Which VPN Topology Is Also Known As A Hub-And-Spoke Configuration?

Which VPN Topology Is Also Known As A Hub-And-Spoke Configuration?

In discussions about VPN networks and VPNs in general, the configuration of VPNs and their network configuration tend to be talked less about and somewhat overlooked. But VPN networks and configuration are very important in the operation and working of VPNs. A VPN as we know is a virtual private network that allows users to connect to it using the Internet.

Which VPN Topology Is Also Known As A Hub-and-Spoke Configuration?

A VPN is often used by individuals or companies and businesses to allow employees to securely access private information across public networks. Before we discuss what VPN topology is Known as a hub and spoke configuration we need to understand what a VPN is, what a VPN topology is, and then we will look at what a hub and spoke configuration is.

Which VPN Topology Is Also Known As A Hub-And-Spoke Configuration?
Which VPN Topology Is Also Known As A Hub-And-Spoke Configuration?

What Is A VPN?

A Virtual Private Network(VPN), can be simply defined as a tool that protects its user’s privacy and location when they browse the internet. Regardless of where you’re connecting a VPN from be it an office WiFi or public WiFi your data and information are passed through the VPN in an encrypted form.

The VPN keeps your data and information passed through the internet secured and away from prying eyes. VPN networks function by bypassing your internet traffic and data through encrypted tunnels which makes them invisible to any un-lookers waiting to steal such traffic data

VPNs offer anonymity to users regardless of the public network they are connected to. They can are also used to go around geo-blocking restrictions. Also note that the VPN provider can see whatever traffic to generate and process through the VPN server, and may decide to keep logs of your data and traffic through the VPN network. Most VPN providers promise to not keep logs of your data and information processed through their VPN server, this may not always be the case.

What Is VPN Topology?

VPN topology shows the networks and peers that are incorporated into VPN networks and how they are connected. VPN topology also shows the network layout of the links or connections between sites, that pass through a VPN. VPN topologies are created and used for the configuration of VPN networks.

VPN topology configuration depends on the size of the data to be moved through the configuration and on the purpose the VPN topology configuration is meant to serve. VPN topologies are also referred to as VPN architectures.

What Are The Types Of VPN Topology?

There are several types of VPN topologies in use, for the creation of VPN configurations. The VPN topology type depends on the purpose the configuration is meant to serve and the IPsec technology used for making the VPN. The main types of VPN topologies include;

  1. Hub-and-Spoke Configuration
  2. Full Mesh Configuration
  3. Point-to-Point Configuration

We would be looking into the hub and spoke configuration in more detail than the other types of VPN configuration.

Point-To-Point Configuration

Point to point configuration is a VPN connection between two endpoints usually from a host to another host. The point-to-point VPN configuration is also known as the gateway to gateway VPN configuration. The point-to-point topology allows for the sharing of files and resources between two endpoints directly. The point-to-point topology uses IPsec to secure Internet connection. The topology allows for two routers to safely exchange information with each other.

To launch a point-to-point VPN configuration tunnel connection between two endpoints both sides have to do a successful configuration.

Full Mesh Configuration

Full mesh configuration topology ensures that there is a connection between all sites and devices in a network. The full mesh configuration allows each spoke to connect to every other spoke in the network, ensuring that if one site goes down, traffic can still pass through other sites in an immediate switch of the traffic from that site to another available site.

In setting up your configuration in the full mesh configuration topology more administrators are required and this can turn out to be a big problem. Because you will need to configure and set up each spoke with information about every other spoke in the entire network. This means that every time a new spoke is to be added to the network configuration the same process will have to be repeated.

Hub-And-Spoke Configuration

The Hub-and-Spoke configuration of VPN is also known as “Centralised VPN Configuration”. The hub and spoke VPN configuration converges all VPN tunnels at a central location, achieving global data visibility and control from the central server location. This type of VPN configuration is used mostly by large corporations and establishments wanting to keep an eye on all happenings on the VPN network at all times.

The hub and spoke VPN configuration helps to maintain resource availability, this is because all shared resources can be placed in a well maintained, reliable central server location in the configuration.

In this type of VPN configuration a central device, usually a firewall designated as the spoke, connects to remote VPN devices known as spokes, the spokes are usually routers or firewalls that connect to other remote sites through the central site in the configuration. In the central VPN configuration, the tunneling protocols encrypt data between the VPN client and the VPN server.

This is possible because the central device is connected to all of the remote devices in the network configuration so that if one connection goes down, others remain up. Building the Configuration of the hub and spoke configuration requires fewer administrators as compared to the Full Mesh Configuration which requires very many administrators.

Advantages Of Hub-And-Spoke Configuration

There are several advantages of using the hub and spoke configuration including;

  1. Information is accessed by all spokes in the configuration from the central server location
  2. Information is transmitted directly from the central server location to small destinations
  3. The hub and spoke configuration allows for continuous movement of load packets because it uses a centralized system that enables centralized handoffs
  4. The centralized configuration provides reduced lengths of haul, this reduction improves scheduling
  5. The centralized configuration provides a reduction in transit time of data traffic and helps drivers to comply with hours-of-service regulations.
  6. Hub and spoke configuration has larger network coverage as compared to point for instance

Disadvantages Of Hub-And-Spoke Configuration

The hub and spoke configuration has several advantages but also has downsides including;

  1. The central server location is vulnerable because the central location is a possible single point of failure for VPN tunnels in the hub and spoke configuration model
  2. The Hub and spoke configuration has a high chance of collision domain, where packet retransmission is not done effectively it leads to a collision between domains
  3. Hub and spoke configuration does not have full-duplex mode transmission and needs to always switch modes to meet data and files requests from the spokes in the network
  4. The Hub and spoke configuration cannot reduce network traffic in many situations because the central server serves all client devices at once and not individual nodes
  5. The central configuration model does not support dedicated bandwidth for each attached device


The hub-and-spoke VPN topology is also known as the centralized configuration as we have discussed has widespread use in business settings. The hub and spoke configuration is widely used by large enterprises and service providers that may need to offer branch offices remote access to their corporate networks.

The configuration is the type of VPN configuration commonly used in ISPs, to connect individual offices so that they can take advantage of the large network infrastructure already in place instead of requiring the company to build out new infrastructure every time there is a need for an expansion. As you have seen also there are advantages to using the centralized configuration and also disadvantages but the advantages far outweigh the disadvantages.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button