DMVPN Dual HUB
DMVPN позволяет создать dynamic mesh VPN с автоматическим spoke-to-spoke tunnel establishment.
Сценарий
- Service Provider: Централизованный HUB для множества spokes
- Enterprise: Headquarters (HUB) ↔ Branches (spokes)
- Dynamic: Spokes могут подключаться/отключаться dynamically
Топология
HUB-1 HUB-2
│ │
┌────┼────┬────────┼────┐
│ │ │ │ │
Spoke1 Spoke2 Spoke3 Spoke4 Spoke5
Spokes могут создавать direct tunnels между собойVyOS HUB Configuration
# Tunnel interface
set interfaces tunnel tun0 address '10.255.0.1/24'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 multicast 'enable'
set interfaces tunnel tun0 parameters ip key '1'
# NHRP
set protocols nhrp tunnel tun0 cisco-authentication 'SecretNHRP'
set protocols nhrp tunnel tun0 holding-time '300'
set protocols nhrp tunnel tun0 multicast 'dynamic'
set protocols nhrp tunnel tun0 redirectVyOS Spoke Configuration
# Tunnel
set interfaces tunnel tun0 address '10.255.0.10/24'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 source-address '198.51.100.10'
set interfaces tunnel tun0 remote '203.0.113.1'
# NHRP
set protocols nhrp tunnel tun0 cisco-authentication 'SecretNHRP'
set protocols nhrp tunnel tun0 map 10.255.0.1 register
set protocols nhrp tunnel tun0 nhs 10.255.0.1
set protocols nhrp tunnel tun0 shortcut