357
Configuring ADVPN
Overview
Auto Discovery Virtual Private Network (ADVPN) enables enterprise branches that use dynamic
public addresses to establish a VPN network. ADVPN uses the VPN Address Management (VAM)
protocol to collect, maintain, and distribute dynamic public addresses.
VAM uses the client/server model. All VAM clients register their public addresses on the VAM server.
A VAM client obtains the public addresses of other clients from the server to establish ADVPN
tunnels.
ADVPN structures
ADVPN uses domains to identify VPNs. VAM clients in a VPN must be assigned to the same ADVPN
domain. A VAM client can belong to only one ADVPN domain. A VAM server can serve multiple
ADVPN domains and manage their clients.
VAM clients include hubs and spokes.
• Hub—A hub is the exchange center of routing information. A hub in a hub-spoke network is also
a data forwarding center.
• Spoke—A spoke is the gateway of a branch. It does not forward data received from other
ADVPN nodes.
ADVPN supports the following structures:
• Full-mesh—In a full-mesh ADVPN, spokes can directly communicate with each other. The hub
acts as the route exchange center.
As shown in Figure 142, th
e spokes register with the VAM server and get hub information in the
ADVPN domain. Then, they establish permanent tunnels to the hub.
Any two spokes can establish a dynamic tunnel to directly exchange data. The tunnel is deleted
if no data exists during the idle timeout time.
Figure 142 Full-mesh ADVPN
To Next Page
Loading...
