Advertisements
Introduction to VPN Technologies
GETVPN and DMVPN are 2 commonly used VPN technologies in Enterprise WAN setups especially with large number of remote sites connecting to one HUB or Data Center Site. With both GETVPN and DMVPN technologies Hub to Spoke and Spoke to Spoke communication is possible. When any of these VPN solution needs to be deployed, especially on Cisco Routers, a security license is an additional overhead (cost) which needs to be considered.
Comparison Table: GETVPN vs DMVPN
These VPN terms seem quite similar, however, have some uncommon attributes/behaviours as enlisted in below table –
PARAMETER |
GETVPN |
DMVPN |
| Terminology | GETVPN is a tunnel-less VPN technology providing end-to-end security for network traffic across fully meshed topology. | DMVPN provides full meshed connectivity with simple configuration of hub and Spoke. DMVPN forms IPsec tunnel over dynamically/statically addressed spokes. |
| Encryption | Group protection | Peer to Peer |
| Scalability | More scalable than DMVPN | Less scalable than GETVPN |
| Public Internet support | Not supported (because of IP preservation) | Yes |
| Essential Protocols | GDOI , ESP | NHRP |
| Multicast performance | Better due to no multicast replication issues. | Lower than in GETVPN |
| Failover | Route redistribution and Stateful model | Route redistribution model |
| Tunnel requirement | No | Yes |
| Target deployment | Customer Sites connected on MPLS requiring additional security for communication across sites. Especially where multicast traffic is essential for enterprise. | Customer Sites connected on Internet requiring Secured path for communication across sites. |
| Related terms | Key Servers, Group Members, GDOI | mGRE, NHRP |
| RFC | RFC-3547 | RFC 2332,RFC1701 |
| Topologies | Full Mesh | •Hub and Spoke
•Partial and Full Mesh |
| Licensing | Security License on Cisco Routers | Security License on Cisco Routers |
 |
||
Download the comparison table: GETVPN vs DMVPN
