipoint VPN (DMVPN) is a solution of Cisco that can be used to overcome these disadvantages. DMVPN provides the following advantages:

+ Provides full meshed connectivity with simple Hub-and-Spoke topology. The spokes can communicate between each other without going through Hub
+ Only one static public IP address is required on Hub. Spokes can use dynamic (unknown) public IP addresses
+ The configuration is simple even in large network. No additional configuration is required on Hub when new Spokes are added.

https://www.digitaltut.com/dmvpn-tutorial 1/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

DMVPN provides full-meshed connectivity

with Hub-and-Spoke topology

But notice that DMVPN is not a protocol, it is the combination of the following technologies:

+ Multipoint GRE (mGRE)

+ Next-Hop Resolution Protocol (NHRP)
+ Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP) (optional)
+ Dynamic IPsec encryption (optional)
+ Cisco Express Forwarding (CEF)

DMVPN combines multiple GRE (mGRE) Tunnels, IPSec encryption and NHRP (Next Hop Resolution Protocol) to perform its job and save the administrator the
need to define multiple static crypto maps and dynamic discovery of tunnel endpoints.

To keep this tutorial simple we only mention about mGRE and NHRP.

Multipoint Generic Routing Encapsulation (mGRE)

Before taking about mGRE we should learn why we have to run GRE on DMVPN. The answer is simple: because we want to run IPSec on it. And why we need
IPSec? Because we want to utilize the power of cheap but insecure Internet (and other insecure public) connections at our sites.

As you may know, IPSec is a framework consisting of protocols and algorithms for protecting data through an untrusted IP network, such as the internet.
Although IPSec provides a secure tunneling method but it does not support multicast and broadcast traffic so popular routing protocol (OSPF, EIGRP, ) run
based on multicast cannot be used with IPSec. So we have to use GRE to wrap these multicast traffic. As a result, all traffic (including unicast, multicast and
broadcast) between sites are encapsulated into GRE packets before being encrypted and sent over the network.

Now we knew why GRE should be used here. But traditional GRE (sometimes called point-to-point or p2p GRE) also has its limitation: for each connection to
the Spoke, Hub router needs to establish a separate GRE tunnel. So when the number of Spokes increases, Hub must increase the number of tunnels at the
same rate -> lots of configuration on Hub. So it is the time when mGRE takes part in.

An mGRE tunnel inherits the concept of a classic GRE tunnel but an mGRE tunnel does not require a unique tunnel interface for each connection between Hub
and spoke like traditional GRE. One mGRE can handle multiple GRE tunnels at the other ends. Unlike classic GRE tunnels, the tunnel destination for a mGRE
tunnel does not have to be configured; and all tunnels on Spokes connecting to mGRE interface of the Hub can use the same subnet.

https://www.digitaltut.com/dmvpn-tutorial 2/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

mGRE tunnel is treated as a non-broadcast multi-access (NBMA) environment. mGRE tunnel does not have to be configured with a tunnel destination so we
need another protocol to take care of the destination addresses. In this case NHRP is used for NBMA environment.

Note: Besides the Tunnel IP address, each Spoke and Hub will have a NBMA IP address, which is a public IP address used as the tunnel source IP address. We
post the configuration here as an example to help you understand more about the difference of these two IP addresses:

Hub Spoke (Branch 3)

interface fa0/0 interface fa0/0
ip address 11.11.11.1 255.255.255.0 ip address 13.13.13.3 255.255.255.0
interface tunnel 1 interface tunnel 1
ip address 192.168.100.1 255.255.255.0 -> Tunnel IP ip address 192.168.100.3 255.255.255.0 -> Tunnel IP
address (private IP) address (private IP)
tunnel source fa0/0 -> NBMA IP address (public IP) tunnel source fa0/0 -> NBMA IP address (public IP)
So the Tunnel address is the address configured under interface tunnel while the NBMA address is the address used as source of the tunnel.

NHRP

Next Hop Resolution Protocol (NHRP), defined in RFC 2332, is a Layer 2 address resolution protocol and cache, like Address Resolution Protocol (ARP). NHRP is
used by a branch router connected to a non-broadcast, multi-access (NBMA) sub-network to determine the IP address of the NBMA next hop; in this case,
the headend router or the destination IP address of another branch router.

NHRP is used to map tunnel IP addresses to physical or real IP addresses, used by endpoint routers. It resolves private addresses (those behind mGRE and
optionally IPSEC) to a public address. NHRP is layer 2 resolution protocol and cache, much like Address Resolution Protocol (ARP) or Reverse ARP (Frame
Relay).

In order for DMVPN to work correctly, DMVPN relies on NHRP to create a mapping database of all spoke tunnels to real (public) IP addresses. When a Spoke
joins a DMVPN network it will register itself with the Hub via NHRP. The NHRP Registration Process is described below:

https://www.digitaltut.com/dmvpn-tutorial 3/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

+ When a Spoke joins a DMVPN network, it sends a Registration Request to the Hub whose IP address has already been configured on the Spoke (via the ip
nhrp nhs <Hub IP address> command)
+ The Registration Request contains the Spokes Tunnel and NBMA addresses along with the hold time -> Hub does not have to statically configure Spoke IP -
> simplify Hub configuration
+ Hub then create an NHRP mapping entry in its NHRP cache (just like an ARP cache) to keep the mapping between Spokes Tunnel and NBMA addresses. The
hold time of this mapping equals to the hold time in the Registration Request.
+ Hub sends a NHRP Registration Reply to the Spoke to complete the process

NHRP Registration Process

Note:
+ The Spoke who sends NHRP Registration Request is called NHRP Client (NHC) while the Hub who replies the request is called NHRP Server (NHS).
+ The Spokes NBMA address is often its public IP and obtained dynamically while the Spokes Tunnel address is the private IP
+ NHRP mapping can be statically configured on both Spoke and Hub

A cool advantage of NHRP is the ability to help DMVPN establish direct Spoke-to-Spoke communication without going through Hub. Lets see how NHRP works
in this case.

https://www.digitaltut.com/dmvpn-tutorial 4/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

NHRP Resolution Process

1. Before a spoke can directly send traffic to another spoke, it must still query the Hub to get the NBMA address of the destination spoke. To do this, Spoke
must send a NHRP Resolution Request to the Hub asking for the NBMA address of the destination spoke.
2. The Hub replies with the NBMA (public) address of Spoke 3 (which is 13.13.13.3 in this case). If the Hub does not known NBMA of Spoke 3 it will query
Spoke 3 first.
3. The direct IPsec tunnel between two spokes is built only after that. But the spoke-to-spoke tunnel is only temporary and is torn down after a pre-configured
period of inactivity to save resources.

Note:
+ In case NHS does not have an entry in its cache for the NHCs query, NHS returns an error and the spoke will install an entry pointing to the NHS. So traffic
must flow through the Hub
+ Instead of asking NHS, the destination spoke IP can be statically configured on the NHC.
+ Resolution is only used for spoke to spoke communication

Now lets see the whole picture of how NHRP takes part in the routing process.

1. Suppose Spoke 1 wants to send traffic to network 172.16.1.0/24 behind Spoke 2. It will look up its routing table and see an entry like this:

172.16.1.0/24 via 192.168.100.2, Tunnel0

(means this subnet was learned from next-hop 192.168.100.2 via its Tunnel0)

2. Spoke 1 looks up its NHRP mapping table to search for the NBMA address of 192.168.100.2. If it cant find one, it will send an NHRP Resolution Request to
get the mapping information from the Hub. Suppose the NBMA address of 192.168.100.2 configured on Spoke 2 is 12.12.12.2.

https://www.digitaltut.com/dmvpn-tutorial 5/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

3. Now Spoke 1 has enough information to encapsulate original packets. It will encapsulate packets with IP source of 11.11.11.1 (its NBMA address) and IP
destination of 12.12.12.2 (Spoke 2s NBMA address) then send to the destination.

In the next part we will learn how to configure DMVPN

Pages: 1 2

Comments
Anonymous May 1st, 2016
Hey guys, please send me valid dumps to estebanld @ hotmail . com. thanks.

Is current TUT dump still good? June 1st, 2016

Are these questions and answers from TUT still current for 300-101 test?

melly July 29th, 2016

please can someone help me out with a link to download the free very recent dump 300-101 (ccnp routing).am to write
the exam the next weekplease would really appreciate.thanks loads

Maarouf July 30th, 2016

https://www.digitaltut.com/dmvpn-tutorial 6/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

Please Send valid dumps of 300-101 at Mustafa_Maarouf_7 @ hotmail.com

thankx in advance :)

DNNN August 8th, 2016

`11==1`

Anonymous August 10th, 2016

Podrian completar el ejemplo con un ruteo de redes .

Anonymous August 18th, 2016

Can anyone send me the the dump 300-101 questions and reading materials for CCNP please? My email is
solkolfe@yahoo dot com

Anonymous August 20th, 2016

Hi,
Can anyone send me cours for CCNP route 300-101
e-mail:{email not allowed}
thanks.

Anonymous August 20th, 2016

{email not allowed}

Anonymous September 12th, 2016

Hi, am taking exam at 24/9/16,can anyone send updated CCcnp routing dumps to my mail {email not allowed}. thanks in
advance

guodong September 13th, 2016

Does any one have latest dumps for 300-101 Route exam . please help send to my email{wgd198752 at yahoo dot com
dot sg}. so appreciate that.

Gagz September 15th, 2016

hi can anyone send me CCNP(Route) latest dumps please. My mailing address is
rrit(dot)noc(at)gmail(dot)com

Anonymous October 5th, 2016

@Natasha i would like to ask you if the dump 149q still valid or not. thanks

George October 5th, 2016

@Natasha are the 149q dump still valid or not. thanks

Lisa October 5th, 2016

@Natasha. Please send 149q pdf to thaboketsile(at)gmail(dot)com

Natasha October 10th, 2016

Yes dump is still valid.

Gavno October 12th, 2016

https://www.digitaltut.com/dmvpn-tutorial 7/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

Hello,
If you dont mind can you please send valid 300-101 to nayrbvp at gmail . com?

CCNP ROUTING DUMPS October 14th, 2016

Hi,

Im going to write CCNP routing exam next coming week kindly friends, I need routing dump
to prepare. plz send it on mahmoudhamid101@g mail.com

Anonymous October 15th, 2016

lease help so I can continue my CCNP Certification Send to rhedreyes2012 @ gmail.com
.
Send the valid dump for October 2016 Exam.

Route 300-101

Thank you

non October 16th, 2016

great lesson thanks

DonnieBrasco October 25th, 2016

OK, boys and girls:

I am a red-blooded, native English speaking American who has been in the networking industry as a pro since 2004. So
Ive been doing this Cisco test dance for years and years. I really appreciate the help I get from sites like this one, so Im
reporting my experience taking CCNP-ROUTE 300-101 the afternoon of October 25 in the Denver area. I was like the rest
of you when the news popped up that the question bank had changed. Is it for real? Is it a scam? Should I move on to
CCNP-SWITCH? At least for now? Lots of questions. No answers. So here I am with your answers. Straight up. You dont
even get a cube of ice.

Just a ground rule, here: DO NOT ask me for dumps. Does begging some random stranger on the internet to do
something for you ever work? Its pointless. Stop it. Stop it NOW. Besides, the dumps are basically out in plain sight, and
Ill leave it at that.

If all youre doing is just pounding through the dumps over & over again, all youre probably wasting your time and youve
defiintely watered down the value of the cert for the rest of us. I have been studying the CCNP-ROUTE like a maniac for
10 weeks straight. Use the dumps as a coat of polish on the beatiful work youve put in over weeks or months. Otherwise,
if you land that CCNP job and someone hands you an assignment, what are you going to do? Look back at your dumps?
Nope. Also pointless. Stop. Stop it NOW.

149 question dump is perhaps 50% valid. The sims in the dumps are 100% bang on. Im not sure how it could be done
any better, actually. And. I got a LOT of sims on my test. So, thanks for whoever is the ultimate source of these dumps,
because they can be extremely helpful on test day. I know I crushed my sims due to the help here from digitaltut.

Aside from sims, I got maybe 8 10 questions from the 149 question dump. It was comforting to see those. Aha! Thats
familiar! /smile
But many, many of my multiple choice questions were completely unfamiliar to me. And after 10 weeks studying like an

https://www.digitaltut.com/dmvpn-tutorial 8/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

animal, I could only rely on process of elimination and experience in the industry. Passing is 790. I scored 771. Not.
Quite. Good. Enough.

There are a lot of stupid questions on the services like SNMP and logging. I got a drag and drop that asked to correctly
identify the steps in a CHAP three way handshake. No big deal. But if youre wondering if the changed questions is a
scam, its not. I have nothing to sell you. Now or ever. Im just trying to help. We will have to wait to see what happens
with new dumps and such.

FYI I currently work for a company that administers its own certification program. I have been on the panel that writes
tests. Its a savage pain in the ass. They have to pull technology experts away from their day-to-day roles for a week for
a test write. Its very puzzling that Cisco would make substantial changes to the question bank without also changing
the objectives. Its costly and annoying for pretty much everyone involved. I have no explanation.

*** administrative note ***

Im posting this in a few different places here at digitaltut to spread the word around. I know some knuckleheads are
probably only looking at one of the forumes, and Id hate for some of you to lose out on what little news is available out
there.

Aaron001 October 28th, 2016

Testmayor preparation material includes the most excellent features, prepared by the same dedicated experts who have
come together to offer an integrated solution. We provide the most excellent and easy way to pass your certification
exams on the first attempt GUARANTEED

Anno November 2nd, 2016

Not everyone has the money to take the risk to fail as these exams are very expensive (~300 Euros). Learning dumps
doesnt mean that you have no idea of networking, if this is not the only material you are using.

i have learned alot but still need the dumps so if anyone can provide me the actual dumps would be very nice!

i.k.q @hotmail.com

Thanks in advance

Merlz November 2nd, 2016

True that Anno, most of us are perfectly good engineers, but the exam is tight and expensive and off target, there is
hardly any bgp but the route blue print is full of it, we need the dumps to get over the exam, obviously we still going to
go deeper and dirty with networks

Rocky November 11th, 2016

I am writing CCNP Route 300-101 very soon. I already have the 149q, but I needed new (update) questions. Please send
to anghebre at yahoo dot com
Thanks in advance

andrew November 16th, 2016

Hey Rocky, can you please send me the dumps that u have for 300-101 please? and also the new questions, if you got
any. Thanks in advance. please send it to avash123459 @ gmail . com

Markjade November 18th, 2016

https://www.digitaltut.com/dmvpn-tutorial 9/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

very nice

bob December 1st, 2016

is this tutorial informational or is it part of the exam?

Anonymous December 7th, 2016

can i get latest dumps for the route and tshoot exams 300-101 and 300-135

{email not allowed}

thnx

Anonymous December 10th, 2016

can someone please send me route dumps too? ccnpchic @gmail. com
Thanks a lot! ???? I would like to take the exam too this coming months, i appreciate that

Anonymous December 29th, 2016

i planing to take on January to o . Who can email me latest dumps 300-135

jiejet@ hotmail.com

Anonymous December 31st, 2016

Hello Everyone

Can somebody let me know what is the last exam version?

Ronak January 16th, 2017

Hi..can someone confirm which is the valid Dumps 149q or 183q?

@Arlen,
can you please share your experience on the type of questions you saw.

Anonymous January 25th, 2017

Hello everyone,

can someone send me the latest dump at {email not allowed} please ?

thx

Anonymous January 25th, 2017

Hello everyone,

can someone send me the latest dump at kamhaw4lif @ hotmail . fr please ?

thx

Pradeep January 30th, 2017

hi,

I am looking CCNP R&S TShoot valid dump.

https://www.digitaltut.com/dmvpn-tutorial 10/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

I helped many and now i need help to get the TShoot dump.

Please help me and send me valid dump at pradeep.bmas @gmail.com

Thanks in advance.

Jane woken February 2nd, 2017

can somebody tell me please that what is the last question of 40Q of TAGWA , in my life there is no answer of question
Meaning of priority 0 configured in ospf router? . Plus do I have to prepare this lab as well

Anonymous February 8th, 2017

hello everyone,

would someone send me valid dump please

mail:

erkandursun1225 at gmail.com

tahnk you.

Anonymous February 14th, 2017

good morning

I want someone send me valid dump please to my mail {email not allowed}

REGARD

Anonymous February 19th, 2017

Hi All,

Can anyone please upload the latest Route 300-101 dump here.
It would be helpful to all who would appear for the exam.

Thanks & regards

Anil

Passed using this material February 21st, 2017

100% valid exam questions, (AllinONE Package) that you need to clear exam.

Instant Download
http://rebrand.ly/ccnac5f48

mutt February 24th, 2017

hi to all

may i have 15q please

merter.metro (at) gmail . com

Ihsan February 25th, 2017

https://www.digitaltut.com/dmvpn-tutorial 11/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

Hi,

can anyone please share the latest dumps with me? Thanks in advance!

i.k.q @ hotmail.com

Kitanga March 1st, 2017

Hello Guys,

Can anyone send me the valid dump for 300-101.

{email not allowed}

Kitanga March 1st, 2017

Hello Guys,
Can anyone send me the valid dump for 300-101.

abu_husseyn (at) yahoo.com

Anonymous March 2nd, 2017

Please Send valid dumps of 300-101 at {email not allowed}

Asad A KHAN March 2nd, 2017

Please Send valid dumps of 300-101 at {email not allowed}

Asad A KHAN March 2nd, 2017

Please Send valid dumps of 300-101 at asadalikhan96 at yahoo

joeyPH March 17th, 2017

any new dumps?
please send it to

b i L L y Jo e 585 @ y a h o o. co m

THanks

grateful March 18th, 2017

I took the exam on March 14th. The labs were the same, but there were new questions. Ended up barely passing the
exam (in low 800s), but a pass is a pass. I can now move on to the next venture :-)

Anro Raouf March 19th, 2017

Hi evry body
can someone send me the last valid dump of 300-101 at alinotala at yahoo dot fr

Thanks

Anro Raouf March 19th, 2017

Hi evry body
can someone send me the last valid dump of 300-101 to

https://www.digitaltut.com/dmvpn-tutorial 12/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

alinotala at yahoo dot fr

Anro Raouf March 19th, 2017

Hi every body
Can someone telle where i can find the dump : CCIE Collaboration Written 4051

Passed1 March 27th, 2017

149+41+15 is 100% good in exams
Exam Questions Dumps at below page including all labs in GNS3 format. Working VCE player also included in package.

http://rebrand.ly/ccnpr370d

Anonymous April 9th, 2017

Hi everyone! Can somebody send me the latest valid dump of 300-101 to email at {email not allowed}

Anonymous April 22nd, 2017

What does Command ip cache flow actually display in the output? please help.

Anonymous April 23rd, 2017

Hi,

If anyone can provide me latest CCNP Routing dumpls would be appreciable..bkz I am gonna to write an exam in next
couple of days.. Thanks a lot in advance

Anonymous April 23rd, 2017

Hi,

If anyone can provide me latest CCNP Routing dumps would be appreciable..bkz I am gonna to write an exam in next
couple of days.. Thanks a lot in advance
my email is {email not allowed}

charlie April 25th, 2017

hello! I would like to receive 300-101 dump, Is anybody available to send it manga_90 at hotmail dot com

Red1 April 25th, 2017

RED just passed routing this monday, labs are updated, except the show WHATEVER labs>Same multiple answers, but
different config on routers so you must pay attention to what ever the routers displays.

Groot April 26th, 2017

Hi Red1,

Can you share the dumps you have used please?

Red1 April 27th, 2017

The ones that share Passed 1are correct

jennyjfoy May 10th, 2017

Ive just passed my Exam 300-101 with http://www.braindumpskey.com/ .

https://www.digitaltut.com/dmvpn-tutorial 13/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

moayad June 4th, 2017

hi
i have fail the exam
new question
all the dump is not valid .
please if some one have a valid dump share it with me .
the last dump i have Q295 .
moayad.2514@gmail dout com

Anonymous June 8th, 2017

Welcome to your post. You are wishing to study CCNA or CCNP or higher CCIE as you have no documentation for
reference and practice. Do not worry. I have gathered a lot of documents related to CISCO on google drive and the cost
to you own this repository is 200k or $ 10.
This is a link you can access.
https://drive.google.com/drive/folders/0B2fvitSibW-QZ1h6Nnl1R0RUN2c
You can preview in your google Drive what it is through:
https://www.youtube.com/watch?v=cIe_wxXm5ZY&t=322s
Like and subscribe my channel.
Ok wish you study effectively, through your ebook.

marcus June 28th, 2017

please share vaild dumps for route exam

{email not allowed}

marcus June 28th, 2017

please share valid dumps for route exam

realmarcus.com at gmail dot com

achilles July 7th, 2017

please email me the latest dumps noshutshut at gmail dot com

Anonymous July 12th, 2017

please provide me the latest dump for ccna 200-125

ghigho July 12th, 2017

please provide me the latest dump for ccna 200-125

science July 14th, 2017

please share vaild dumps for route exam
{email not allowed}

Self Study NetEng August 3rd, 2017

Stop begging for Dumps and put the hard work in dont you Dump Beggars want to know how things really work ? and
become a guru that is the goal to strive for.

https://www.digitaltut.com/dmvpn-tutorial 14/15
8/14/2017 ROUTE 300-101 Training DMVPN Tutorial

Build a home lab with real hardware in addition to using GNS3 and stop putting this wonderful site at risk. Stop
contributing to the watering down of Cisco Certifications by flooding the industry with Dumpy Dump Beggar wanabes.

There are lots of unemployed CCNA, CCNPs and I would bet that not all but, a fair amount of them are Dumpy Dump
Beggars. Go get a Job in retail !

Message for the people who provide links to the dumpy dumps via this site KARMA

True_one August 5th, 2017

I agree with you Self Study NetEng,
There is enough information out to become strong enough at Routing so you wont need dumps. Labs can be built in
home, GNS3, and the Cisco website can be used to bring to the level you need to pass the exam and perform at your job.

https://www.digitaltut.com/dmvpn-tutorial 15/15