R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)
312
Configuring ADVPN
Overview
Auto Discovery Virtual Private Network (ADVPN) enables enterprise branches that use dynamic public
addresses to establish a VPN network. ADVPN uses the VPN Address Management (VAM) protocol to
collect, maintain, and distribute dynamic public addresses.
VAM uses the client/server model. All VAM clients register their public addresses on the VAM server. A
VAM client obtains the public addresses of other clients from the server to establish ADVPN tunnels.
ADVPN structures
ADVPN uses domains to identify VPNs. VAM clients in a VPN must be assigned to the same ADVPN
domain. A VAM client can belong to only one ADVPN domain. A VAM server can serve multiple ADVPN
domains and manage their clients.
VAM clients include hubs and spokes:
• Hub—A hub is the exchange center of routing information. A hub in a hub-spoke network is also a
data forwarding center.
• Spoke—A spoke is the gateway of a branch. It does not forward data received from other ADVPN
nodes.
ADVPN supports full-mesh, hub-spoke, and hub-group structures:
• Full-mesh—In a full mesh ADVPN, spokes can directly communicate with each other. The hub acts
as the route exchange center.
As shown in Figure 129, the spokes reg
i
ster with the VAM server and get the hub information in
the ADVPN domain. Then, they establish permanent tunnels to the hub.
Any two spokes can establish a dynamic tunnel to directly exchange data. The tunnel is deleted if
no data exits during the idle timeout time.