This section presents a sample configuration for basic multipoint Generic Routing Encapsulation (mGRE) tunnels between vRouter HUB and SPKE1, and HUB and SPOKE2. The configuration shown in this example also provides for a dynamic tunnel to be created between SPOKE1 and SPOKE2 as required. This ability derives from the use of multipoint GRE and NHRP. This configuration can be expanded by creating additional spoke nodes with no change to the HUB configuration.

• For more information on mGRE, including mGRE commands, see Ciena Vyatta Network OS Tunnels Configuration Guide.
• For more information on NHRP, including NHRP commands, see Ciena Vyatta Network OS Services Configuration Guide.

Note that spoke-to-spoke traffic does not pass through the HUB router. Also note that a typical production environment would use a routing protocol such as OSPF rather than using the static routes that are used in the example.

The basic mGRE tunnels presented in this example are not protected by IPsec encryption, which means they are not secure and would not be suitable for a production network unless otherwise secured. DMVPN uses mGRE, NHRP, and IPsec to provide a secure hub-and-spoke tunnel environment. For an example of a full DMVPN configuration, see the following section DMVPN hub-and-spoke.

When this example is completed, the network will be configured as shown in Basic mGRE tunnel network.