Summary
One of the most challenging aspects of designing an IPSec VPN is choosing an appropriate architectural model. This chapter has presented a variety of architectural models in order to highlight the advantages and disadvantages of each. When selecting one model over another, network designers must choose among tradeoffs, paying close attention to simplification of the configuration and processing efficiency. The combination of these two attributes enables the design of scalable IPSec VPNs. It is also notable that the architectural models are not necessarily mutually exclusive. A large VPN is likely to have different service requirements when comparing large branch offices to small branch offices. For example, the network architect may elect to use a client connectivity model for small home offices while using hub-and-spoke GRE-protected tunnels for large branch office sites. In fact, these functions may be integrated on a single hub platform. Of course, the aggregate requirements must be met on the integrated platform. Integration of various architectural models on a common platform may be necessary for smaller VPNs. In contrast, dedicating a VPN gateway for each architectural model may be economically justified within a large VPN in order to enable scalability. Now that you have seen how to design large-scale VPNs, reliability of the VPN is of paramount importance. In the next chapter, you'll be introduced to methods for achieving fault tolerance in the architectural models discussed in this chapter. |
لطفا منتظر باشید ...
