Dynamic multipoint VPN (DMVPN) is a VPN architecture that makes it easier to configure topologies in which many sites need to interconnect. Scaling an ordinary site-to-site IPsec VPN for such a network would be operationally complex: the tunnels between the sites would need to be fully meshed. In addition, each pair of endpoints requires its own network, which causes high IP address space consumption.

DMVPN uses multipoint Generic Routing Encapsulation (mGRE) tunnels with the Next Hop Reachability Protocol (NHRP) addressing service to allow a dynamic mesh of VPN tunnels that do not need to be statically configured. The following figure shows that the tunnels are protected using IPsec.

For more information about DMVPN, refer to Ciena Vyatta Network OS DMVPN Configuration Guide.