Offers superior internet speed and reliability performance, in general.
Reduces the cost of secure communications and connections between branches by integrating VPN with communication practices.
Allows for easier branch-to-branch communications and connections through a centralized system.
Reduces the likelihood of downtime by securing routing with IPsec technology.
Multiple GRE tunnel interfaces: a single GRE interface that can secure several IPsec tunnels, reducing the overall scope of the DMVPN configuration
IPsec tunnel endpoint discovery: meaning that static crypto maps between individual IPsec tunnel endpoints do not have to be configured
Routing Protocols: which can allow the DMVPN to find routes between different endpoints much more effectively
NHRP: which can deploy spokes with assigned IP addresses that can then be connected to from the central DMVPN hub.
There are three distinct types, or phrases, of DMVPN design, all of which can be found on the Cisco DMVPN design guide. To summarize them briefly, however, they are as follows:
DMVPN Phase 1 uses HUB-and-spoke tunnel deployment. The tunnels through which inter-branch connections are made are only built through the central DMVPN hub and the individual spokes, working much like a traditional VPN system.
DMPVN Phase 2 uses spoke-to-spoke tunnel deployment, meaning that data doesn’t have to travel to a central hub first, so long as there are specific routes in place for the spoke subnets.
DMPVN Phase 3 allows for spoke-to-spoke tunnel deployment, but without the specific pre-made routes in place, but rather uses NHRP traffic indication messages from the hub to secure those routes on the fly.