Manualshelf

R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
321322323324325326327328329330
314
{ All hubs must belong to the backbone hub group. This hub group forms the full-mesh backbone
area. All hubs obtain information about other hubs from the VAM server and establish
permanent ADVPN tunnels to each other.
{ Spokes must belong to non-backbone hub groups. Each non-backbone hub group includes at
least one hub and uses either the full-mesh or hub-spoke structure. Spokes obtain hub
information in the ADVPN domain from the VAM server, and establish permanent tunnels to the
hub.
Tunnel establishment and data forwarding in a hub group depend on the network structure.
Inter-group communications between spokes need to pass the hubs of the groups. To reduce the
pressure on hubs during inter-group communications, you can allow spokes in different hub groups
to establish a dynamic tunnel. The dynamic tunnel is deleted if no data exists during the
idle-timeout time.
Figure 131 Hub-group ADVPN
How ADVPN operates
The VAM server must have a static public address. VAM clients have both a public address and a private
address. The public address is the address of the interface that connects to the public network. It can be
manually configured or dynamically assigned. The private address is the address of the ADVPN tunnel
interface. It must be manually configured. All the private addresses of clients in an ADVPN domain must
belong to the same network segment.
ADVPN operates in three phases: connection initialization, registration, and tunnel establishment.
Connection initialization
As shown in Figure 132, a client and a server take the following steps to initialize a connection:
1. The client sends encryption and authentication algorithms to the server in a connection request.
Hub3
Hub1
Group 1
Group 2
Group 0
Spoke1
Spoke4
Hub2
Tunnel 1
Tunnel 1
Tunnel 1
Tunnel 1
Tunnel 1
Tunnel 1
Spoke2
Spoke3
Tunnel 1
Tunnel 2
Tunnel 2
Tunnel 2
Site 1
Site 2 Site 3 Site 4
Site 5
Site 6
VAM server
Spoke-to-Spoke dynamic tunnel
between two groups
Hub-to-Hub static tunnel
Hub-to-Spoke static tunnel
Spoke-to-Spoke dynamic
tunnel in one group