No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
DSVPN Reliability

DSVPN Reliability

Dual Hubs in Active/Standby Mode

In basic DSVPN networking, all Spokes are connected to one Hub. Spokes cannot communicate with each other if the Hub fails. Multiple Hubs can be deployed to improve network reliability.

In Figure 3-9, Hub1 and Hub2 are deployed in the headquarters. Routing policies are deployed on Spokes so that routes to Hub1 have a higher priority than those to Hub2. Normally, Hub1 is the active Hub and Hub2 is the standby Hub.

Figure 3-9  Dual Hubs in active/standby mode

The working mechanism is as follows:
  1. All Spokes are registered with Hub1 and Hub2, and establish active and standby static mGRE tunnels with Hub1 and Hub2 respectively.
  2. The source Spoke sends an NHRP Resolution Request packet to request the public address of the destination Spoke, which is used to establish a dynamic mGRE tunnel.
    • When Hub1 and Hub2 work properly, the NHRP Resolution Request packet is sent to the Hub over the active static mGRE tunnel because the route from the source Spoke to Hub1 has a higher priority. Hub2 forwards the NHRP Resolution Request packet to the destination Spoke.
    • When Hub1 fails, the priority of the route from the source Spoke to Hub1 is reduced and the NHRP Resolution Request packet is sent to Hub2 over the standby static mGRE tunnel. Hub2 then sends the NHRP Resolution Request packet to the destination Spoke.
    • When Hub1 recovers, the NHRP Resolution Request packet is forwarded by Hub1. This is because the route from each Spoke to Hub1 has a higher priority than the route from each Spoke to Hub2.
  3. The destination Spoke sends an NHRP Resolution Reply packet to the source Spoke, and a dynamic mGRE tunnel is set up.

  4. After the dynamic mGRE tunnel is set up, Spokes can directly communicate with each other. In this case, the Hub running status does not affect service flows between Spokes. If the dynamic mGRE tunnel between branch Spokes is torn down because no traffic passes through the tunnel for a long period of time, the Spokes need to reestablish a dynamic mGRE tunnel. The Spokes then determine the Hub to which they send NHRP Resolution Request packets based on the route priority.

Dual Hubs in Load Balancing Mode

A single Hub can connect to a certain number of Spokes due to its performance limitation. When there are many Spokes on a network, you can deploy two or more Hubs to improve the processing capability of the headquarters.

In Figure 3-10, Hub1 and Hub2 are deployed in the headquarters. Not all Spokes can register with one Hub because there are many Spokes, so some Spokes are registered with Hub1 and Hub2 to implement load balancing.

Figure 3-10  DSVPN load balancing

The principle of direct communication between Spokes connected to the same Hub is similar to Principles. Static mGRE tunnels need to be set up between Hubs to allow Spokes connected to different Hubs to directly communicate with each other.

The direct communication process between Spokes connected to different Hubs is as follows:

  1. A source Spoke1 sends an NHRP Resolution Request packet to Hub1 to request the public network address of destination SpokeN.
  2. Hub1 forwards the NHRP Resolution Request packet to Hub2 over the static mGRE tunnel between Hub1 and Hub2.
  3. Hub2 forwards the NHRP Resolution Request packet to the destination SpokeN.
  4. The destination SpokeN obtains the public network address of the source Spoke1 from the NHRP Resolution Request packet and sends an NHRP Resolution Reply packet to the source Spoke1.
  5. The source Spoke1 obtains the public network address of the destination SpokeN from the NHRP Resolution Reply packet and establishes a dynamic mGRE tunnel with the destination SpokeN.

After the dynamic mGRE tunnel is set up, Spokes connected to the two Hubs can directly communicate with each other.

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 34589

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next