Dynamic Multipoint Virtual Private Network
Hub-and-Spoke VPN
/CAP/Network+/Visual%20Aids/Pasted%20image%2020241101134228.png)
-
If the hub (building) goes down, everyone's offline.
-
It's a bit sub-optimal because all traffic, has to flow through the spoke
-
Multiple branch locations
-
Path selection
- Spoke to spoke goes through HQ (headquarters)
- Direct spoke to spoke
- This is what we want. But each of the circuits is expensive and take a long time to set up.
- Requires configuration
- Fixed IP addresses.
- How do I get one site to talk to the other site?
- If I want static IPs in each of the sides, that gets even more expensive.
- Does not scale well.
Dynamic Multipoint VPN
/CAP/Network+/Visual%20Aids/Pasted%20image%2020241101134901.png)
-
Abbreviation: Dynamic Multipoint VPN (DMVPN)
-
This technology really changed the world
-
We know that full mesh, is like the ideal network topology, if we are not paying for it, because everything can connect to everything directly. There is no chance of an intermediate device screwing things up.
-
DMVPN goal is to achieve that.
-
Automates creation of VPN connections
- Start off with a traditional hub-and-spoke topology
- In the image those dotted lines are VPN sessions that are going to be stablished as needed as needed.
-
Enables spoke-to-spoke connectivity
- This is what is gonna move us towards a full mesh where any site can tell any other site directly.
-
No need for fixed IPs
- We don't need static IPs
- What each of this sites does, is when it comes online, it's going to register with headquarters. And it basically says: "Here's my public IP that I'm calling from", (it's almost like a caller ID).