Shortcut: DMVPN Demystified
I don’t have a huge amount of time to blog these next few weeks, but I wanted to put something up that might interest people. Since leaving Advanced Services, I’ve been heavily focused on Cisco SD-WAN. I used to be a DMVPN guru in AS and helped a lot of customers with it. I also created some materials to help train our new hires and early-in-careers on DMVPN.
As you may have noticed, I also run a blog called Carpe DMVPN. However, it wasn’t until recently that I realized I actually never put anything up relating to DMVPN!
I’ll attach the DMVPN presentation that I built a year ago in hopes it may help others learn and implement DMVPN. I didn’t cover the DMVPN phases in the presentation, as that is more historical and doesn’t actually need much explanation.
Phase 1: Spoke-to-Hub routing only. All data plane must traverse the hub.
Phase 2: Spoke-to-Spoke traffic is possible with router tricks such as removing route summarization and not changing the next-hop of routes on the DMVPN hub. This causes spokes to trigger NHRP resolution for the spoke address and then build tunnels to them directly.
Phase 3: The current version. Using NHRP Redirect / NHRP Shortcut, we can now summarize and do normal routing with the hub, but the spokes are still able to build tunnels directly to each other (after consulting the hub).