Exam 300-730 topic 1 question 170 discussion

Thinking D. "support propagation of routing information over IPsec" Sounds like Route Injection via IKEv2 Authorization. This is supported through FlexVPN

DMVPN supports Hub-and-spoke with spoke-to-spoke while FlexVPN does not support spoke-to-spoke. Pg. 37 Table 2-3 Comparing VPN options, CCNP SVPN 300-730 Official Cert Guide.

"B" DMVPN is the correct answer: For the specified requirements of supporting 350 sites with direct communications between all sites, fully encrypting the packet header and payload, and supporting the propagation of routing information over IPsec, the appropriate solution would be DMVPN (Dynamic Multipoint Virtual Private Network). DMVPN is designed to provide scalable and efficient site-to-site VPNs. It supports dynamic creation of direct tunnels between sites, fully encrypts packet header and payload using IPsec, and allows for the propagation of routing information over the VPN tunnels. FlexVPN, while a versatile VPN solution, is not specifically tailored for the dynamic creation of multipoint VPNs like DMVPN. DMVPN is well-suited for scenarios where you have a large number of sites that need to communicate with each other directly. Therefore, the recommended solution for the specified requirements is DMVPN.

In my opinion the best answer is B because the question require a "direct communications between all site" and it is possible to use IPSEC as explained in the link below: https://networklessons.com/cisco/ccie-routing-switching/dmvpn-over-ipsec#IPsec

A. IPsec full mesh --> Does not scale well to 350 routers fully meshed. B. DMVPN --> Does everything, except the routing in IPSec. C. GETVPN --> Does everything, except the IP header encryption. It copies the original header. D. FlexVPN --> This covers all requirements. (It is also newer than the others so i assume Cisco wants to propagate it.)

I am going with GETVPN on this, DMVPN does not support multicast, it is a NBMA network