Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.
finkregh
How you make such systems providing a tunnel highly available.

There is an old but easy answer: Not at all! And it get's clearer as soon as you think about such VPN tunnels as what they really are. From a networking perpective, they are not much more than a router, a cable and another router. Think about them as such, and the simplest way to provide high availability is obvious: Dynamic routing protocols between the routers in front and behind the VPN tunnel. Just use two server pairs for the VPN connection. Both pairs are acting absolutely independent. Other components take care of the redundancy.

Most decent L3 Switches or routers support those dynamic routing protocols. or you can even use a Solaris machine by using the Quagga suite available on Solaris 10. I've used for example BGP4 to make VPN end points highly available without the need for any high availability stuff like a cluster.

The idea behind that is simple: The dynamic routing protocol is capable to detect the failure of it's connections to other routers. When a server providing a VPN tunnel or the Internet connectivity is failing, the VPN tunnel fails, and thus the dynamic routing protocol can detect this and route around this proble. It's just business as usual for protocols like BGP4.
Making a VPN connection highly available - c0t0d0s0.org
Tags: work vpn routing
Reposted bydatenwolf datenwolf

Don't be the product, buy the product!

Schweinderl