The fact is, if you have a WAN environment where your campus hub is connected to multiple remote site spokes and you need the benefits of GRE or IPsec, the amount of configuration required to maintain these static configurations is enormous and impractical. Especially if you’re scaling a large number of satellite sites, every time you need to add one you need to configure both the hub and the spoke side. It’s impractical and time consuming.
DMVPN is a solution that allows you to deploy the hub side once, and never have to touch it again when deploying new sites. The process is enabled by multipoint GRE (mGRE), which uses a single interface on the hub to terminate multiple sites.
DMVPN also comes with the advantage of providing dynamic spoke-to-spoke connectivity; traffic does not have to traverse the hub if traffic needs to be sent from one remote site to another. This feature is made possible by the Next-Hop Resolution Protocol (NHRP). NHRP maps logical tunnels with the physical address of each spoke.
Here are the characteristics and advantages to running DMVPN:
- Simple hub-and-spoke configuration
- Hub router configuration reduction: zero-touch provisioning on the hub when deploying new spokes
- Uses mGRE, NHRP, and IPsec, and allows for automatic IPsec initiation
- Supports dynamically-addressed spoke routers (NHRP registers the dynamic interfaces and/or addresses to the hub router)
mGRE and NHRP also combine with IPsec to achieve the same level of security you’d see with static tunnel configuration.
Stuck-in-Active: Journal of an IT-Network Administrator 