DMVPN Spoke-to-Spoke Vs MPLS

Unanswered Question
Jan 18th, 2010


At my customer, can I replace one infrastructure in MPLS provided by the carrier, with an infrastructure in DMVPN Spoke-to-Spoke over the Internet? Most of the traffic is from remote offices to headquarters.
What are the benefits? What are the disadvantages?
What do you think?
Thank you,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Collin Clark Mon, 01/18/2010 - 09:10

Personally I prefer MPLS. The internet is less stable than carrier networks.Also carriers can provide QoS for VoIP, VC, mission critical apps. If encryption is necessary you can still encrypt quite easily over MPLS. I suggest to my clients to avoid the internet for WAN links at all costs. It's too unreliable for businesses. Using the internet is cheaper, but is it worth it when (not if) you have outages during the business production?

Hope it helps.

Paolo Bratti Thu, 01/21/2010 - 00:22

Hi Collin!

What solution do you think can replace MPLS?
MPLS infrastructure costs a lot of money and not allow me to configure the CE routers, as they are owned by the carrier.
Do you have any other ideas?

Thank you,

Giuseppe Larosa Mon, 01/18/2010 - 09:52

Hello Paolo,

I agree with Collin.

With MPLS you have also a greater scalability either in terms of number sites and on possible traffic volumes involved.

BW needs of branch offices may be moderate now.

Also QoS implementation is easier and results more predictable.

Specially if VOIP is involved it becomes difficult to comply with SLA.

You can however, have an ipsec access to MPLS VPN that is you can have a DMVPN mapped in a VRF to collect traffic from small branches

DMVPN can be a fit for small offices

Hope to help


Paolo Bratti Wed, 01/20/2010 - 03:16

Hello Giuseppe!

giuslar wrote:

DMVPN can be a fit for small offices

What do you mean, when you talk about "small office"?

How many people are in your "small office"?

Thank you,

Giuseppe Larosa Thu, 01/21/2010 - 00:52

Hello Paolo,

I prefer to think in terms of bandwidth.

If a site requires 10 Mbps of more as access link, it becomes more difficult to satisfy  these requirements over time (likely to increase).

That is 10 Mbps of traffic encapsulated in GRE and proteced by IPSEC with 3DES or AES are an heavy load on routers even if they have an hardware VPN module.

You may be interested in some scalability tests that have been published in SRND for DMVPN

also there is an MPLS L3 VPN for enteprise guide


some providers may offer managed CE devices as part of their service package, but this is not a technical necessity in MPLS VPN.

The same providers or other providers may accept that customer provides and manages CE devices.

You may want also to consider the use of  a L2 MPLS VPN service that can be cheaper.

With a L2 MPLS VPN you are responsible for routing between your sites.

The problem with a VPLS service is that if the number of sites connected is high you start to have problems with routing protocols.

Using 802.1Q vlan based point-to-point services allows to replicate a typical Hub and spoke topology as done on FR networks.

Hope to help


Marwan ALshawi Mon, 01/18/2010 - 19:06

i think from redundancy respective DMVPN is a very good solution to make it a redundant/backup path as its dynamic and utilize dynamic routing protocols which make it easier to configure as back path but requires local Internet link on each site


thank you


This Discussion

Related Content