Designing for High Availability
IPSec is a Layer 3 virtual private network (VPN) technology, offering a wide array of options to execute when designing for High Availability (HA). In this chapter, we will review some of the concepts that impact the availability of an IPSec VPN and introduce specific components of IPSec that present the opportunity to design HA in to the architecture. This chapter provides an introduction to five major areas for designing HA into an IPSec VPN system architecture:
Network and Path Redundancy IPSec VPNs require connectivity between two IP interfaces for tunnel termination. Redundancy can be built into the path between those two points so as to eliminate any single point of failure between the two IPSec tunnel termination endpoints.
IPSec Tunnel Termination Redundancy Terminating or originating an IPSec VPN tunnel from a single interface could decrease the overall availability of the design in a failover scenario. We will discuss several methods for designing HA into the tunnel termination endpoints of an IPSec VPN, including the use of highly available interfaces and the use of redundant interfaces with Hot Standby Router Protocol/Virtual Router Redundancy Protocol (HSRP/VRRP).
Managing Path Availability The setup and teardown of SAs can lead to increased reconvergence times in failover situations, eventually leading to a decreased level of availability in the overall system design. We will discuss several tools and practices for managing path availability in an IPSec VPN designed for HA.
Managing Path Symmetry In order to ensure that the control plane information required to establish, maintain, and tear down Phase 1 and 2 IPSec SAs can be communicated successfully between two IPSec VPN tunnel termination points, there must be a means by which to ensure that the IPSec control plane traffic follows the same return path as its original path. In this chapter, we will explore how path asymmetry can prevent successful negotiation and operation of an IPSec VPN tunnel when two stateless firewalls are injected in between the two tunnel termination endpoints.
Load Balancing Load balancing is traditionally more focused on increasing the overall performance and scalability of IPSec VPN deployment, but the effective use of clustering and load balancing in the design also indirectly improves availability. We will discuss several areas of the overall system architecture that can be balanced across multiple IPSec VPN components in the context of improving the overall availability of the IPSec VPN design.
The scope of this chapter is limited to presenting an overview of HA concepts and areas in which HA can be built in to an IPSec VPN; therefore, specific design solutions for local and geographic IPSec HA are not discussed in this chapter, but rather discussed in Chapter 6, "Site-to-Site Local HA Solutions," Chapter 7, "Site-to-Site Geographic HA Solutions," and Chapter 9, "Remote Access VPN High Availability."