Authors: Madhan Babu S – Systems Engineer @ Cloud Kinetics & Selvan R – Solution Architect @ Cloud Kinetics
When a server fails, it may be because of a network availability issue or something more serious, such as system failure. To create a secure and encrypted connection between your internet enabled device such as laptop, desktop or iPad, we use a VPN or Virtual Private Network. While creating the VPN connection, you must specify the type of routing that you plan to use, and update the route table for your subnet.
The type of routing that you select can depend on the kind and model of your VPN devices.
In General VPN has two types of routing.
Dynamically routed VPN connections utilize the Border Gateway Protocol (BGP) to exchange routing information between your Virtual Private Gateways and the Customer Gateways.
Statically routed VPN connections require you to enter static routes for the network on your side of the customer gateway.
BGP-publicized and statically entered route information permit gateways on both sides to figure out which passages are accessible and reroute movement if a failure happens. On the off chance that you pick this choice, you should likewise enter at least one route (CIDR locations) to show which movement is to be directed back to your customer gateways (your home network).
An automatic failover system permits immediate off-site handling of database and server setups, ensuring seamless operations if an original system site is under attack by a storm or other disaster.
To achieve the Auto failover in static VPN we can use the below method.
1. Add the smaller CIDR ranges in Primary VPN.
2. Add the higher range in Secondary VPN.
For example, if our on-perm CIDR (Classless inter-domain routing) is 192.168.1.0/24 and we have two VPN connections to AWS with static routing. If we specify the same CIDR in both VPN connections in AWS, traffic become asymmetric.
In the above example, we can split the 192.168.1.0/24 range into 2 smaller CIDR ranges as below
Above CIDR ranges will be added in the Primary VPN in AWS. Higher range of 192.168.1.0/24 will be added in Secondary VPN in AWS. By default, traffic will prefer the smaller CIDR range compared to higher CIDR range. When Primary VPN fails, traffic will automatically route to the Secondary VPN”. The subsequent diagram shows the two tunnels of each VPN connection and two customer gateways.
Auto Failover is a best practice for frameworks that experience damage or lose fundamental network amid different situations, including storms and natural disasters. Organizations may utilize Auto Failover frameworks to ensure against data loss in such circumstances, which are frequently referred to as debacle recuperation plan or crisis planning.