A GRE tunnel, in its basic form, is essentially point to point. Supporting complex network topologies (such as hub-and-spoke and spoke-to-spoke technologies) with point-to-point tunnels is operationally problematic, requiring a full mesh of tunnels. Such a mesh also consumes a great deal of IP address space, as each pair of tunnel endpoints consumes a subnet. Multipoint GRE (mGRE) allows multiple destinations (for example, multiple spoke sites) to be grouped into a single multipoint interface.
To build the direct tunnels, mGRE uses the Next Hop Resolution Protocol (NHRP) addressing service. The hub maintains an NHRP database and the spokes query the hub database to obtain the IP addresses of the logical tunnel endpoints.
To use multipoint GRE, create a tunnel interface and specify gre-multipoint as the encapsulation type (by using the interfaces tunnel <tunx> encapsulation <action> command). The other main difference between a standard GRE configuration and an mGRE configuration is that, in an mGRE configuration, you do not specify an IP address for the remote endpoint (that is, you do not set the remote-ip parameter). Other parameters are configured as for ordinary GRE.
Both multipoint GRE and NHRP are necessary components for dynamic multipoint VPN (DMVPN), which is typically secured with IP Security (IPsec). DMVPN is discussed in Ciena Vyatta Network OS Bridging Configuration Guide. NHRP is discussed in Ciena Vyatta Network OS Services Configuration Guide.