Design Highly Available & Secure WAN

Design Highly Available & Secure WAN

Design Highly Available & Secure WAN

In-Order to design a highly Available solution , We have to consider following Aspects

  • Reliability
  • Routing
  • Encryption

Designing Reliable WAN

For VPN Connection

For Basic VPN, High Availability is already there, as each VPN Connection will have two tunnels to connect same network via BGP. Below is the figure which shows how redundancy is achieved.

For VPN Direct Connect

To achieve redundancy, we can use same VPN Connection with same routes, so that if the direct Connection link is down, VPN connection can take over. As AWS Direct Connect routes are always prioritized over VPN, when touting is done for same network over BGP.

Below figure demonstrate the same concepts.

Now in order to achieve the full redundancy via Direct Connect link , we can establish two direct connect connection to two different partner locations , might be in different regions.

Designing Proper Routing to Achieve Symmetric Routing

If we are connecting more than two Direct Connect connection, to connect on-Premises to AWS , in that case , we must configure routing appropriately.

As both Direct Connect link have same priority , so in this case we have to define the routes on the devices, to control the flow of traffic.

Now when we use dynamic routing , failover between links can be achieved automatically , by enabling Bidirectional Forwarding Detection (BFD).

Another method is to use BGP on Devices and use BGP attributes to priorities the traffic over another link.

Designing Secure WAN via Encryption

A Direct Connect links can be secured by configuring IPSec tunnel over it. In order to enable it , we have to configure a public Virtual network interface on the direct connect connection between AWS and our on-Premises Environment.


    You are will be the first.


Please login here to comment.