Final Year Project

Project Proposal

DMVPN TECHNOLOGY
USING GNS3 & PACKET TRACER

By
Muhammad Noman Ali (24209)
2017-GCUF-012469

Usama Tanveer (24221)

2017-GCUF-011051

Project submitted in partial fulfillment of

The requirements for the degree of

Bachelor of Science
In
Information Technology

Department of Information Technology

GC University, Faisalabad.

Submitted To: Sir Afzaal Hussain

Supervisor Signature: ………………

ABSTRACT:
An E-learning system comprising of voice and data distribution service has been designed in this
project using a secondary school model as a case study. It involved identification, determination
and specification of data communication products and services that best satisfy user need in a way
that gives room for network scalability, redundancy and effective manageability. The project also
focuses on the design of an enterprise network by effectively deploying technologies and protocols
as Voice over IP, Access Control Lists, EIGRP routing, Fiber Optics, VLSM for addressing, Inter
VLAN routing, Network Address Translation, use of DHCP and wireless routing. This project
should be useful to Network Communications Engineers as it covers the major requirement that
necessitates an enterprise network. . A dynamic multipoint virtual private network (DMVPN) is a
secure network that exchanges data between sites without needing to pass traffic through an
organization's headquarter virtual private network (VPN) server or router .

What is Dynamic Multipoint VPN (DMVPN)?

Dynamic Multipoint Virtual Private Network (DMVPN) is a solution which enables the data to
transfer from one site to another, without having the verification process of traffic. That use to be
held at main VPN server of the concerned organization. This process helps the data to move
from one end to another in the establishment of secured network. It is integrated with a unique
software which construct IPsec and GRE VPNs in an unchallenged way.

Introduction to DMVPN:
Two main technologies are incorporated in it that can be categorized as Next Hop Resolution
Protocol (NHRP) and Multipoint GRE Tunnel Interface. There are some important features
involved like configuration reduction, IP Multicast, Dynamic Routing Protocols and carry spoke
and hub routers beyond Dynamic and Static NAT respectively. It is incorporated with entirely
mashed connectivity with manageable configuration of hub and spoke. The most important
aspect is that it carries dynamically addressed spokes. In order to add new spokes zero-touch
configuration is provided and to create an IPsec Tunnel it is integrated with IPsec triggering.
DMVPN Software solution is also involved in creating new and more secured communication
routes in order to maintain network security while having entire integration with all the relevant
departments.
Four pieces Of DMVPN Puzzle:
• Multipoint GRE (mGRE)

• NHRP (Next Hop Resolution Protocol)

• Routing (RIP, EIGRP, OSPF, BGP, etc.)

• IPsec (not required but recommended)

Components:
Its main component NHRP, where NHS is mapped when spoke dynamically registration occurs.
Dynamic NBMA addresses or NAT is carried out with spoke as well as it also creates dynamic
spoke to spoke tunnels. Data is unicast and on hub routers load reduces. In multipoint GRE
Tunnels there are two dimensions, Single Tunnel Interface, where hub configuration is small and
it also carries multicast. Secondly, Dynamic Tunnel destination, where mapping between NBMA
IP and VPN IP address occurred.

Design:
There are two main designs which are incorporated in this network. First, Hub and Spoke, where
traffic is transferred through hub and quantity of Tunnels should also be same as Spoke. Second,
Spoke to Spoke, where they are dynamic Tunnels and where traffic is also controlled in both
ways Hub and Spoke as well as Hub to Hub. Unicast data traffic tends to Dynamic mesh. Spoke
routers carries spoke to Hub and Spoke to Spoke Tunnels, both.

DMVPN advantages:
There are various advantages of Dynamic Multipoint Virtual Private Network, Large amount of
capital is not required, operational expenses are reduced. In VPN Security, the cost of integrating
multimedia can be experienced with huge decrements. It shows great improvement in business
flexibility, Business can easily complete their targets and if they are facing any sort of loss, they
can easily recover it very soon and reaching at their break-even level is not difficult any more.
The entire business flexibility enhance rapidly. By using IPsec technology disruption in business
also reduced rapidly. Communication routes get more easier. Connectivity in business at branch
to branch level establish a strong connection, particularly for voice sort of application. Huge
decrements in deployment complexity occurs. Zero touch configurations are incorporated.
Hub and Spoke Network Architecture
As point to point link is built in IPsec VPN Networks among routers that are integrated in the
VPNs. The usual way to establish the encrypted network is involved in the process in which
shared secret is created between two endpoints, so that both end can decrypt that what the second
end has encrypted. While managing these point to point links which are in hugeamount it should
be arranged into Hub and Spoke Networks in order to gain maximum efficiency. Encryption and
Decryption occurs two times for secure traffic, first among the source spoke and hub, and second
among the hub and the destination spoke. On a Network when communication occurs multicast
take place among the single source and selected multiple destinations. Multicast protocols are
utilized in videoconferencing and teleconferencing. In broadcasting communication transmission
occurs at a network from one source to all other destinations.

Structure of DMVPN: