IPSec VPNs are a La:yer 3 VPN technology for securing IP traffic and therefore rely on a stable IP-enabled foundation for stability and HA. As such, one critical design consideration for IPSec VPNs is the incorporation of resiliency and HA between the two IP-enabled termination points of the IPSec VPN tunnel. Consider the three sample network topologies illustrated in Figures 5-1 through 5-3. We will use these topologies to illustrate how IPSec HA increases as single points of failure within the underlying IP foundation between the two IPSec tunnel termination points are eliminated. Figure 5-1. Site-to-Site VPN without Path RedundancyThe topology in Figure 5-1 illustrates a scenario in which no redundancy is designed into the underlying IP infrastructure. This type of design provides many different points at which the IPSec VPN tunnel could fail due to a failure in one of the many nodes in between the termination points of the IPSec tunnel:
The topology in Figure 5-3 eliminates all single points of failure between sites A and B, including interface-level, link-level, and node-level failure points. Although it is the most costly of the three designs, the topology in Figure 5-3 provides the greatest degree of path availability for the IPSec VPN tunnel, and it is therefore the soundest IPSec HA design. Figures 5-1 through 5-3 illustrate how designing resiliency into the infrastructure supporting an IPSec VPN tunnel increases the effectiveness of the IPSec HA design itself by stepping through the elimination of single points of failure. Every removal of a single point of failure along the IPSec VPN tunnel path, however, also increases the cost of the overall solution. As a result, administrators should consider the business requirements of application data to be included in the encrypted path when investing in this area of IPSec HA. |