Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
4.1.4 Basic Network Structure
DVPN adopts a client/server model. Among all the access devices in a DVPN domain,
only one can be the server and uses a fixed public IP address, whereas the others
operate as clients. You must configure information about the server manually on each
client to enable the client to register with the server. A session is automatically
established between a client and the server after the client successfully registers with
the server. By sending redirect packets, the server can provide a client with information
about other clients to establish sessions between clients. In this way, the DVPN domain
becomes a fully meshed topology.
Both DVPN control packets and data packets are encapsulated using UDP. Therefore,
DVPN tunnels can be established across NAT gateways to allow clients using private IP
addresses to communicate.
Figure 4-2 A simple DVPN network diagram
4.1.5 Traditional VPN versus DVPN
I. Drawbacks of the traditional VPN
The current VPN solutions commonly use generic routing encapsulation (GRE) or
multiprotocol label switching/border gateway protocol (MPLS/BGP), and the VPNs
constructed by using either technology suffer from the following drawbacks:
Complicated in networking and configuration. Layer 3 VPN technologies employs
point-to-point tunneling schemes. To establish a fully meshed VPN when the
number of access points is N, the number of point-to-point VPN tunnels to be
manually configured is N * (N-1)/2.
Inconvenient in maintenance and expansion. To add a node or change the
configuration of a node in an established VPN, you must reconfigure all other
nodes, which results in high maintenance cost.
GRE cannot traverse NAT gateways. For VPN tunnels that are established using
GRE and have network address port translation (NAPT) gateways deployed at
3Com Corporation
4-5
Chapter 4 DVPN
Advertisement
Chapters
Table of Contents
Troubleshooting
