Flash Sale

Special Discount Available

We have up to 70% discount!

00 Days:13:03:17
Back to Blog/DMVPN

DMVPN vs MPLS VPN

April 18, 2022
4 min read

OrhanErgun

Table of Contents

Quick navigation5 sections

DMVPN - Dynamic Multipoint VPN and MPLS VPN are two of the most popular VPN mechanisms. In this post, we will look at DMVPN vs MPLS VPN comparison, from many different aspects. At the end of this post, you will be more comfortable positioning these private VPN mechanisms.


DMVPN vs MPLS VPN


When we compare the two protocols, we look at many different aspects. For this comparison, I think very first we should say that DMVPN is a Cisco preparatory tunnel-based VPN mechanism but MPLS VPN is standard-based, RFC 2547, non-tunnel based VPN mechanism. Although, whether MPLS LSP is a tunnel or not is an open discussion in the networking community, we won't start that discussion here again.

DMVPN and MPLS VPN over the Internet


Another important consideration for MPLS VPN vs DMVPN is, that DMVPN can be set up over the Internet but MPLS VPN works over private networks, Layer 2 or Layer 3 based private networks. DMVPN tunnels can come up over the Internet and inside the tunnels routing protocols can run to advertise the Local Area Networks subnets.

But MPLS requires Private network underlay.





Figure - DMVPN Networks can run over Internet or Private Networks 


 

DMVPN vs MPLS VPN Security


Both VPN mechanisms don't come with encryption by default. Many people wrongly know that DMVPN comes with the IPSEC.

In fact, it is wrong. There is only two standard-based technology for DMVPN, they are mandatory for DMVPN. These are; MGRE - Multipoint GRE and NHRP - Next Hop resolution protocol. IPSEC is optional for the DMVPN.

Same for the MPLS VPN. IPSEC or GETVPN can run over MPLS VPN but they don't come together with the MPLS VPN, which means that MPLS VPN doesn't require IPSEC or GETVPN for its operation This is true for the DMVPN as well. It doesn't require either of them.

Last but not least for the security of the MPLS vs DMVPN, GETVPN can provide the most scalable encryption method for both MPLS VPN as well as DMVPN.

MPLS over DMVPN


MPLS can run over DMVPN. The reason for it is to create even more scalable VPNs over DMVPN. Without MPLS, if there are many different business units that need to communicate river DMVPN, to segment those business units' network traffic, many different tunnels would be required.

With MPLS VPN over DMVPN, which is commonly known as 2547 over DMVPN method, we don't need to create multiple DMVPN tunnels, but with just 1 single DMVPN tunnel, we can carry many different business units by segmenting their traffic in a scalable manner.

DMVPN over MPLS VPN


DMVPN can run over MPLS VPN as well. So, DMVPN doesn't only run over the Internet but the underlay network for DMVPN can be an MPLS network. In this case, DMVPN tunnel endpoint reachability is provided by the underlay MPLS VPN network.

Underlay MPLS network can be MPLS Layer 2 VPN or MPLS Layer 3 VPN. In both cases, MPLS VPNs can provide reachability between the DMVPN Hub and Spokes.

So far all this information about MPLS VPN vs DMVPN is applicable for every DMVPN Phase, DMVPN Phase 1, DMVPN Phase 2, and DMVPN Phase 3.

 

OrhanErgun

About the Author

OrhanErgun

He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers.

Share this Article

Subscribe for Exclusive Deals & Promotions

Stay informed about special discounts, limited-time offers, and promotional campaigns. Be the first to know when we launch new deals!