This section presents a sample configuration for a basic multipoint GRE (mGRE) tunnel between the HUB and SPOKE1 Vyatta router and one between HUB and SPOKE2.

The configuration shown in this example also provides for a dynamic tunnel to be created between SPOKE1 and SPOKE2, as required. The ability to form a dynamic tunnel directly between the spokes derives from the use of mGRE and Next Hop Resolution Protocol (NHRP). This configuration can be expanded by creating additional spoke nodes with no change to the HUB configuration. For more information on NHRP, refer to Ciena Vyatta Network OS Services Configuration Guide.

Note that spoke-to-spoke traffic does not pass through the HUB. Note also that a typical production environment would use a routing protocol such as OSPF rather than static routes, which are used in this example.

The basic mGRE tunnels presented in this example are not protected by IPsec encryption, which means they are not secure and would not be suitable for a production network unless otherwise secured. Dynamic multipoint VPN (DMVPN) uses mGRE, NHRP, and IPsec to provide a secure hub-and-spoke tunnel environment. For more information on creating a DMVPN environment, see Ciena Vyatta Network OS DMVPN Configuration Guide.

When this example is completed, the network will be configured as shown in the following figure.