R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide
290
A DVPN comprises one server and multiple clients. The public address of the server in a DVPN must be
static. The private address of a client needs to be statically assigned. The public address of a client can
be manually configured or dynamically assigned. All the private addresses of the nodes composing a
DVPN must belong to the same network segment.
Each client registers the mapping of its private address and public address with the server. After a client
registers its address mapping with the server, other clients can get the public address of this client from
the server. This is for DVPN tunnel establishment between clients. Each client uses the VAM protocol to
communicate with the server and uses the DVPN tunneling protocol to establish, maintain, and remove
tunnels to other clients. Whenever there is a change in the topology, the server will be notified
automatically.
Network structures
DVPN supports two typical networking structures: full mesh and hub-spoke.
• Full mesh DVPN—In a full mesh DVPN, spokes can communicate with each other directly by
establishing tunnels between them, and the hub is mainly used as the routing information exchange
center.
As shown in Figure 124, after the spokes (the client
s) register with the VAM server and get the hub
information in the VPN domain, they establish permanent tunnels with the hub.
Any two spokes can establish a tunnel directly between them. The tunnel is dynamic and will be
aged out if no data exchange occurs on it during the specified period of time (the idle timeout for
the spoke-spoke tunnel).
Figure 124 Full mesh DVPN
• Hub-spoke DVPN—In a hub-spoke DVPN, no tunnel can be established between two spokes, and
data between them has to be forwarded through the hub. The hub is used as both the routing
information exchange center and the data forwarding center.
As shown in Figure 125, ea
ch spoke establishes a permanent tunnel with the hub, and data
between spokes is forwarded through the hub.