Definition

dynamic multipoint VPN (DMVPN)

A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router.

VPNs traditionally connect each remote site to the headquarters; the DMVPN essentially creates a mesh VPN topology. This means that each site (spoke) can connect directly with all other sites, no matter where they are located.

A DMVPN service runs on VPN routers and firewall concentrators.  Each remote site has a router configured to connect to the company’s headquarters VPN device (hub), providing access to the resources available. When two spokes are required to exchange data between each other -- for a VoIP telephone call, for example -- the spoke will contact the hub, obtain the necessary information about the other end, and create a dynamic IPsec VPN tunnel directly between them.

 

Example network diagram of a dynamic multipoint VPN

 DMVPN diagram

Direct spoke-to-spoke deployments provide a number of advantages when compared to traditional VPN deployments:

  • Traffic between remote sites does not need to traverse the hub (headquarter VPN router).
  • A DMVPN deployment eliminates additional bandwidth requirements at the hub.
  • DMVPNs eliminate additional network delays.
  • DMVPNs conserve WAN bandwidth.
  • They lower costs for VPN circuits.
  • They increase resiliency and redundancy.

DMVPN deployments include mechanisms such as GRE tunneling and IPsec encryption with Next Hop Resolution Protocol (NHRP) routing that are designed to reduce administrative burden and provide reliable dynamic connectivity between sites. It is in every company’s advantage to make use of DMVPN where possible, to help reduce WAN costs and increase bandwidth and reliability.

Contributor(s): Tessa Parmenter
This was last updated in November 2011
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchEnterpriseWAN.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: