Dynamic Multipoint VPN - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] dynamic multi-point VPNs now in this section we'll get into some of the basic introduction of dynamic multi-point VPN how it's going to work now if you just get back to some of the basics what we have seen like the classic GRE tunnel there are some major drawbacks to this one is it only supports point-to-point connections and manually we have to configure the channel on both the endpoints not really scalable and also it doesn't support encryption and we need to have a static IP address from each and every point and if that IP address is change or if it is a dynamic IP address in that case the kernel will go down automatically now all these drawbacks we generally overcome most of them in this dynamic multi-point VPN now dmvpn again introduced by cisco in in the late 2000 now if this technology is going to allow you to have dynamic automatically created VPNs now automatically created VPNs means once we configure some of the dmvpn commands it's going to build a logical tunnel it's going to build between them and it also allows you to have dynamically tunnels built between all the spokes so which means by using some of the minimum configuration we can have a full mesh dynamic multi-point full mesh VPNs can be can be implemented between between this down to one router 2 and all the remaining optics can also one more major advantage we get is on the spoke that is on the router - on the router 3 on the router for we can have a dynamic IP addresses now dynamic IP address means something given by the service border keep on changing why our DHCP now let's say the IPS is 25.00 - probably the next day even if it changes still we can the VPN will work so that's something what a dynamic VPN is dynamic multi-point VPN supports now it's acknowledged E which is more similar to frame relay kind of implementations which allows you to have a multi-point VPN like from one router one we can have multiple two different spokes so it's more like a family event folks terminology ways the GRE tunnels are built based on multi-point GRE instead of using a normal GRE tunnels like when I talk about normal GRE tunnel the normal GRE tunnels will have a point-to-point connection so which means let's say if you want to configure from router one router - we create a one subhead point-to-point interface and from router one to router three we have a sub grade point a point and from the router one to the outer core we have a separate point-to-point connection so there's something what a normal GRE support but whereas in case of multi point GRE what we are going to do is we'll have a sorcerous like we'll be using the multi point source but instead of destination we are going to use mode GRE so which means we can have multiple destinations on the same particular source interface it's going to support some multi point connections that's what we call as multi-point vpm and it doesn't have any tunnel destination commands so the major advantage here again it minimizes the conversation complexity it gives some very good flexibility for providing multiple VPN connections and also keeping the cost low so this do repaint implementation can be done by using different different technologies now there are different technologies which will help for the DMV tend to work in that the first one is multi-point GRE in depth so multi-point GRE is more similar to a normal GRE as it says normal GRE is going to have only point-to-point connections where we'll be going to configure tunnel source and tunnel destination commands so which means for every tunnel source you will have a separate destination like a neutral shunt destination then it flows under station like we have some if you want to have three separate point-to-point connections we are going to create three separate point-to-point connections by using an normal CI but whereas in case of multi-point GRE what we are going to do is you are going to use point to multi-point connections where we can have one particular source and we can have multiple destinations so here we don't configure any multi point we don't compute the destination commands instead we use tunnel mode GRE kind of implementation and then there is something called next stop the solution protocol and and we use some dynamic routing protocols and optionally if you want to encrypt your information we can also use ip6 / dynamic multi point VPNs now let's see one by one first let's go with a multi point GRE now in case of multi point GRE there is no tonight dissipation as I said instead of using tunnel destination we use tunnel mode command so we'll be having a tunnel source and tunnel mode command so more on this we'll get into that when we in reaction when we see the actual configurations in the command line tunnel can have multiple endpoints that what it means here so whenever we configure tunnel mode GRE instead of using the tunnel destination your tunnel will have multiple endpoints like most of them in my scenario so I'll be using three separate endpoints which means that outer one is connecting to three different locations and it has three different points that one multi-point connection now the endpoints can be confident GRE or multi-point GRE now it depends like this endpoints either we can configure a point-to-point or we can also configure as a multi-point now the major difference is like if you configure this endpoints as a point-to-point it will have a connection only to this router and it will not build dynamic tunnels between now go to 2003 so that's what we call at TM VPN phase 1a phases we'll talk about that more in detail in a separate video now we can also configure multi points here if now the endpoints that is posed here we can either configure them as point to multi-point or we can call convenience point to point as well now the mapping now this mapping information like how to reach that particular installation because when we don't configures destination now how this router is going to build a dynamic tunnel with this particular IP over now that information is given by some protocol call NH RP next stop is Aleutian protocol so let's talk about the next protocol which will help us in building the dynamic multi-point VPNs so the first one is a multi-point GRE we are using instead of a normal GRE and the second protocol is next for resolution protocol now next time resolution protocol is most similar to your normal ARP or inverse ARP in the frame relay so in case of Ethernet we have some ARP protocol what it is going to do so if I try to ping to a destination IP address 10.0.0.0 now ARP protocol is going to resolve that particular destination IP into a MAC address before it reaches the switch so the same thing happens here as well now here also the let's say there is a user who is supposed to communicate from router one - after - so anytime the protocol is going to provide the mapping of your private IP address to a public IP address in simple in case of nhip terminology or dmvpn terminology we call it as NBA metals is mapped with it unlike payables now here what we are going to do is we are going to create one tunnel from router one route or two and then we are going to build say that 10.00 1 and 10 node resources to IPO - now the NH RV protocol is going to maintain the mapping information of if any is the tunnel IP address is masked with the public IP whatever you used on that particular tunnel destination so that is 25.00 - now if there is a router here that after one wants to communicate with 10.00 - that is the next hop IP address now this stop is going to send it to 25.00 - because the MSRP is going to maintain that mapping information of your tunnel IP address - nbme address n BMA address is the actual IP address or the destination tunnel destination IP address we can say now this mapping is maintained by your NH RP protocol now this information is that it can be billed manually by the administrators we can do this mapping manually or we can hello the NH RP protocol to build this information automatically as well so more similar to a our B so the main job of the NH RP is to resolve the tunnel IP to NB MLS or it's going to maintain a database in that database it's going to maintain the NB a-- metro map with tunnel IP address now based on this information only your dynamic tunnels will build so let's try to get into some more details on how it's going to work how of exactly and in charge B is going to work now if you want n HRP to work normally either you have to do the manual mapping or dynamic mapping so let's say if I am using some dynamic mappings we need to configure as centralized the router as next top server so we refer any one centralized hub or Alfred as next top server and all the remaining will be referred as client next top clients all the reporter Nick stop lines so next top server acts as a mapping agent which is going to store all your mapping now this server is going to keep all the mapping information of your NBN SS to tunnel IP attles so in my scenario it will be like private to public IP mapping now if any next stop client wants to communicate with any specific next stop a server or anything let's say that after to want to communicate with each other out why business is 10.00 to and this is general 2:03 and this is 10.00 one and 10.00 four so we have some IP addresses more similar to Pramila and if this next top servers want to communicate with 10.0 0 to 3 that will be the next shop in that case it's going to send a query to the next top server asking that the private IP address is techno digital root 3 now I want to reach 10 nodes 2 to 3 what will be the N BMA address like like this server is going to maintain that information it says if you want to go to tender we'll see you have to go with this with the shutters now it's going to communicate with this one so it's going to allow you to have dynamic VPN established and this information is provided by the next web server so every client has to send a query message if they want to communicate with any other next-hop clients so the next stop server is going to reply to those queries which are made by next top clients that is the spokes in simple words it is a more similar to your happen spoke where the next top server will be acting as a hub and all the remaining will be referred as for now NH RT uses some different messages for information like there is a message called NH RP the registration request now this registration request is sent by the spoke let's say in my scenario the router to that auto to every spoke router like in this case after 2.2 3 out of 4 what they need to do is they need to register their own information waste server because how the server is going to build the information that's the question here like the router is to whatever the IP errors they are using they say in my scenario that unlikely resistant or 0:02 and whatever the public officials they are using so probably they need to register themselves with with the server so they need to provide their own information to the servers so that the server can maintain that database information so that's what we call as resistors request spokes most registers therefore mdme address in DM address is in my scenario it is to put 2 5 2500 to and then satellite Gators so 10 light-years is let us say at 10.00 - to the next top server now this is something which is required for them to build both two half tunnels so this is really required you know it allows you to build a tunnel from spoke to hub and also it allows allows the particular server to to have some information about the spoke in NBA messes with their own tunnel like petals now then there is something called n HR P resolution request now this resolution request is sent by the spoke it sends a query for the other suppose so it's going to send a query to the hub's outer asking that if it wants to communicate with another spoke what will be the MDM a look for that and then there is something about innocently direct messages it's something using that DMV can phase three implementations in advanced implementations we'll talk about this more in detail where the server is going to answer to the spoke that the how the packet has to be forwarded or the shot is going to intimate the short path duties between spoke to spoke now these are the three different messages used by n HR p2 to provide information or every every spoke every client every spoke has to register their own information with the server and then their every spoke is going to send a query to the server for reaching the other spokes and then finally any table redirect if something is answered by the server about the short path in shortest path information from spoke to spoke [Music]
Info
Channel: Sikandar Shaik
Views: 68,419
Rating: 4.9055796 out of 5
Keywords: na, ccna, ccna videos, noa, ccnp, noa videos, cisco, ccie, subnetting, ccna security, bgp, ospf, firewall, ccna subnetting, ipv6, bgp videos, stp, ccna vdieos, ccna free video, ccie certification, ios, iou, virtual, eigrp, cisco virtual lab, iosv, asav, gns3, routing, noa vdieos, noa solutions, zone based firewall, zone pair, zbf, flsm, cisco firewall, cisco security, cisco certifications, wan, ip addressing, netmetric, vlsm, eigrp configuration, vlan, noa, ccnp, noa videos, cisco
Id: ObIogLQARQA
Channel Id: undefined
Length: 14min 37sec (877 seconds)
Published: Fri Jan 20 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.