What You Need to Know about Branch Networking: High Availability
We recently fielded a reader’s question on the difference between mesh and star-shaped networks. This gave us the idea to take a closer look into the challenges of site-to-site VPNs in a multi-part series. As a primer, site-to-site VPNs are used to connect independent networks, for example, for branch office networking. In most cases this means that the branch office networks are connected to the network of the company headquarters.
Another possibility is machine-to-machine (M2M) networking. In this case it is machines that communicate with the central gateway. In all cases VPN gateways are used. They establish a connection to the Internet, then they encode and authenticate the IP user data for transmission and tunnel it through the Internet. Most frequently, IPsec is the VPN protocol that is used for these types of connection.
In this series, we’ll discusses aspects of branch office networking that are frequently overlooked during planning or extending site-to-site VPNs – but are critical to a successful delivery. But first, we’ll go over the two main types of networks that used for branch office networking – meshed or star-shaped networks. With meshed networks, the branch offices are not only connected to the headquarters but also amongst each other. With star-shaped networks, however, all communication between the branch offices is channeled through one central VPN gateway. For more on the pros and cons of each network, we’ll nudge you to last week’s reader’s question.
Another criteria to consider with branch networking is high availability, which can differ depending on which branch offices are connected to the main network. This means high availability has to be guaranteed for branch offices which must not break down. Common examples are branch offices of banks and their ATM's or checkout systems of retail chains. In order to guarantee high availability, professional VPN systems support several backup systems.
Monitoring the VPN connection is a basic requirement for being able to carry out backups. One method of connection monitoring is DPD (Dead Peer Detection- RFC). On top of that, the VPN gateway of the branch office should support several alternative media types (communication mediums) for Internet dial up.
The VPN solution should also be able to automatically recognize a communication fault with a remote side. If it does, the VPN gateway disconnects the standard connection automatically a sets up an alternative backup link. Most modern VPN software solutions support infinite backup connections. With these solutions, the restricting factor is the number of communication mediums the hardware supports.
We’ll leave it there for now, but next week we’ll look into the impact central management has on branch networking.