(https://www.networkbulls.

com/ask)

Answer (https://www.networkbulls.com/ask/unanswered) Login/Register

(https://www.networkbulls.com/ask/ask- (https://www.networkbulls.com/ask/unanswered)
question)

Search
MISCELLANEOUS
(https://www.networkbulls.com/ask/topic/miscellaneous)
Type your query Submit

What is the main difference between

DMVPN Phase 2 and Phase 3 ? Recommended

rocky a (https://www.networkbulls.com/ask/profile/rocky-a) How can you

guarantee a job for
students who has no
experience in
Total 2 Answers 9448
Networking field?
(https://www.networkbulls.com/ask/how-
(http://www.facebook.com/sharer.php?
can-you-guarantee-a-
u=https://www.networkbulls.com/ask/what-is-the-main-difference-
job-for-students-who-
between-dmvpn-phase-2-and-phase-3)
(https://plus.google.com/share? has-no-experience-in-
url=https://www.networkbulls.com/ask/what-is-the-main-difference-
networking-field)
between-dmvpn-phase-2-and-phase-3)
(http://twitter.com/share? How to configure VPN
text=QNA&url=https://www.networkbulls.com/ask/what-is-the-main- between Cisco Router
difference-between-dmvpn-phase-2-and-phase-3) and ASA Firewall?
(https://www.networkbulls.com/ask/how-
to-configure-vpn-
between-cisco-router-
and-asa-firewall)

How to configure
RIPV2 with no auto
Can You answer this question?
summary?
Answer (https://www.networkbulls.com/ask/how-
to-configure-ripv2-
with-no-auto-
summary)
:
 Shakti Srivastava
How to configure PAT
(https://www.networkbulls.com/ask/profile/shakti-
(Port Address
srivastava)
Translation)?
The difference between DMVPN Phase 2 and Phase 3 can be (https://www.networkbulls.com/ask/how-
to-configure-pat-port-
understood in terms of routing.
address-translation-1)

How to configure
So for an example, let's take spoke 1's tunnel ip as 192.168.1.2/24
Default Routing on
and spoke B tunnel ip address as 192.168.1.3/24 both of them Cisco Routers?
registering to the same hub 192.168.1.1/24. Consider that we are (https://www.networkbulls.com/ask/how-
using EIGRP as a routing protocol. Here's is how phase 2 and phase to-configure-default-
routing-on-cisco-
3 would look like
routers)

What is the scope of

CCNA course in India?
Phase: 2 (https://www.networkbulls.com/ask/what-
is-the-scope-of-ccna-
So the spokes essentially preserve their hop which means that course-in-india)
according to the routing table on Spoke A any subnet on spoke B
will be learned via Spoke B tunnel address which is 192.168.1.3. What is scope of CCIE?
Since Spoke A knows tunnel ip address of the destination but is (https://www.networkbulls.com/ask/what-
is-scope-of-ccie)
unaware of the NBMA address it triggers NHRP resolution request
to the Hub. Hub see's that and thinks "Okay I have a resolution
How to remember 7
request for Spoke B, let me forward that to Spoke B". Resolution layers of OSI Model?
request reaches Spoke B , now Spoke B has all the necessary (https://www.networkbulls.com/ask/how-
information to build a dynamic tunnel to Spoke A, it has its to-remember-7-
layers-of-osi-model)
NBMA address and tunnel address ( as can be seen from NHRP
resolution message), so it initiates a spoke to spoke tunnel between
How much salary can
Spoke B and Spoke.
we get after doing
Notice that this packet flow is the control plane as long as there CCNA course in Delhi
Gurgaon?
isn't any direct tunnel between the spokes the traffic continues to
(https://www.networkbulls.com/ask/how-
flow via the hub. much-salary-can-we-
get-after-doing-ccna-
course-in-delhi-
Phase 3:- gurgaon)

Phase 2 has it's own limitations in terms of routing, which means

How many CCIE’s are
while you scale the network to maybe 1000 Spokes the routing there worldwide?
table on each spoke will have too many entries, which essentially (https://www.networkbulls.com/ask/how-
isn't needed. Some of the spokes could just be a small scale routers many-ccies-are-there-
worldwide)
(used in a small store for example) hence it becomes difficult for
the routers to have such a huge routing table. Phase 3 fixes this
Is it possible to pass
problem in the most effective way. So this time EIGRP does not
CCIE Certification in
preserve the next hop rather than next hop self is configured on 1st attempt?
the HUB which means that all the spokes see all the network being (https://www.networkbulls.com/ask/is-
learned from the Hub, that's easy, isn't it !!!! Further, you can it-possible-to-pass-
ccie-certification-in-
summarize your network on the HUB
1st-attempt)
:
 Now hub has NHRP redirect enabled and spoke have NHRP
shortcut enabled ( i will come back to it shortly)

Coming back to our example now Spoke A with source as

192.168.1.2 wants to communicate to 192.1681.3, because of next
hop self on the HUB Spoke A learns it via Hub and starts sending
traffic towards HUB. Now HUB thinks "HOLD ON !!! I got the traffic
and I routed the traffic back the same interface towards Spoke B
which means there is a better path than this" At this point HUB
sends redirect back to the spoke A saying "Excuse me Mr.Spoke A I
got a better path than this, can you please send me a resolution
request so that I can help you in building a direct spoke to spoke
tunnel ". Spoke A says "As you command my master " and sends a
resolution request to HUB which is forwarded to Spoke 2 which in
turn establishes a direct Spoke to Spoke tunnel between A and B.
Spoke A, on the other hand, adds NHRP shortcut for the subnet on
Spoke B.

DMVPN Phase 3 can be used for very large deployments and is lot
more scalable than DMVPN Phase 2, which means you can have a
better hierarchy in DMVPN Phase 3 than in DMVPN Phase. So far in
terms of deployment I haven't found a flaw in DMVPN Phase 2 if
you think that you should go for DMVPN Phase 2 there is nothing
stopping you, it works fine but like I said scaling with DMVPN Phase
3 is a lot more easier than DMVPN Phase 2.

Thanks

Shakti

Agree (2) Disagree (0) Comment

Dushyant Sharma
(https://www.networkbulls.com/ask/profile/dushyant-
sharma)

Phase 2:

When SPOKE wants to communicate with another SPOKE, a

dynamic SPOKE to SPOKE tunnel will get created!

CEF table for SPOKE2 from SPOKE1 route will be incomplete and
will be in incomplete adjacancy
:
 Therefore the SPOKE1 sends a NHRP request to the HUB and when
HUB replies, the SPOKE2 route will become valid

During resolution request, CEF won't be used - Process Switching

using Routing table will be used

Routing table will get updated in SPOKE1 and SPOKE2

Temporary/Dynamic Tunnel valid for 2 hours by default!

Phase 3:

Advantages: Summarization can be done in HUB, but in Phase 2

since we preserve the next hop, we cannot do summarization

Problems in Phase 1:

No dynamic SPOKE to SPOKE tunnel

CPU utilization high on HUB

Problems in Phase 2:

No Summarization possible

Until the resolution reply, process switching is used instead of CEF

Therefore in Phase 3, we combine summarization and exclude

process switching and form Dynamic Spoke to Spoke Tunnels

CEF Table is valid before resolution and after resolution

Agree (2) Disagree (0) Comment

Get in touch with us

[email protected] (mailto:[email protected])

1800-313-2545 (tel:1800-313-2545)

Fill a Form (https://www.networkbulls.com/nb-contactus)

Contact for Employee Verification - Ritu Shyokand, [email protected]

(mailto:[email protected]?subject=Contact for Employee Verification)

Spread the Love

(https://www.facebook.com/networkbullsindia) (https://twitter.com/networkbulls)

(https://www.youtube.com/user/NetworkBulls)
:
 (https://www.linkedin.com/company/network-bulls)

(https://plus.google.com/+NetworkBullsGurgaon)

#NBBLOGS (http://blog.networkbulls.com/)

Quick Links

Network Bulls Why Us Support

Browse Courses 100% Job Guarantee Terms of Services
(https://www.networkbulls.com/allcourse)
(https://www.networkbulls.com/nb-
(https://www.networkbulls.com/nb-
About Us jobguarantee) terms-and-conditions)
(https://www.networkbulls.com/nb-
World's Largest Cisco Labs Privacy Policy
aboutpage) (https://www.networkbulls.com/nb-
(https://www.networkbulls.com/nb-
Best Technical Team cisco-labs) privacy-policies)
(https://www.networkbulls.com/nb-
24x7 Lab Facility Refund Policy
technical-team) (https://www.networkbulls.com/nb-
(https://www.networkbulls.com/nb-
Placements lab-facility) refunds)
(https://www.networkbulls.com/placement-
15 Reasons to Join NB Contact Us
records) (https://www.networkbulls.com/15-
(https://www.networkbulls.com/nb-
Featured Videos reasons-to-join-nb) contactus)
(https://www.networkbulls.com/featured-
Intensive Training Model
videos) (https://www.networkbulls.com/nb-
Photo Gallery intensive-trainings-model)
(https://www.networkbulls.com/photo-
Customer Reviews
gallery) (https://www.networkbulls.com/customer-
NB in Awards reviews)
(https://www.networkbulls.com/nb-
award)
Career @ NB
(https://www.networkbulls.com/career-
nb)

Subscribe Newsletter

Enter your Email Id

Network Bulls is rated 4.5 stars by www.facebook.com/networkbullsindia

based on 838 reviews
:
 SCO-9,10,11,12 - 2nd & 3rd Floor, Above Vishal Mega Mart, Old © Copyright 2009-2019
Delhi Rd, Sec-14, Gurgaon-122001, India @Network Bulls

More than one instance of Sumo is attempting to start on this page. Please check that you are only loading Sumo once per page.
: