In a hub-and-spoke configuration, as shown in the following figure, all VPN tunnels terminate at one end of a centrally located and managed firewall appliance. This configuration is frequently used by smaller enterprises with a central Firebox and many distributed remote users connecting with MUVPN, RUVPN, or SOHO 6 devices.
The master server is the central hub of this topology, with all communications radiating outward to other servers and returning to the master server.
In terms of routing traffic, hub-and-spoke is the least traffic-intensive topology, but the master server is the single point of failure. If the master server goes down, an encrypted tunnel cannot be established to any slave server and the ability to send encrypted data to all protected networks is lost.
Hub-and-spoke is far more scalable than meshed with a much more manageable number of tunnels, as shown in the following equation:
[(number of devices) - 1 = number of tunnels]
The hub site can be expanded as spoke capacity requirements increase. However, because all traffic travels through the hub, this setup requires considerable bandwidth.
Related topics:
Copyright
© 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use