Tng quan v DMVPN Gii thiu v DMVPN Dynamic Multipoint Virtual Private Network (DMVPN) l s kt hp ca cc cng ngh: IPSec,

mGRE v NHRP. L mt gii php phn mm trn h iu hnh Cisco dng xy dng IPSec+GRE VPN d dng v c kh nng m rng hn.

Cc dng trin khai

trin khai mng DMVPN, chng ta c hai cch thc trin khai. l hub-and-spoke v spoke-and-spoke.

Hub y l Central (Hub t trung tm ca cng ty, cn Spoke l cc chi nhnh, vn phng kt ni n trung tm). Hnh trn minh ha, Hub chnh l phn Central Site, cn Spoke chnh l phn Branches. ng mu xanh chnh l kt ni gia Spoke-and-Spoke, cn mu chnh l kt ni gia Hub-and-Spoke

Cc thnh phn ca DMVPN Cc thnh phn cn thit trin khai mt h thng mng doanh nghip, s dng DMVPN bao gm : H thng Hub v Spoke l nhng thit b h tr tt trong vic to kt ni DMVPN. Cloud dng kt ni c gia Hub v Spoke. H thng Hub v Spoke: Ph bin nht vn l Router ca Cisco. Cloud y m ch nh cung cp dch v internet (ISP). Cloud ny c th l FrameReply, ATM, Leased Lines. K thut thit k Trong thit k DMVPN, c hai topology c xem xt: o Dual hub-dual DMVPN cloud o Dual hub-single DMVPN cloud

Dual DMVPN Cloud Topology

Trong m hnh trn Hub 1 l trung tm chnh, n kt ni vi cc Branch qua DMVPN cloud 1. Hub 2 l d phng trong trng hp Hub 1 gp cht trc trc. Gii php ny c bit n vi kh nng Failover, tc l hn ch s c, lun duy tr kt ni.

Single DMVPN Cloud Topology Trong m hnh ny ch c mt ng mng kt ni tt c cc hub v branch. Gii php ny cung cp kh nng load balanced. So snh gia VPN v DMVPN M hnh VPN thng thng M hnh mng gm mt site trung tm (HUB) kt ni n cc site chi nhnh (SpokeA v SpokeB) qua internet. Vi vic s dng VPN thng thng (IPSec + GRE), trn router HUB cn cu hnh 2 tunnel n SpokeA v SpokeB.

M hnh VPN thng thng

Mt s hn ch ca m hnh trn: Khi to tunnel point-to-point, phi bit c a ch IP ca ngun v ch. Do , cc spoke v HUB chng ta phi thu nhng a ch IP tnh, dn n chi ph cao. router HUB, chng ta phi cu hnh 2 tunnel, 1 cho spokeA v 1 cho spokeB. Gi s mng cng ty gm rt nhiu chi nhnh th trn router HUB s phi cu hnh by nhiu tunnel. Mi tunnel khi c to s c mt c s d liu i km. Nh vy trn router phi lu tr mt c s d liu kh ln. iu ny dn n s tiu tn b nh v CPU trn router HUB l kh ln, gy tn km. Khi spokeA mun giao tip vi spokeB, n phi thng qua HUB. iu ny khng linh ng.

M hnh DMVPN Vi vic s dng DMVPN chng ta s gii quyt c nhng hn ch trn v lm cho h thng tr nn m rng v linh ng hn, bng cch s dng cc giao thc mGRE v NHRP :

M hnh DMVPN

mi spoke, chng ta khng cn phi dng mt a ch tnh na, m c th s dng a ch IP ng do ISP cung cp. V mGRE ch yu cu xc nh a ch ngun, cn a ch ch th s nh mt giao thc khc xc nh. Trn router HUB cng bt buc phi l mt a ch tnh. Trn router HUB, by gi ch cn cu hnh mt tunnel mGRE. Nu thm mt spoke no na th trn HUB cng khng cn phi cu hnh thm. iu ny lm gim ti router HUB

Khi s dng mGRE th vic nh a ch ch s nh vo mt giao thc khc, l NHRP.

Nh vy, vic s dng DMVPN em li nhiu thun li hn so vi VPN thng thng. u im ca DMVPN DMVPN cho php m rng nhng mng IPSec VPN. Ngoi ra n cn c mt s thun li nh sau: Gim phc tp khi cu hnh trn router hub m n cung cp kh nng thm nhiu knh mt cch t ng m khng ng n cu hnh ca hub. Bo m cc packet c m ha khi truyn i H tr nhiu giao thc nh tuyn ng chy trn DMVPN tunnels Kh nng thit lp ng v trc tip gia cc knh spoke-to-spoke IPSec gia cc site m khng cn thng qua hub (nh mGRE v NHRP) H tr cc spoke router vi nhng a ch IP vt l ng (c cp bi ISP)