Skip to main content

Home Hub and spoke network

Hub and spoke network

(also information hiding, data concealment)

Hub and spoke network definition

A hub and spoke network is a network design that connects multiple devices, called spokes, to one central device, a hub. The hub acts as a central point of communication that routes data and messages between the spokes. Each spoke communicates with the hub, and the spokes do not communicate between themselves directly. Businesses and organizations with many remote locations, WANs, and VPNs often use hub and spoke networks as a cost-effective solution.

See also: VPN gateway, WAN

Hub and spoke network advantages

  • Simplicity. Organizations can easily manage and monitor the network because the routing is centralized through the hub.
  • Centralized security. The hub and spoke network facilitates implementation and maintenance of security measures like firewalls and intrusion detection systems. It enables organizations to better audit network activity and detect suspicious behavior.
  • Easy scalability. You can quickly add new spokes to the network because you only need to connect the spokes to the hub, not to every other node.
  • Cost-effective. Because hub and spoke networks require fewer links to connect the nodes, they are usually cheaper than fully meshed networks.

Hub and spoke network disadvantages

  • Single point of failure. If the hub fails, it may affect the entire network, disrupting communication between the spokes.
  • Single point of attack. The centralized system attracts hackers because compromising the hub can give them access to all connected spokes. This increases the risk of lateral movement and the potential impact of a security breach.
  • Potential bottlenecks. If the hub cannot handle the traffic load, it can easily become a bottleneck and harm network performance, causing latency.
  • Limited redundancy. The hub and spoke network has no alternative paths between spokes.