WAN and VPN - jibingl/CCNA-CCNP GitHub Wiki
WAN
WAN connection services include leased line, Ethernet, DSL, CATV, Fiber, and WLAN.
| Glossary | Explanation |
|---|---|
| Hub-and-Spoke | A WAN topology like center-branches |
| DSL | Digital Subscriber Line |
| Modem | Modulator-demodulator |
| PSTN | Public Switched Telephone Network |
| CATV | Cable Television |
| CE router | Customer Edge router |
| PE router | Provider Edge router |
| P router | Provider router |
| MPLS | Multi-Protocol Label Switching |
| Single-homed | Customer's 1 connection to 1 ISP |
| Dual-homed | Customer's 2 connections to 1 ISP |
| Multihomed | Customer's 2 connections to 2 ISPs |
| Dual Multihomed | Customer's 2 connections to each 2 ISPs |
| DMVPN | Dynamic Multipoint VPN |
MPLS VPN
Label switching - forwarding decision based on labels, not destination IP. Create VPNs over MPLS infrastructure.
.---------ISP-MPLS-net--.
/ \
CE-R1 |PE-R2 P-R1 PE-R3| CE-R2
(+)---------(+)-----------(+)-----------(+)----------(+)
|===========================|
\ L3-MPLS-VPN-tunnel /
`-----------------------`
.-------ISP-(like a SW)-.
/ \
CE-R1 |PE-R2 P-R1 PE-R3| CE-R2
(+)---------(+)-----------(+)-----------(+)----------(+)
==========|===========================|===========
\ L2-MPLS-VPN-tunnel /
`-----------------------`
DMVPN, FlexVPN, and GETVPN
| Feature | DMVPN | FlexVPN | GETVPN |
|---|---|---|---|
| Encryption | IPsec | IPsec (IKEv2) | IPsec (GDOI) |
| Tunneling | GRE/mGRE | GRE, IPsec | No tunnels (uses native IP forwarding) |
| Topology | Hub-and-Spoke, Full-Mesh | Any (Point-to-Point, Hub-Spoke, Full-Mesh) | Full-Mesh |
| Scalability | High (Dynamic Tunnels) | High (Modular Design) | Very High (No Tunnel Overhead) |
| Dynamic Spoke-to-Spoke | ✅ Yes (NHRP) | ✅ Yes | ❌ No |
| Key Feature | Dynamic VPN with NHRP | Unified IKEv2 VPN framework | Group Encryption |
| Interoperability | Cisco-centric | ✅ Better interoperability | Cisco-centric |
| Best for | Branch Networks, Remote Offices | Flexible VPN needs, Mobile Users | MPLS Encryption, Large-Scale WANs |
| Advantages | ✅ Dynamic tunnels ✅ Reduces config overhead ✅ Works over the internet | ✅ IKEv2 support ✅ Modular & unified ✅ Better security & mobility | ✅ No tunnel overhead ✅ Consistent security policy ✅ Scales well over MPLS |
| Disadvantages | ❌ Hub dependency ❌ NHRP complexity | ❌ More complex than DMVPN ❌ Requires IKEv2 knowledge | ❌ Needs private backbone (MPLS) ❌ Not for public internet |