Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
What is the difference be...

What is the difference between the A2A and IPSec VPN?

Created: Mar 10, 2020 07:02:29Latest reply: Mar 11, 2020 01:48:59 473 6 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi there,

I learnes from the documentation about the A2A VPN, it seems that A2A VPN is quite similar with the IPSec VPN. Both A2A and IPSec VPN forward the traffic with IPSec encryption.

Does anyone explain the difference between them? And the reason for using the A2A VPN.

Thanks.


Like (0) Dislike (0) Favorite(0) Share Report
Previous: 【AR Router FAQ-License】Top Problems from the Customer Service Hotline and Solutions
Next: Advanced ACL ..
Featured Answers

Best answer

(0) (0)
chenhui
Admin Created Mar 10, 2020 08:13:01

Hi @user_3534491,
For IPSec VPN, it requires a pre-configured tunnel before the flow passing through, which means for massive of access points, to establish a full mesh IPSec network, it’s a huge massive of configuring tasks to do.
A2A VPN provides a group-based IPSec security model. A group is a collection of GDOI policies, and all the GMs in the same group share the same GDOI policies and keys. Unlike the IPSec VPN requires a pre-configured tunnel between the two communication terminals, GMs of A2A VPN download and share the same GDOI policies and keys from KS. When passing flow between any two GMs, no more pre-configured tunnel is required.
What’s more, when using the IPSec tunnel, the outter IP header is usually different from the inner IP header, which might cause the QoS configuration invalid, while for A2A VPN, the outter and inner IP header are the same, it wouldn’t affect the potential QoS configuration.
Commonly, for a small scale network and few access points, we could choose the IPSec VPN, while for massive of acccess points or a full mesh network, it’s better to choose the A2A VPN, it’s more flexibility and management friendly.
View more
  • x
  • convention:
All Answers
(1) (0)
2#
yogijain
yogijain HCIE Created Mar 10, 2020 07:17:03

IPSec VPN is a point-to-point tunneling technology that focuses on data security and encryption. It has the following disadvantages:
Networks face the N2 problem (N branches require N (N-1)/2 tunnels). The configuration and management are complicated and network expansion is difficult.

IPSec VPN results in changes to the original route deployment and cannot provide better QoS processing.

IPSec VPN does not support multicast services and can hardly support intelligent services.

The A2A VPN solution is developed to overcome the preceding disadvantages. A2A VPN adds a new IP header, same as the raw IP header, to establish non-tunnel connections between branches. It manages keys and GDOI policies in a centralized manner, simplifying network deployment and facilitating network expansion. In addition, it supports multicast features and provides QoS guarantee for voice and video services.



https://support.huawei.com/enterprise/en/doc/EDOC1000177805/bf1d4689/overview-of-a2a-vpn
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Mar 10, 2020 08:13:01

Hi @user_3534491,
For IPSec VPN, it requires a pre-configured tunnel before the flow passing through, which means for massive of access points, to establish a full mesh IPSec network, it’s a huge massive of configuring tasks to do.
A2A VPN provides a group-based IPSec security model. A group is a collection of GDOI policies, and all the GMs in the same group share the same GDOI policies and keys. Unlike the IPSec VPN requires a pre-configured tunnel between the two communication terminals, GMs of A2A VPN download and share the same GDOI policies and keys from KS. When passing flow between any two GMs, no more pre-configured tunnel is required.
What’s more, when using the IPSec tunnel, the outter IP header is usually different from the inner IP header, which might cause the QoS configuration invalid, while for A2A VPN, the outter and inner IP header are the same, it wouldn’t affect the potential QoS configuration.
Commonly, for a small scale network and few access points, we could choose the IPSec VPN, while for massive of acccess points or a full mesh network, it’s better to choose the A2A VPN, it’s more flexibility and management friendly.
View more
  • x
  • convention:
(0) (0)
4#
user_3534491
user_3534491 Created Mar 11, 2020 01:36:47

Posted by yogijain at 2020-03-10 07:17 IPSec VPN is a point-to-point tunneling technology that focuses on data security and encryption. It ...
Hi,
It's really thanks for the explaination. It's kindly appreciated if you could explain why the IPSec VPN cannot provide the better QoS processing and the better QoS is based on comparing with which feature?.
Thanks.
View more
  • x
  • convention:
(0) (0)
5#
user_3534491
user_3534491 Created Mar 11, 2020 01:40:53

Posted by chenhui at 2020-03-10 08:13 Hi @user_3534491,For IPSec VPN, it requires a pre-configured tunnel before the flow passing through, ...
Thanks for the explanation.
Basing on you description, how many devices contained in a network which could be considered as a small scale network?
View more
  • x
  • convention:
(0) (0)
6#
user_3534491
user_3534491 Created Mar 11, 2020 01:41:52

Posted by yogijain at 2020-03-10 07:17 IPSec VPN is a point-to-point tunneling technology that focuses on data security and encryption. It ...
By the way, it's kindly appreciated if you could provide the detailed using scenario.
View more
  • x
  • convention:
(0) (0)
7#
chenhui
chenhui Admin Created Mar 11, 2020 01:48:59

Posted by user_3534491 at 2020-03-11 01:40 Thanks for the explanation.Basing on you description, how many devices contained in a network whic ...
Well, there isn't an obviously boundary.
You might consider the recommendation below:
1. The network wouldn't add extra access points frequently.
2. The configuration task wouldn't take a long time to do(It's based on your own situation).
3. It's better that the network is not a full mesh connection network.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.