home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

DMVPN overview

DMVPN in a spoke-to-spoke network

The DMVPN network is a hub-and-spoke network as the hub discovers all spokes on the network. The discovery process proceeds as follows:

  1. The spoke must be configured with the address of the hub, which should be static.
  2. Each spoke establishes a permanent IPsec tunnel to the hub.
  3. The spoke registers with the hub, an NHRP Next Hop Server (NHS), as a Next Hop Client (NHC).
  4. The spoke provides the hub with its real IP address.
  5. The hub adds the spoke to its learned network (the NHRP database), mapping the real public IP address onto the logical VPN address for the spoke.

    After the hub-and-spoke network has been built out, it can convert to a spoke-to-spoke network, as follows:

    1. When a spoke has to communicate with a second spoke, it sends an NHRP query to the hub by using the logical VPN address for the second device.
    2. The hub consults its NHRP database and replies with the real IP address of the second spoke.
    3. Using the real IP address, the first spoke can dynamically set up an IPsec tunnel directly to the other spoke.
    4. The tunnel is created on demand and bypasses the hub.

Last updated: November 26, 2021