Home > DMVPN Tutorial

DMVPN Tutorial

February 14th, 2015 in ROUTE Knowledge Go to comments

One of the most popular network topology in practical nowadays is shown below with one HeadQuarter connecting to branch offices at some locations. The main enterprise resources are located in the HeadQuarter.


The router at the HeadQuarter undertakes the role of a Hub while branch routers take the role of Spokes. In this Hub-and-Spoke topology, each Branch can access some resources on the HeadQuarter. But there are some disadvantages with this topology:

+ When a spoke wants to communicate with another Spoke, it must go through the Hub which increases the traffic passing through the Hub, increase CPU and memory usage on Hub and can create bottle-neck problem. This also increases latency for time-sensitive applications such as VoIP, video conference…
+ Each site requires a static public IP address if the environment between them are public (like the Internet).
+ The configuration is complex, especially with large network. When a new Spoke is added, additional configuration is required on Hub

Dynamic Multipoint VPN (DMVPN) is a solution of Cisco that can be used to overcome these disadvantages. DMVPN provides the following advantages:

+ Provides full meshed connectivity with simple Hub-and-Spoke topology. The spokes can communicate between each other without going through Hub
+ Only one static public IP address is required on Hub. Spokes can use dynamic (unknown) public IP addresses
+ The configuration is simple even in large network. No additional configuration is required on Hub when new Spokes are added.


DMVPN provides full-meshed connectivity
with Hub-and-Spoke topology

But notice that DMVPN is not a protocol, it is the combination of the following technologies:

+ Multipoint GRE (mGRE)
+ Next-Hop Resolution Protocol (NHRP)
+ Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP…) (optional)
+ Dynamic IPsec encryption (optional)
+ Cisco Express Forwarding (CEF)

DMVPN combines multiple GRE (mGRE) Tunnels, IPSec encryption and NHRP (Next Hop Resolution Protocol) to perform its job and save the administrator the need to define multiple static crypto maps and dynamic discovery of tunnel endpoints.

To keep this tutorial simple we only mention about mGRE and NHRP.

Multipoint Generic Routing Encapsulation (mGRE)

Before taking about mGRE we should learn why we have to run GRE on DMVPN. The answer is simple: because we want to run IPSec on it. And why we need IPSec? Because we want to utilize the power of cheap but insecure Internet (and other insecure public) connections at our sites.

As you may know, IPSec is a framework consisting of protocols and algorithms for protecting data through an untrusted IP network, such as the internet. Although IPSec provides a secure tunneling method but it does not support multicast and broadcast traffic so popular routing protocol (OSPF, EIGRP, …) run based on multicast cannot be used with IPSec. So we have to use GRE to “wrap” these multicast traffic. As a result, all traffic (including unicast, multicast and broadcast) between sites are encapsulated into GRE packets before being encrypted and sent over the network.

Now we knew why GRE should be used here. But traditional GRE (sometimes called point-to-point or p2p GRE) also has its limitation: for each connection to the Spoke, Hub router needs to establish a separate GRE tunnel. So when the number of Spokes increases, Hub must increase the number of tunnels at the same rate -> lots of configuration on Hub. So it is the time when mGRE takes part in.

An mGRE tunnel inherits the concept of a classic GRE tunnel but an mGRE tunnel does not require a unique tunnel interface for each connection between Hub and spoke like traditional GRE. One mGRE can handle multiple GRE tunnels at the other ends. Unlike classic GRE tunnels, the tunnel destination for a mGRE tunnel does not have to be configured; and all tunnels on Spokes connecting to mGRE interface of the Hub can use the same subnet.


mGRE tunnel is treated as a non-broadcast multi-access (NBMA) environment. mGRE tunnel does not have to be configured with a tunnel destination so we need another protocol to take care of the destination addresses. In this case NHRP is used for NBMA environment.

Note: Besides the Tunnel IP address, each Spoke and Hub will have a NBMA IP address, which is a public IP address used as the tunnel source IP address. We post the configuration here as an example to help you understand more about the difference of these two IP addresses:

interface fa0/0
ip address
interface tunnel 1
ip address -> Tunnel IP address (private IP)
tunnel source fa0/0 -> NBMA IP address (public IP)
Spoke (Branch 3)
interface fa0/0
ip address
interface tunnel 1
ip address -> Tunnel IP address (private IP)
tunnel source fa0/0 -> NBMA IP address (public IP)

So the Tunnel address is the address configured under “interface tunnel” while the NBMA address is the address used as source of the tunnel.


Next Hop Resolution Protocol (NHRP), defined in RFC 2332, is a Layer 2 address resolution protocol and cache, like Address Resolution Protocol (ARP). NHRP is used by a branch router connected to a non-broadcast, multi-access (NBMA) sub-network to determine the IP address of the “NBMA next hop”; in this case, the headend router or the destination IP address of another branch router.

NHRP is used to map tunnel IP addresses to “physical” or “real” IP addresses, used by endpoint routers. It resolves private addresses (those behind mGRE and optionally IPSEC) to a public address. NHRP is layer 2 resolution protocol and cache, much like Address Resolution Protocol (ARP) or Reverse ARP (Frame Relay).

In order for DMVPN to work correctly, DMVPN relies on NHRP to create a mapping database of all spoke tunnels to real (public) IP addresses. When a Spoke joins a DMVPN network it will register itself with the Hub via NHRP. The NHRP Registration Process is described below:

+ When a Spoke joins a DMVPN network, it sends a Registration Request to the Hub whose IP address has already been configured on the Spoke (via the “ip nhrp nhs <Hub IP address>” command)
+ The Registration Request contains the Spoke’s Tunnel and NBMA addresses along with the hold time -> Hub does not have to statically configure Spoke IP -> simplify Hub configuration
+ Hub then create an NHRP mapping entry in its NHRP cache (just like an ARP cache) to keep the mapping between Spoke’s Tunnel and NBMA addresses. The hold time of this mapping equals to the hold time in the Registration Request.
+ Hub sends a NHRP Registration Reply to the Spoke to complete the process


NHRP Registration Process

+ The Spoke who sends NHRP Registration Request is called NHRP Client (NHC) while the Hub who replies the request is called NHRP Server (NHS).
+ The Spoke’s NBMA address is often its public IP and obtained dynamically while the Spoke’s Tunnel address is the private IP
+ NHRP mapping can be statically configured on both Spoke and Hub

A cool advantage of NHRP is the ability to help DMVPN establish direct Spoke-to-Spoke communication without going through Hub. Let’s see how NHRP works in this case.


NHRP Resolution Process

1. Before a spoke can directly send traffic to another spoke, it must still query the Hub to get the NBMA address of the destination spoke. To do this, Spoke must send a NHRP Resolution Request to the Hub asking for the NBMA address of the destination spoke.
2. The Hub replies with the NBMA (public) address of Spoke 3 (which is in this case). If the Hub does not known NBMA of Spoke 3 it will query Spoke 3 first.
3. The direct IPsec tunnel between two spokes is built only after that. But the spoke-to-spoke tunnel is only temporary and is torn down after a pre-configured period of inactivity to save resources.

+ In case NHS does not have an entry in its cache for the NHC’s query, NHS returns an error and the spoke will install an entry pointing to the NHS. So traffic must flow through the Hub
+ Instead of asking NHS, the destination spoke IP can be statically configured on the NHC.
+ “Resolution” is only used for spoke to spoke communication

Now let’s see the whole picture of how NHRP takes part in the routing process.

1. Suppose Spoke 1 wants to send traffic to network behind Spoke 2. It will look up its routing table and see an entry like this: … via, Tunnel0

(means this subnet was learned from next-hop via its Tunnel0)

2. Spoke 1 looks up its NHRP mapping table to search for the NBMA address of If it can’t find one, it will send an NHRP Resolution Request to get the mapping information from the Hub. Suppose the NBMA address of configured on Spoke 2 is
3. Now Spoke 1 has enough information to encapsulate original packets. It will encapsulate packets with IP source of (its NBMA address) and IP destination of (Spoke 2’s NBMA address) then send to the destination.


In the next part we will learn how to configure DMVPN

  1. Anonymous
    May 1st, 2016

    Hey guys, please send me valid dumps to estebanld @ hotmail . com. thanks.

  2. Is current TUT dump still good?
    June 1st, 2016

    Are these questions and answers from TUT still current for 300-101 test?

  3. melly
    July 29th, 2016

    please can someone help me out with a link to download the free very recent dump 300-101 (ccnp routing).am to write the exam the next week…please would really appreciate….thanks loads

  4. Maarouf
    July 30th, 2016

    Please Send valid dumps of 300-101 at Mustafa_Maarouf_7 @ hotmail.com
    thankx in advance :)

  5. DNNN
    August 8th, 2016


  6. Anonymous
    August 10th, 2016

    Podrian completar el ejemplo con un ruteo de redes ….

  7. Anonymous
    August 18th, 2016

    Can anyone send me the the dump 300-101 questions and reading materials for CCNP please? My email is solkolfe@yahoo dot com

  8. Anonymous
    August 20th, 2016

    Can anyone send me cours for CCNP route 300-101
    e-mail:{email not allowed}

  9. Anonymous
    August 20th, 2016

    {email not allowed}

  10. Anonymous
    September 12th, 2016

    Hi, am taking exam at 24/9/16,can anyone send updated CCcnp routing dumps to my mail {email not allowed}. thanks in advance

  11. guodong
    September 13th, 2016

    Does any one have latest dumps for 300-101 Route exam …. please help send to my email{wgd198752 at yahoo dot com dot sg}. so appreciate that.

  12. Gagz
    September 15th, 2016

    hi can anyone send me CCNP(Route) latest dumps please. My mailing address is

  13. Anonymous
    October 5th, 2016

    @Natasha i would like to ask you if the dump 149q still valid or not. thanks

  14. George
    October 5th, 2016

    @Natasha are the 149q dump still valid or not. thanks

  15. Lisa
    October 5th, 2016

    @Natasha. Please send 149q pdf to thaboketsile(at)gmail(dot)com

  16. Natasha
    October 10th, 2016

    Yes dump is still valid.

  17. Gavno
    October 12th, 2016

    If you dont mind can you please send valid 300-101 to nayrbvp at gmail . com?

    October 14th, 2016


    I’m going to write CCNP routing exam next coming week kindly friends, I need routing dump
    to prepare. plz send it on mahmoudhamid101@g mail.com

  19. Anonymous
    October 15th, 2016

    lease help so I can continue my CCNP Certification Send to rhedreyes2012 @ gmail.com
    Send the valid dump for October 2016 Exam.

    Route 300-101

    Thank you

  20. non
    October 16th, 2016

    great lesson thanks

  21. DonnieBrasco
    October 25th, 2016

    OK, boys and girls:

    I am a red-blooded, native English speaking American who has been in the networking industry as a pro since 2004. So I’ve been doing this Cisco test dance for years and years. I really appreciate the help I get from sites like this one, so I’m reporting my experience taking CCNP-ROUTE 300-101 the afternoon of October 25 in the Denver area. I was like the rest of you when the news popped up that the question bank had changed. Is it for real? Is it a scam? Should I move on to CCNP-SWITCH? At least for now? Lots of questions. No answers. So here I am with your answers. Straight up. You don’t even get a cube of ice.

    Just a ground rule, here: DO NOT ask me for dumps. Does begging some random stranger on the internet to do something for you ever work? It’s pointless. Stop it. Stop it NOW. Besides, the dumps are basically out in plain sight, and I’ll leave it at that.

    If all you’re doing is just pounding through the dumps over & over again, all you’re probably wasting your time and you’ve defiintely watered down the value of the cert for the rest of us. I have been studying the CCNP-ROUTE like a maniac for 10 weeks straight. Use the dumps as a coat of polish on the beatiful work you’ve put in over weeks or months. Otherwise, if you land that CCNP job and someone hands you an assignment, what are you going to do? Look back at your dumps? Nope. Also pointless. Stop. Stop it NOW.

    149 question dump is perhaps 50% valid. The sims in the dumps are 100% bang on. I’m not sure how it could be done any better, actually. And. I got a LOT of sims on my test. So, thanks for whoever is the ultimate source of these dumps, because they can be extremely helpful on test day. I know I crushed my sims due to the help here from digitaltut.

    Aside from sims, I got maybe 8 – 10 questions from the 149 question dump. It was comforting to see those. “Aha! That’s familiar! /smile”
    But many, many of my multiple choice questions were completely unfamiliar to me. And after 10 weeks studying like an animal, I could only rely on process of elimination and experience in the industry. Passing is 790. I scored 771. Not. Quite. Good. Enough.

    There are a lot of stupid questions on the “services” like SNMP and logging. I got a drag and drop that asked to correctly identify the steps in a CHAP three way handshake. No big deal. But… if you’re wondering if the changed questions is a scam, it’s not. I have nothing to sell you. Now or ever. I’m just trying to help. We will have to wait to see what happens with new dumps and such.

    FYI… I currently work for a company that administers its own certification program. I have been on the panel that writes tests. It’s a savage pain in the ass. They have to pull technology experts away from their day-to-day roles for a week for a “test write”. It’s very puzzling that Cisco would make substantial changes to the question bank without also changing the objectives. It’s costly and annoying for pretty much everyone involved. I have no explanation.

    *** administrative note ***
    I’m posting this in a few different places here at digitaltut to spread the word around. I know some knuckleheads are probably only looking at one of the forumes, and I’d hate for some of you to lose out on what little news is available out there.

  22. Aaron001
    October 28th, 2016

    Testmayor preparation material includes the most excellent features, prepared by the same dedicated experts who have come together to offer an integrated solution. We provide the most excellent and easy way to pass your certification exams on the first attempt GUARANTEED

  23. Anno
    November 2nd, 2016

    Not everyone has the money to take the risk to fail as these exams are very expensive (~300 Euros). Learning dumps doesn’t mean that you have no idea of networking, if this is not the only material you are using.

    i have learned alot but still need the dumps so if anyone can provide me the actual dumps would be very nice!

    i.k.q @hotmail.com

    Thanks in advance

  24. Merlz
    November 2nd, 2016

    True that Anno, most of us are perfectly good engineers, but the exam is tight and expensive and off target, there is hardly any bgp but the route blue print is full of it, we need the dumps to get over the exam, obviously we still going to go deeper and dirty with networks

  25. Rocky
    November 11th, 2016

    I am writing CCNP Route 300-101 very soon. I already have the 149q, but I needed new (update) questions. Please send to anghebre at yahoo dot com
    Thanks in advance

  26. andrew
    November 16th, 2016

    Hey Rocky, can you please send me the dumps that u have for 300-101 please? and also the new questions, if you got any. Thanks in advance. please send it to avash123459 @ gmail . com

  27. Markjade
    November 18th, 2016

    very nice

  28. bob
    December 1st, 2016

    is this tutorial informational or is it part of the exam?

  29. Anonymous
    December 7th, 2016

    can i get latest dumps for the route and tshoot exams 300-101 and 300-135

    {email not allowed}


  30. Anonymous
    December 10th, 2016

    can someone please send me route dumps too? ccnpchic @gmail. com
    Thanks a lot! ???? I would like to take the exam too this coming months, i appreciate that

  31. Anonymous
    December 29th, 2016

    i planing to take on January to o . Who can email me latest dumps 300-135

    jiejet@ hotmail.com

  32. Anonymous
    December 31st, 2016

    Hello Everyone

    Can somebody let me know what is the last exam version?

  33. Ronak
    January 16th, 2017

    Hi..can someone confirm which is the valid Dumps 149q or 183q?

    can you please share your experience on the type of questions you saw.

  34. Anonymous
    January 25th, 2017

    Hello everyone,

    can someone send me the latest dump at {email not allowed} please ?


  35. Anonymous
    January 25th, 2017

    Hello everyone,

    can someone send me the latest dump at kamhaw4lif @ hotmail . fr please ?


  36. Pradeep
    January 30th, 2017


    I am looking CCNP R&S TShoot valid dump.

    I helped many and now i need help to get the TShoot dump.

    Please help me and send me valid dump at pradeep.bmas @gmail.com

    Thanks in advance.

  37. Jane woken
    February 2nd, 2017

    can somebody tell me please that what is the last question of 40Q of TAGWA , in my life there is no answer of question “Meaning of priority 0 configured in ospf router?” . Plus do I have to prepare this lab as well “

  38. Anonymous
    February 8th, 2017

    hello everyone,

    would someone send me valid dump please


    erkandursun1225 at gmail.com

    tahnk you.

  39. Anonymous
    February 14th, 2017

    good morning

    I want someone send me valid dump please to my mail {email not allowed}


  40. Anonymous
    February 19th, 2017

    Hi All,

    Can anyone please upload the latest Route 300-101 dump here.
    It would be helpful to all who would appear for the exam.

    Thanks & regards

  41. Passed using this material
    February 21st, 2017

    100% valid exam questions, (AllinONE Package) that you need to clear exam.

    Instant Download

  42. mutt
    February 24th, 2017

    hi to all

    may i have 15q please

    merter.metro (at) gmail . com

  43. Ihsan
    February 25th, 2017


    can anyone please share the latest dumps with me? Thanks in advance!

    i.k.q @ hotmail.com

  44. Kitanga
    March 1st, 2017

    Hello Guys,

    Can anyone send me the valid dump for 300-101.

    {email not allowed}

  45. Kitanga
    March 1st, 2017

    Hello Guys,
    Can anyone send me the valid dump for 300-101.

    abu_husseyn (at) yahoo.com

  46. Anonymous
    March 2nd, 2017

    Please Send valid dumps of 300-101 at {email not allowed}

  47. Asad A KHAN
    March 2nd, 2017

    Please Send valid dumps of 300-101 at {email not allowed}

  48. Asad A KHAN
    March 2nd, 2017

    Please Send valid dumps of 300-101 at asadalikhan96 at yahoo

  49. joeyPH
    March 17th, 2017

    any new dumps?
    please send it to

    b i L L y Jo e 585 @ y a h o o. co m


  50. grateful
    March 18th, 2017

    I took the exam on March 14th. The labs were the same, but there were new questions. Ended up barely passing the exam (in low 800’s), but a pass is a pass. I can now move on to the next venture :-)

  51. Anro Raouf
    March 19th, 2017

    Hi evry body
    can someone send me the last valid dump of 300-101 at alinotala at yahoo dot fr


  52. Anro Raouf
    March 19th, 2017

    Hi evry body
    can someone send me the last valid dump of 300-101 to
    alinotala at yahoo dot fr

  53. Anro Raouf
    March 19th, 2017

    Hi every body
    Can someone telle where i can find the dump : CCIE Collaboration – Written 4051

  54. Anonymous
    April 9th, 2017

    Hi everyone! Can somebody send me the latest valid dump of 300-101 to email at {email not allowed}

  55. Anonymous
    April 22nd, 2017

    What does Command ip cache flow actually display in the output? please help.

  56. Anonymous
    April 23rd, 2017


    If anyone can provide me latest CCNP Routing dumpls would be appreciable..bkz I am gonna to write an exam in next couple of days.. Thanks a lot in advance

  57. Anonymous
    April 23rd, 2017


    If anyone can provide me latest CCNP Routing dumps would be appreciable..bkz I am gonna to write an exam in next couple of days.. Thanks a lot in advance
    my email is – {email not allowed}

  58. charlie
    April 25th, 2017

    hello! I would like to receive 300-101 dump, Is anybody available to send it manga_90 at hotmail dot com

  59. Red1
    April 25th, 2017

    RED just passed routing this monday, labs are updated, except the “show WHATEVER” labs–>Same multiple answers, but different config on routers so you must pay attention to what ever the routers displays.

  60. Groot
    April 26th, 2017

    Hi Red1,

    Can you share the dumps you have used please?

  61. Red1
    April 27th, 2017

    The ones that share Passed 1are correct

  62. jennyjfoy
    May 10th, 2017

    I’ve just passed my Exam 300-101 with http://www.braindumpskey.com/ .

  63. moayad
    June 4th, 2017

    i have fail the exam
    new question
    all the dump is not valid .
    please if some one have a valid dump share it with me .
    the last dump i have Q295 .
    moayad.2514@gmail dout com

  64. Anonymous
    June 8th, 2017

    Welcome to your post. You are wishing to study CCNA or CCNP or higher CCIE as you have no documentation for reference and practice. Do not worry. I have gathered a lot of documents related to CISCO on google drive and the cost to you own this repository is 200k or $ 10.
    This is a link you can access.
    You can preview in your google Drive what it is through:
    Like and subscribe my channel.
    Ok wish you study effectively, through your ebook.

  65. marcus
    June 28th, 2017

    please share vaild dumps for route exam

    {email not allowed}

  66. marcus
    June 28th, 2017

    please share valid dumps for route exam

    realmarcus.com at gmail dot com

  67. achilles
    July 7th, 2017

    please email me the latest dumps noshutshut at gmail dot com

  68. Anonymous
    July 12th, 2017

    please provide me the latest dump for ccna 200-125

  69. ghigho
    July 12th, 2017

    please provide me the latest dump for ccna 200-125

  70. science
    July 14th, 2017

    please share vaild dumps for route exam
    {email not allowed}

  71. Self Study NetEng
    August 3rd, 2017

    Stop begging for Dumps and put the hard work in don’t you Dump Beggars want to know how things really work ? and become a guru that is the goal to strive for.

    Build a home lab with real hardware in addition to using GNS3 and stop putting this wonderful site at risk. Stop contributing to the watering down of Cisco Certifications by flooding the industry with Dumpy Dump Beggar wanabes.

    There are lots of unemployed CCNA, CCNP’s and I would bet that not all but, a fair amount of them are Dumpy Dump Beggars. Go get a Job in retail !

    Message for the people who provide links to the dumpy dumps via this site ” KARMA”

  72. True_one
    August 5th, 2017

    I agree with you Self Study NetEng,
    There is enough information out to become strong enough at Routing so you won’t need dumps. Labs can be built in home, GNS3, and the Cisco website can be used to bring to the level you need to pass the exam and perform at your job.

  73. Anonymous
    September 5th, 2017

    If you want gns3 lab for mpls vpnv4, check this

  74. Syed
    September 11th, 2017

    Please share valid Dumps for route exam. Email ID : {email not allowed}

  75. Syed
    September 12th, 2017

    Please send dumps . I am going to write Route exam
    smahmed1982 (at) gmail

  76. Truth
    September 15th, 2017

    All you anti-dumpers, dumps aren’t just about getting the answers. It’s also about seeing how the questions are worded, what areas to focus on. What you don’t need to go over because you already know that. Pointing out your weakness so you can study more efficiently. I tend to go through the questions and answer without looking at the answer. I write down all the ones I miss then go back and find out why I missed it, and research why the correct answer is such. So chill.

  77. CiscoDaddy
    September 22nd, 2017

    Please Route dump CiscoDaddy at mail. com

  78. Nirvanaerkan
    September 25th, 2017

    Hi everyone,
    Could anyoven send me last version of ccnp dump that still valid please
    erkandursun1225 at gmail dot com

  79. cisco
    September 29th, 2017

    Dear All ,
    Please can any one send to me the latest dump for CCNP routing (razvan_0072@yahoo dot com)

    Thank You

  80. Roy
    October 21st, 2017

    plz sent me latest dump.. {email not allowed}

  81. Roy
    October 21st, 2017

    ncroy88 ad yahoo dot com

  82. CG
    November 14th, 2017

    hello All ,
    Please can anyone send me the latest dump for CCNP route 300-101
    my email address is ” ciscoguru2017 at gmail.com

  83. anonymous
    November 26th, 2017

    thank you

  84. anonymous
    November 26th, 2017

    thank you so much fella

  1. No trackbacks yet.