DMVPN consists of the following technologies to function properly:
- Next Hop Resolution Protocol (NHRP)
- Dynamic Routing Protocols
- IPsec encryption protocols
DMVPN boils down to the creation of dynamic tunnel overlay networks. Spoke sites establish persistent IPsec tunnels to the hub, requiring that each spoke site to be aware of the hubs IP address, each spoke then registers its own IP address as a client to the NHRP server process running on the hub. The NHRP server is responsible for maintaining a database of all the public interface addresses used by each spoke during its registration process.
When a spoke needs to transmit data to another spoke, the originating router solicits the NHRP server for the public address of the other spoke so that it can create a dynamic direct on demand tunnel to that spoke. The NHRP is considered the routing protocol used only to create adjacencies between spoke devices and the hub.
DMVPN was introduced to correct problems with Phase 2 related to scalability and performance.
- Phase 2 allows hub daisy chaining OSPF single area and a limited number of hubs because of the DR/BDR election.
- Scalability, phase 2 does not allow route summarization on the hub, all prefixes must be distributed to all spokes to be able to set up direct spoke to spoke tunnels.
- Performance, phase 2 sends first packets throug hthe hub using process switching instead of CEF causing spikes in CPU utilization
- DMVPN phase 3 uses two NHRP enhancements to fix these disadvantages:
- NHRP Redirect: a message is sent from hub to spoke to let the spoke know there is a better path to the spoke than through the hub
- NHRP Shortcut: A new way of changing CEF information on the spoke.