< Home

Hub and Spoke Networking Application

Service Overview

Large financial enterprises, such as banks use the Hub and Spoke networking mode to ensure financial data security. Hub and Spoke networking allows branches to exchange data only through their headquarters. Data transmission between branches is therefore under effective supervision.

In Hub and Spoke networking, the site where the access control device of the headquarters is located is called a Hub site; other sites where branches are located are called Spoke sites. At the Hub site, a device that connects to the VPN backbone network is called a Hub-CE device. At a Spoke site, a device that connects to the VPN backbone network is called a Spoke-CE device. On the VPN backbone network, a device that connects to the Hub site is called a Hub-PE device, and a device that connects to a Spoke site is called a Spoke-PE device.

A Spoke site advertises routes to the Hub site. The Hub site then advertises the routes to other Spoke sites. Spoke sites do not advertise routes to each other. The Hub site controls communication between all the Spoke sites.

Networking Description

In Hub and Spoke networking, the following solutions can be used:

  • EBGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • IGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • EBGP running between the Hub-CE and Hub-PE devices, and IGP running between Spoke-PE and Spoke-CE devices

The following describes these networking solutions in detail:

  • EBGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

    In Figure 1, a route advertised by a Spoke-CE device is forwarded to the Hub-CE and Hub-PE device before being transmitted to other Spoke-PE devices. If EBGP runs between the Hub-PE and the Hub-CE device, the Hub-PE device performs an AS-Loop check on the route. When the Hub-PE device detects its own AS number in the route, it discards the route. To implement Hub and Spoke networking, the Hub-PE device must be configured to allow repeated AS numbers.

    Figure 1 EBGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • IGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

    As shown in Figure 2, all PE and CE devices exchange routes using an IGP, and IGP routes do not contain the AS_Path attribute. The AS_Path field of BGP VPNv4 routes is therefore empty.

    Figure 2 IGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • EBGP running between the Hub-CE and Hub-PE devices, and IGP running between Spoke-PE and Spoke-CE devices

    In Figure 3, the network topology is similar to that shown in Figure 1. The AS_Path attribute of the routes forwarded by the Hub-CE device to the Hub-PE device contains the AS number of the Hub-PE device. The Hub-PE device must therefore be configured to allow repeated AS numbers.

    Figure 3 EBGP running between the Hub-CE and Hub-PE devices, and IGP running between Spoke-PE and Spoke-CE devices

Parent Topic: Application Scenarios for BGP/MPLS IP VPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >