A Virtual Private Network (VPN) is a logical network that uses insecure public telecommunications, such as the Internet, to provide secure communications to members of the VPN. A VPN seeks to provide the security associated with dedicated communication lines but without requiring the necessary hardware and at a fraction of the cost, which is typically associated with dedicated communication lines.
A VPN works by using shared public infrastructure while simultaneously maintaining privacy through agreed upon security procedures and protocols. Essentially, a VPN uses custom encryption to encrypt messages communicated via the VPN. The encryption and decryption of messages rely upon keys that are securely held by participants of the VPN.
Dynamic Multipoint VPN (DMVPN) is an enhancement of the virtual private network configuration process of conventional network routers. DMVPN prevents the need for pre-configured (static) IPsec peers in the network. IPsec (IP security) is a standard for securing Internet Protocol (IP) communications by encrypting and/or authenticating all IP packets communicated among the network peers. IPsec provides security at the network layer. The DMVPN functionality of conventional network routers allows greater scalability over previous IPsec configurations. An IPsec tunnel between two conventional network routers may be created on an as needed basis. Tunnels may be created between a spoke router and a hub router (VPN headend) or between spokes. This greatly alleviates the need for the hub to route data between spoke networks, as was common in a non-fully meshed frame relay topology.
In DMVPN, network traffic can traverse from one spoke to another. Initially, the network traffic is routed from a first spoke (e.g. Spoke A) to the hub and then from the hub to a second spoke (e.g. Spoke B). At the same time, DMVPN establishes a tunnel from Spoke A to Spoke B. Once the tunnel from Spoke A to Spoke B is created, traffic will be routed via the tunnel. Unfortunately, conventional DMVPN causes a significant drop in the tunnel latency several seconds after the tunnel has been established. This sudden drop in tunnel latency can cause problems in servicing delay-sensitive network traffic.
Thus, a system and method for improved efficiency and security in spoke-to-spoke network communication is needed.