Introduction to VPN Technologies

GETVPN and DMVPN are 2 commonly used VPN technologies in Enterprise WAN setups especially with large number of remote sites connecting to one HUB or Data Center Site. With both GETVPN and DMVPN technologies Hub to Spoke and Spoke to Spoke communication is possible. When any of these VPN solution needs to be deployed, especially on Cisco Routers, a security license is an additional overhead (cost) which needs to be considered.

Comparison Table: GETVPN vs DMVPN

These VPN terms seem quite similar, however, have some uncommon attributes/behaviours as enlisted in below table –

PARAMETER	GETVPN	DMVPN
Terminology	GETVPN is a tunnel-less VPN technology providing end-to-end security for network traffic across fully meshed topology.	DMVPN provides full meshed connectivity with simple configuration of hub and Spoke. DMVPN forms IPsec tunnel over dynamically/statically addressed spokes.
Encryption	Group protection	Peer to Peer
Scalability	More scalable than DMVPN	Less scalable than GETVPN
Public Internet support	Not supported (because of IP preservation)	Yes
Essential Protocols	GDOI , ESP	NHRP
Multicast performance	Better due to no multicast replication issues.	Lower than in GETVPN
Failover	Route redistribution and Stateful model	Route redistribution model
Tunnel requirement	No	Yes
Target deployment	Customer Sites connected on MPLS requiring additional security for communication across sites. Especially where multicast traffic is essential for enterprise.	Customer Sites connected on Internet requiring Secured path for communication across sites.
Related terms	Key Servers, Group Members, GDOI	mGRE, NHRP
RFC	RFC-3547	RFC 2332,RFC1701
Topologies	Full Mesh	•Hub and Spoke •Partial and Full Mesh
Licensing	Security License on Cisco Routers	Security License on Cisco Routers