In a DMVPN (Dynamic Multipoint VPN) design:
One site (here, Chicago) functions as the Next Hop Server (NHS), which facilitates dynamic spoke-to-spoke tunnel establishment.
DMVPN is based on multipoint GRE tunnels combined with NHRP (Next Hop Resolution Protocol).
The ability to detect remote tunnel endpoint failures is essential for reliable routing convergence and tunnel restoration.
While GRE (Option C) is the encapsulation mechanism used in DMVPN, it does not inherently provide failure detection. Likewise, VPLS and L2TPv3 are Layer 2 VPN technologies and not applicable in DMVPN design.
To meet the requirement of peer failure detection, the correct mechanism is:
B. IP SLA (Service-Level Agreement): This is a feature that actively monitors the health and reachability of tunnel endpoints through periodic probes (e.g., ICMP echo). When the peer becomes unreachable, routing protocol adjacencies can be withdrawn, and alternate paths selected.
Using IP SLA in a DMVPN design helps detect endpoint failure scenarios such as:
This design pattern is aligned with CCDE v3.1 "Protocol Design Implications", emphasizing resiliency, fault detection, and efficient routing convergence in overlay VPN designs like DMVPN.
