About the Hub-and-Spoke topology

The Hub-and-Spoke topology is a network architecture in which a hub site is connected to multiple spoke sites for the purposes of exchanging traffic. This topology is the most common for SD-WAN network design because it simplifies network management and provides a higher level of security by routing traffic through the hub site where traffic analysis and categorization is performed. The Hub-and-Spoke topology also enables more efficient use of bandwidth by optimizing and prioritizing traffic at the hub site.

This section describes examples of such topologies that you can build using Kaspersky SD-WAN. Note that when building a Hub-and-Spoke topology, you can use QoS to limit the bandwidth available to CPE devices or specific traffic classes.

Hub-and-Spoke without connection between remote offices

The figure below shows a topology in which remote locations are connected to the central office and cannot directly communicate with each other. SD-WAN networks built using this topology are easy to design and maintain, because all necessary network services and applications are located in the central data center.

CPE devices registering with the orchestrator are automatically included in the management transport service with the Leaf role and can be behind NAT (Network Address Translation) and PAT (Port Address Translation). In this topology, direct exchange of traffic between devices is not possible.

Hub-and-Spoke topology without connection between remote offices

Hub-and-Spoke topology with connection between remote offices through the central office

The figure below shows a topology in which remote locations can communicate with each other through the central office. CPE devices registering with the orchestrator are automatically included in the transport service and can be behind NAT and PAT.

Hub-and-Spoke topology with connection between remote offices through the central office