beautypg.com

Configuring dvpn, Feature and hardware compatibility, Dvpn overview – H3C Technologies H3C SecPath F1000-E User Manual

Page 413: Basic concepts of dvpn, Dvpn node

background image

401

Configuring DVPN

The term "router" in this document refers to both routers and Layer 3 firewalls.

Feature and hardware compatibility

Feature F1000-A-EI/E-SI/S-AI

F1000-E

F5000-A5 Firewall

module

DVPN No

Yes

Yes

Yes

DVPN overview

Nowadays, more and more enterprises are demanding for virtual private networks (VPNs) to connect

their branches across the public network. However, branches of an enterprise usually use dynamically

assigned IP addresses to access the public network and each of them has no way to know the public IP

addresses of the other branches in advance. This makes it difficult for establishing VPNs. Dynamic virtual
private network (DVPN) is intended to address this issue.
DVPN collects, maintains, and distributes dynamic public addresses through the VPN Address

Management (VAM) protocol, making VPN establishment available between enterprise branches that

use dynamic addresses to access the public network.
In DVPN, a collection of nodes connected to the public network form a VPN. From the perspective of

DVPN, the public network is the link layer of the VPN, and the tunnels which are used as the virtual

channels between subnets of an intranet constitute the network layer. Branch devices dynamically access

the public network. DVPN can get the public IP addresses of the peers through VAM to set up secure
internal tunnels conveniently.
When a DVPN device forwards a packet from a user subnet to another, it performs these operations:

1.

Obtaining the next hop on the private network through a routing protocol.

2.

Inquiring the public network address of the next hop through the VAM protocol.

3.

Encapsulating the packet, using the public address as the destination address of the tunnel.

4.

Sending the packet along the tunnel to the destination.

Basic concepts of DVPN

The following key roles are involved in DVPN.

DVPN node

A DVPN node is a device at an end of a DVPN tunnel. It can be a networking device or a host. A DVPN

node takes part in tunnel setup and must implement VAM client.