Network and Path Redundancy


IPSec VPNs are a La:yer 3 VPN technology for securing IP traffic and therefore rely on a stable IP-enabled foundation for stability and HA. As such, one critical design consideration for IPSec VPNs is the incorporation of resiliency and HA between the two IP-enabled termination points of the IPSec VPN tunnel. Consider the three sample network topologies illustrated in Figures 5-1 through 5-3. We will use these topologies to illustrate how IPSec HA increases as single points of failure within the underlying IP foundation between the two IPSec tunnel termination points are eliminated.

Figure 5-1. Site-to-Site VPN without Path Redundancy


The topology in Figure 5-1 illustrates a scenario in which no redundancy is designed into the underlying IP infrastructure. This type of design provides many different points at which the IPSec VPN tunnel could fail due to a failure in one of the many nodes in between the termination points of the IPSec tunnel:

  • Interface Failure The two serial interfaces connecting WAN_EdgeA and WAN_EdgeB present single points of failure for the VPN tunnel. If one of those interfaces on either router were to fail, then the Internet Key Exchange (IKE) and IPSec SAs comprising the IPSec VPN tunnel would have to be renegotiated upon recovery of that interface. IPSec can be configured to use multiple interfaces to eliminate these failure points, increasing the availability of the IPSec VPN. Figure 5-2 illustrates a topology in which path redundancy is designed between two VPN gateways at the interface level on WAN_EdgeA and WAN_EdgeB.

    Figure 5-2. Dual-Interface Path Redundancy

  • WAN Infrastructure/Carrier Failure In the design illustrated in Figure 5-1, the integrity of the IPSec VPN tunnel depends directly on the stability of the WAN link between WAN_EdgeA and B. A failure on the provider network would cause the IPSec VPN tunnel to be renegotiated once the failure is repaired. For traffic requiring higher availability in the crypto path, a backup WAN link can be deployed, as depicted in Figure 5-2.

  • Node Failure Even with redundancy built into the design at an interface and link level between the two IPSec VPN gateways, there still exists the possibility that the IPSec VPN tunnel could fail due to a system failure on the VPN gateway itself. Figure 5-3 depicts a topology that provides a greater degree HA at the WAN edge.

    Figure 5-3. WAN Gateway, Interface, and Carrier Redundancy

The topology in Figure 5-3 eliminates all single points of failure between sites A and B, including interface-level, link-level, and node-level failure points. Although it is the most costly of the three designs, the topology in Figure 5-3 provides the greatest degree of path availability for the IPSec VPN tunnel, and it is therefore the soundest IPSec HA design.

Figures 5-1 through 5-3 illustrate how designing resiliency into the infrastructure supporting an IPSec VPN tunnel increases the effectiveness of the IPSec HA design itself by stepping through the elimination of single points of failure. Every removal of a single point of failure along the IPSec VPN tunnel path, however, also increases the cost of the overall solution. As a result, administrators should consider the business requirements of application data to be included in the encrypted path when investing in this area of IPSec HA.




IPsec Virtual Private Network Fundamentals
IPSec Virtual Private Network Fundamentals
ISBN: 1587052075
EAN: 2147483647
Year: N/A
Pages: 113

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net