请输入您要查询的百科知识:

 

词条 Dynamic Multipoint Virtual Private Network
释义

  1. Benefits

  2. Technologies

     Internal routing  Encryption 

  3. References

  4. External links

{{refimprove|date=August 2012}}

Dynamic Multipoint Virtual Private Network (DMVPN)[1] is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco IOS-based routers, Huawei AR G3 routers[2] and USG firewalls, and on Unix-like operating systems.

Benefits

DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks..

Technologies

  • Generic Routing Encapsulation (GRE), {{IETF RFC|1701}}, or multipoint GRE if spoke-to-spoke tunnels are desired
  • NHRP (next-hop resolution protocol), {{IETF RFC|2332}}
  • IPsec (Internet Protocol Security) using an IPsec profile, which is associated with a virtual tunnel interface in IOS software. All traffic sent via the tunnel is encrypted per the policy configured (IPsec transform set)
  • An IP-based routing protocol, EIGRP, OSPF, RIPv2, BGP or ODR (DMVPN hub-and-spoke only).[3]

Internal routing

Routing protocols such as OSPF, EIGRP v1 or v2 or BGP are generally run between the hub and spoke to allow for growth and scalability. Both EIGRP and BGP allow a higher number of supported spokes per hub.[4]

Encryption

As with GRE tunnels, DMVPN allows for several encryption schemes (including none) for the encryption of data traversing the tunnels. For security reasons Cisco recommend that customers use AES.[5]

References

1. ^{{cite web|last1=Cisco engineers|title=Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)|url=https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html|website=Cisco|publisher=Cisco|accessdate=24 September 2017|language=en}}
2. ^Huawei DSVPN Configuration
3. ^DMVPN Design Guide: Using a Routing Protocol Across the VPN
4. ^DMVPN Design Guide: Routing Protocol Configuration
5. ^DMVPN Design Guide: Best Practices and Known Limitations

External links

  • Cisco Systems
  • Cisco DMVPN Design Guide
  • Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)
  •   DMVPN Management
  •   Open source NHRP protocol implementation
{{VPN}}

3 : Network architecture|Virtual private networks|Cisco protocols
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/23 3:21:25