In a fully meshed topology, as shown in the following figure, all servers are interconnected to form a web, or mesh, with only one hop to any VPN member. Communication can occur between every member of the VPN, whether required or not.
This topology is the most fault-tolerant. If a VPN member goes down, only the connection to that member's protected network is lost. However, this topology has more routing traffic because each VPN member must send updates to every other member. Also, routing loops in a mesh topology can require a significant amount of time to be resolved.
The security of the system as a whole can be maintained and monitored from multiple locations, each deploying a large scale Firebox. This configuration is used by larger enterprises with substantial branch offices, each requiring the higher capacity firewall. Smaller offices and remote users are connected using MUVPN, RUVPN, or SOHOs.
The main issue with fully meshed networks
is scalability. Because every device in the network must communicate with
every other device, the number of tunnels required quickly becomes immense.
Maintaining such a large number of tunnels can also have a considerable
impact on performance. The following equation shows the number of tunnels
required for this configuration:
[(number of devices)2 = number of tunnels]
Partially meshed networks, as shown in the following figure, have only the inter-spoke communications they need and are therefore more scalable than fully meshed networks. A limiting factor in all meshed networks is the number of tunnels that can be supported without overloading the CPU.
Related topics:
Copyright
© 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use