Previous Page Next Page

Implementing Dynamic Mesh Spoke-to-Spoke DMVPN Designs

In a dynamic mesh spoke-to-spoke DMVPN design (also known as Phase 2 DMVPN design, as shown in Figure 16-1), a single mGRE interface is required on both the hub and the spoke routers. Dynamically addressed spokes are supported through the use of the NHRP registration process. When new spokes are added, no changes are required on the hub configuration. The main aspect of this design is that spoke-to-spoke traffic will traverse directly to another spoke (by forming Cisco Express Forwarding (CEF) adjacency), thereby bypassing the hub and reducing latency and load on the hub.

Figure 16-8 shows how the NHRP registration process works in a dynamic spoke-to-spoke DMVPN design. Spokes register their real addresses to the hub by using the NHRP registration process. When a spoke needs to send traffic to a destination (private) subnet on another spoke, it queries the NHRP server for the real (outside) addresses of the other spoke's destination so that it can build direct tunnels.

Figure 16-8. Dynamic Mesh Spoke-to-Spoke DMVPN Design


The NHRP server hub router looks up the NHRP database for the corresponding destination spoke and replies with the real address for the target router. After the originating spoke learns the peer address, it updates its NHRP mapping table for the destination spoke, and the corresponding CEF FIB table entries are created for the neighbor's private subnets. With this information, the spoke is able to build direct CEF adjacency with the target spoke and initiate a dynamic IPsec tunnel with the target spoke.

The spoke-to-spoke tunnels are established on demand whenever traffic is sent between the spokes. Thereafter, packets can bypass the hub and use the spoke-to-spoke tunnel directly, as shown in Figure 16-8.

Implementing Dual Hub Single DMVPN (DHSD) Topology

Based on the understanding of how NHRP registration and CEF adjacency work in a dynamic mesh design, Figure 16-9 illustrates the dual hub topology. Example 16-7 (Hub1), Example 16-8 (Hub2), Example 16-9 (Spoke1), and Example 16-10 (Spoke2) show the basic configuration examples using OSPF implementing the dual hub DMVPN topology scenario in a dynamic spoke-to-spoke design.

Figure 16-9. Dual Hub Dynamic Mesh Spoke-to-Spoke DMVPN Design


Example 16-7. Configuring Dual Hub Single DMVPN Network in a Dynamic Mesh Spoke-to-Spoke Design—Hub1 Router (See Figure 16-9)

hostname Hub1
<..>
! Define Phase 1 SA parameters
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key dmvpnkey address 0.0.0.0 0.0.0.0
!
! Define IPsec encryption and authentication algorithms
crypto ipsec transform-set mytran esp-3des esp-sha-hmac
!
! Define Phase 2 Parameters - IPsec Profile (set peer & match ACL not required)
crypto ipsec profile vpnprof
 set transform-set mytran
!
! Interface that is connected to the private side of the network for encryption
interface Loopback0
! description LAN Private Subnet
 ip address 10.0.0.1 255.255.255.0
!
interface Tunnel0
! description DMVPN HUB1 Router
 bandwidth 1000
! Define Tunnel IP address
 ip address 172.16.1.253 255.255.255.0
 ip mtu 1400
! Define NHRP Server settings
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp map 172.16.1.254 11.11.11.12
 ip nhrp map multicast 11.11.11.12
 ip nhrp network-id 123
 ip nhrp holdtime 360
! Define OSPF Parameters
 ip ospf network broadcast
 ip ospf cost 100
 ip ospf priority 2
 delay 1000
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0
! Define Multipoint GRE Type interface
 tunnel mode gre multipoint
! Define Tunnel key to Secure GRE interface
 tunnel key 12345
! Apply IPsec profile Tunnel Protection
 tunnel protection ipsec profile vpnprof
!
! Egress interface with known static IP (No ACL or Crypto map)
interface GigabitEthernet0/0
 ip address 11.11.11.11 255.255.255.0
<..>
! Define Dynamic Routing Protocol to advertise PRIVATE Subnets via Tunnel
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
 network 172.16.1.0 0.0.0.255 area 0
!
<..>

					  

Example 16-8. Configuring Dual Hub Single DMVPN Network in a Dynamic Mesh Spoke-to-Spoke Design—Hub2 Router (See Figure 16-9)

hostname Hub2
<..>
! Define Phase 1 SA parameters
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key dmvpnkey address 0.0.0.0 0.0.0.0
!
! Define IPsec encryption and authentication algorithms
crypto ipsec transform-set mytran esp-3des esp-sha-hmac
!
! Define Phase 2 Parameters - IPsec Profile (set peer & match ACL not required)
crypto ipsec profile vpnprof
 set transform-set mytran
!
! Interface that is connected to the private side of the network for encryption
interface Loopback0
! description LAN Private Subnet
 ip address 10.0.0.2 255.255.255.0
!
interface Tunnel0
! description DMVPN HUB2 Router
 bandwidth 1000
! Define Tunnel IP address
 ip address 172.16.1.254 255.255.255.0
 ip mtu 1400
! Define NHRP Server settings
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp map 172.16.1.253 11.11.11.11
 ip nhrp map multicast 11.11.11.11
 ip nhrp network-id 123
 ip nhrp holdtime 360
! Define OSPF Parameters
 ip ospf network broadcast
 ip ospf cost 105
 ip ospf priority 2
 delay 1000
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0
! Define Multipoint GRE Type interface
 tunnel mode gre multipoint
! Define Tunnel key to Secure GRE interface
 tunnel key 12345
! Apply IPsec profile Tunnel Protection
 tunnel protection ipsec profile vpnprof
!
! Egress interface with known static IP (No ACL or Crypto map)
interface GigabitEthernet0/0
 ip address 11.11.11.12 255.255.255.0
<..>
! Define Dynamic Routing Protocol to advertise PRIVATE Subnets via Tunnel
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
 network 172.16.1.0 0.0.0.255 area 0
!
<..>

					  

Example 16-9. Configuring Dual Hub Single DMVPN Network in a Dynamic Mesh Spoke-to-Spoke Design—Spoke1 Router (See Figure 16-9)

hostname Spoke1
<..>
! Define Phase 1 SA parameters
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key dmvpnkey address 0.0.0.0 0.0.0.0
!
! Define IPsec encryption and authentication algorithms
crypto ipsec transform-set mytran esp-3des esp-sha-hmac
!
! Define Phase 2 Parameters - IPsec Profile (set peer & match ACL not required)
crypto ipsec profile vpnprof
set transform-set mytran
!
! Interface that is connected to the private side of the network for encryption
interface Loopback0
! description LAN Private Subnet
 ip address 10.1.1.1 255.255.255.0
!
interface Tunnel0
__________________________
! description DMVPN Spoke1
 bandwidth 1000
! Define Tunnel IP address
 ip address 172.16.1.1 255.255.255.0
 ip mtu 1400
! Define NHRP Spoke settings with Static Mapping
 ip nhrp authentication cisco
! Define NHRP Hub1 Mapping
 ip nhrp map multicast 11.11.11.11
 ip nhrp map 172.16.1.253 11.11.11.11
! Define NHRP Hub2 Mapping
 ip nhrp map multicast 11.11.11.12
 ip nhrp map 172.16.1.254 11.11.11.12
! Network ID must match with Server
 ip nhrp network-id 123
 ip nhrp holdtime 360
! Define IP address for both Hubs
 ip nhrp nhs 172.16.1.253
 ip nhrp nhs 172.16.1.254
 delay 1000
 ip tcp adjust-mss 1360
! Define OSPF Parameters
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source FastEthernet0/0
! Define Multipoint GRE Type interface
 tunnel mode gre multipoint
! Define Tunnel key to Secure GRE interface
 tunnel key 12345
!Apply IPsec profile Tunnel Protection
 tunnel protection ipsec profile vpnprof
!
! Egress interface with unknown IP (No ACL or Crypto map). In this example, we are
statically defining IP, but this can be dynamically obtained
interface FastEthernet0/0
ip address 11.11.11.1 255.255.255.0
!
<..>
! Define Dynamic Routing Protocol to advertise PRIVATE Subnets via Tunnel
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
 network 172.16.1.0 0.0.0.255 area 0
!
<..>

					  

Example 16-10. Configuring Dual Hub Single DMVPN Network in a Dynamic Mesh Spoke-to-Spoke Design—Spoke2 Router (See Figure 16-9)

hostname Spoke2
<..>
! Define Phase 1 SA parameters
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key dmvpnkey address 0.0.0.0 0.0.0.0
!
! Define IPsec encryption and authentication algorithms
crypto ipsec transform-set mytran esp-3des esp-sha-hmac
!
! Define Phase 2 Parameters - IPsec Profile (set peer & match ACL not required)
crypto ipsec profile vpnprof
set transform-set mytran
!
! Interface that is connected to the private side of the network for encryption
interface Loopback0
! description LAN Private Subnet
 ip address 10.2.2.2 255.255.255.0
!
interface Tunnel0
! description DMVPN Spoke2
 bandwidth 1000
! Define Tunnel IP address
 ip address 172.16.1.2 255.255.255.0
 ip mtu 1400
! Define NHRP Spoke settings with Static Mapping
 ip nhrp authentication cisco
! Define NHRP Hub1 Mapping
 ip nhrp map multicast 11.11.11.11
 ip nhrp map 172.16.1.253 11.11.11.11
! Define NHRP Hub2 Mapping
 ip nhrp map multicast 11.11.11.12
 ip nhrp map 172.16.1.254 11.11.11.12
! Network ID must match with Server
 ip nhrp network-id 123
 ip nhrp holdtime 360
! Define IP address for both Hubs
 ip nhrp nhs 172.16.1.253
 ip nhrp nhs 172.16.1.254
 delay 1000
 ip tcp adjust-mss 1360
! Define OSPF Parameters
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source FastEthernet0/0
! Define Multipoint GRE Type interface
 tunnel mode gre multipoint
! Define Tunnel key to Secure GRE interface
 tunnel key 12345
! Apply IPsec profile Tunnel Protection
 tunnel protection ipsec profile vpnprof
!
! Egress interface with unknown IP (No ACL or Crypto map). In this example, we are
statically defining IP, but this can be dynamically obtained
interface FastEthernet0/0
ip address 11.11.11.2 255.255.255.0
!
<..>
! Define Dynamic Routing Protocol to advertise PRIVATE Subnets via Tunnel
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
 network 172.16.1.0 0.0.0.255 area 0
!
<..>

					  

Based on Figure 16-9 and Examples 16-7, 16-8, 16-9, and 16-10 on the hub-and-spoke routers, the following outputs illustrate the verification of dynamic routing table (OSPF), the NHRP mapping, and the crypto socket table entries, as explained in the "DMVPN Data Structures" section.

Example 16-11. Dynamic Routing Table Based on Examples 16-7, 16-8, 16-9, and 16-10 Configurations

Hub1# show ip route | include 10.
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O       10.2.2.2/32 [110/101] via 172.16.1.2, 00:13:38, Tunnel0
O       10.0.0.2/32 [110/101] via 172.16.1.254, 00:13:38, Tunnel0
C       10.0.0.0/24 is directly connected, Loopback0
O       10.1.1.1/32 [110/101] via 172.16.1.1, 00:13:38, Tunnel0
<..>
Hub2# show ip route | include 10.
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O       10.2.2.2/32 [110/106] via 172.16.1.2, 00:14:03, Tunnel0
C       10.0.0.0/24 is directly connected, Loopback0
O       10.1.1.1/32 [110/106] via 172.16.1.1, 00:14:03, Tunnel0
O       10.0.0.1/32 [110/106] via 172.16.1.253, 00:14:03, Tunnel0
<..>
Spoke1# show ip route | include 10.
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O       10.2.2.2/32 [110/101] via 172.16.1.2, 00:14:33, Tunnel0
O       10.0.0.2/32 [110/101] via 172.16.1.254, 00:14:33, Tunnel0
C       10.1.1.0/24 is directly connected, Loopback0
O       10.0.0.1/32 [110/101] via 172.16.1.253, 00:14:33, Tunnel0
<..>
Spoke2# show ip route | include 10.
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O       10.0.0.2/32 [110/101] via 172.16.1.254, 00:15:00, Tunnel0
C       10.2.2.0/24 is directly connected, Loopback0
O       10.1.1.1/32 [110/101] via 172.16.1.1, 00:15:00, Tunnel0
O       10.0.0.1/32 [110/101] via 172.16.1.253, 00:15:00, Tunnel0
<..>

					  

Tip

Observe the routing table entries on each spoke. All spokes are learning private subnet routes via OSPF with the next hop set to the corresponding spoke tunnel IP address (which should not be the hub); that is, spoke-to-spoke communication is direct in this model. In dynamic mesh spoke-to-spoke design, routing information is exchanged among the spokes as multicast traffic and mapped in NHRP settings as shown in the previous examples. In the previous section on the hub-and-spoke model, the spoke learns the private subnet routes via the hub with the next-hop address set to the hub router (as shown in Example 16-4).


Example 16-12. NHRP Mapping Table Based on Examples 16-7, 16-8, 16-9, and 16-10 Configurations

Hub1# show ip nhrp
172.16.1.1/32 via 172.16.1.1, Tunnel0 created 00:53:12, expire 00:04:17
  Type: dynamic, Flags: authoritative unique registered used
  NBMA address: 11.11.11.1
172.16.1.2/32 via 172.16.1.2, Tunnel0 created 00:45:33, expire 00:05:06
  Type: dynamic, Flags: authoritative unique registered used
  NBMA address: 11.11.11.2
172.16.1.254/32 via 172.16.1.254, Tunnel0 created 00:58:20, never expire
  Type: static, Flags: authoritative used
  NBMA address: 11.11.11.12
<..>
Hub2# show ip nhrp
172.16.1.1/32 via 172.16.1.1, Tunnel0 created 00:53:36, expire 00:05:53
  Type: dynamic, Flags: authoritative unique registered used
  NBMA address: 11.11.11.1
172.16.1.2/32 via 172.16.1.2, Tunnel0 created 00:45:57, expire 00:04:42
  Type: dynamic, Flags: authoritative unique registered
  NBMA address: 11.11.11.2
172.16.1.253/32 via 172.16.1.253, Tunnel0 created 00:57:27, never expire
  Type: static, Flags: authoritative used
  NBMA address: 11.11.11.11
<..>
Spoke1# show ip nhrp
172.16.1.2/32 via 172.16.1.2, Tunnel0 created 00:00:26, expire 00:04:08
  Type: dynamic, Flags: router
  NBMA address: 11.11.11.2
172.16.1.253/32 via 172.16.1.253, Tunnel0 created 00:52:41, never expire
  Type: static, Flags: authoritative used
  NBMA address: 11.11.11.11
172.16.1.254/32 via 172.16.1.254, Tunnel0 created 00:52:41, never expire
  Type: static, Flags: authoritative used
  NBMA address: 11.11.11.12
<..>
Spoke2# show ip nhrp
172.16.1.1/32 via 172.16.1.1, Tunnel0 created 00:00:03, expire 00:05:43
  Type: dynamic, Flags: router
  NBMA address: 11.11.11.1
172.16.1.253/32 via 172.16.1.253, Tunnel0 created 00:37:28, never expire
  Type: static, Flags: authoritative used
  NBMA address: 11.11.11.11
172.16.1.254/32 via 172.16.1.254, Tunnel0 created 00:37:28, never expire
  Type: static, Flags: authoritative used
  NBMA address: 11.11.11.12
<..>

					  

Tip

Observe that the NHRP mapping table entries on Hub1 show dynamic type for peer spoke1 and spoke2 and the static type for Hub2 (and vice versa); whereas spoke1 and spoke2 show static for each Hub1/Hub2, and dynamic for each peer spoke1 and spoke2. Note that these entries will populate only when traffic is initiated (on-demand tunnel).


Example 16-13. Crypto Socket Table Based on Examples 16-7, 16-8, 16-9, and 16-10 Configurations

Hub1# show crypto sockets

Number of Crypto Socket connections 3

   Tu0 Peers (local/remote): 11.11.11.11/11.11.11.12
       Local Ident  (addr/mask/port/prot): (11.11.11.11/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.12/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.11/11.11.11.2
       Local Ident  (addr/mask/port/prot): (11.11.11.11/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.2/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.11/11.11.11.1
       Local Ident  (addr/mask/port/prot): (11.11.11.11/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.1/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
Client: "TUNNEL SEC" Profile: "vpnprof" Map-name: "Tunnel0-head-0"
<..>
Hub2# show crypto sockets

Number of Crypto Socket connections 3

   Tu0 Peers (local/remote): 11.11.11.12/11.11.11.11
       Local Ident  (addr/mask/port/prot): (11.11.11.12/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.11/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.12/11.11.11.2
       Local Ident  (addr/mask/port/prot): (11.11.11.12/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.2/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.12/11.11.11.1
       Local Ident  (addr/mask/port/prot): (11.11.11.12/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.1/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
Client: "TUNNEL SEC" Profile: "vpnprof" Map-name: "Tunnel0-head-0"
<..>
Spoke1# show crypto sockets

Number of Crypto Socket connections 3

   Tu0 Peers (local/remote): 11.11.11.1/11.11.11.11
       Local Ident  (addr/mask/port/prot): (11.11.11.1/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.11/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.1/11.11.11.12
       Local Ident  (addr/mask/port/prot): (11.11.11.1/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.12/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.1/11.11.11.2
       Local Ident  (addr/mask/port/prot): (11.11.11.1/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.2/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
Client: "TUNNEL SEC" Profile: "vpnprof" Map-name: "Tunnel0-head-0"
<..>
Spoke2# show crypto sockets

Number of Crypto Socket connections 3

   Tu0 Peers (local/remote): 11.11.11.2/11.11.11.11
       Local Ident  (addr/mask/port/prot): (11.11.11.2/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.11/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.2/11.11.11.12
       Local Ident  (addr/mask/port/prot): (11.11.11.2/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.12/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)
   Tu0 Peers (local/remote): 11.11.11.2/11.11.11.1
       Local Ident  (addr/mask/port/prot): (11.11.11.2/255.255.255.255/0/47)
       Remote Ident (addr/mask/port/prot): (11.11.11.1/255.255.255.255/0/47)
       Socket State: Open
       Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
Client: "TUNNEL SEC" Profile: "vpnprof" Map-name: "Tunnel0-head-0"
<..>

					  

Implementing Multihub Single DMVPN (MHSD) Topology

Another extension of multihub topology is to group the hub routers for large-scale, highly redundant DMVPN requirements. All hub routers can point to each other as with NHS in a daisy-chain fashion. MHSD design can be used to forward NHRP packets and data packets while dynamic spoke-spoke tunnels are being created. NHRP Resolution Request/Response always traverses the complete hub daisy chain. If any hub in the group goes down in the chain, NHRP Resolution Request/Response will dynamically converge and reroute packets to other hubs in the chain. Figure 16-10 illustrates this phenomenon.

Figure 16-10. Hub Daisy Chaining DMVPN Design

The information concept in Figure 16-10 is taken from the Cisco Networkers session presentation# SEC-2012 – "Deploying Dynamic Multipoint VPNs (DMVPN)."


Hub routers must use the same routing protocol for both hub-to-hub and hub-to-spoke routing neighbors to exchange routing information for DMVPN networks through mGRE tunnel interfaces.

The following list shows how to configure multiple NHS on hub routers to point to each other, thereby forming a daisy-chain setup in a multihub, spoke-to-spoke, daisy-chain topology.

Figure 16-10 illustrates how the hub routers are grouped in a daisy chain and shows the primary and secondary paths. It also shows the path flow if any hub (Hub3 in this case) goes down.

Implementing Hierarchical (Tree-Based) Topology

As discussed previously, hierarchical (tree-based) DMVPN implementation was introduced in Phase 3 to replace Phase 2-based designs with the capability of spokes from different regions to establish dynamic and direct spoke-to-spoke tunnels bypassing central and regional hubs. In Phase 3, regional DMVPN networks are bound together to form a single hierarchical (tree-based) DMVPN network, including the central hubs. This allows spoke-to-spoke traffic from different regions to establish direct tunnels with each other, as illustrated in Figure 16-2.

Note that Phase 3 hierarchical topology is not daisy-chain topology as discussed earlier. Instead, it uses routing and CEF switching to forward data and NHRP packets optimally through hubs, thus reducing complexity. In addition, spokes are not required to learn individual private LAN routes from all the spokes (full routing table). Private LAN routes can be aggregated and summarized at the hub, thereby reducing the load for routing protocols and providing better convergence.

Caution

Phase 2 and Phase 3 DMVPN cannot coexist on the same DMVPN network. Spokes need to be migrated from Phase 2 DMVPN to Phase 3 DMVPN explicitly. Refer to the following Cisco white paper for more details on migrating from DMVPN Phase 2 to Phase 3: http://www.cisco.com/en/US/products/ps6635/products_white_paper0900.aecd8055c34e.shtml.


Previous Page Next Page