DMVPN is a type of virtual private network designed by Cisco that uses multiple networking protocols to create secure tunnels between different servers and routers. DMVPN stands for Dynamic Multipoint Virtual Private Network. Dynamic means that tunnels can be created and then dropped when they’re no longer needed. Multipoint means that any server or router with the right DMVPN configuration can participate on the network.
How does DMVPN work?
DMVPN terminology uses “hubs” and “spokes” to describe routers in such a network: there is one hub, the main router, and multiple spoke routers that serve as network nodes to which traffic moves. DMVPN technology uses multiple protocols, including IPSec (IP security) and generic routing encapsulation (GRE) tunneling, a protocol for transferring information between network points.
DMVPN connections can be hub-to-spoke, in which a spoke router has a direct tunnel to the main router, but the unique aspect of DMVPN is its spoke-to-spoke network connections. Spoke routers, which have dynamic IP addresses, can deploy a connection to another spoke router by learning its IP address from the server in the main hub. If unused, that connection will eventually terminate. Hub routers in a DMVPN network have static IP addresses.
Difference between DMVPN and VPN
A typical VPN is a private tunnel constructed between a main server and an external user’s private computer network. It bypasses the path that network traffic takes through an Internet service provider. This prohibits the ISP from seeing the user’s network traffic and the IP addresses they’re visiting. DMVPN, though it serves a similar purpose, works a bit differently. Instead of providing just one secure tunnel, it creates multiple ones for multiple servers and routers.
For example, if a business wants to have one VPN configuration for all of its employees, DMVPN offers that option. All the servers and routers need to have the same DMVPN configuration. In contrast, a typical VPN sets up a long-term tunnel between one private user and a company private network. Each private user, or employee, has their own tunnel and can only connect to the specified company server. But DMVPN allows two private routers to create a tunnel without having to go through the main hub server.
Why is DMVPN helpful?
Because its tunnels don’t have to last forever, DMVPN is a more flexible virtual private network solution. Once a set period of time has passed, a spoke-to-spoke connection will be dropped if it isn’t being used. Any router with the correct DMVPN configuration can connect to the main router—it’s not just a single VPN solution with one always-open tunnel for one user. DMVPN can be a good choice for businesses with many employees in multiple locations.
DMVPN also provides lower latency for a network with many connected routers. It’s scalable, too, for businesses that need to grow and continue adding connections.