Tuesday, August 31, 2004

How can I use a VPN with a network redundancy solution?

In order to setup a VPN connection through a network redundancy router, the following requirements must be met:

- Dynamic IP VPN in “Aggressive Mode”

- IKE Keepalives set to occur fairly often (every 30 seconds recommended)

- Dead peer detection enabled (if available) and set for three misses over 180 seconds or less

VPN Operation:

By configuring VPN in this manner it will work 100% in failover mode (as long as dead peer detection is enabled). It will also work in load balancing mode, however it may occasionally timeout and need to re-sync (reset the SA or Security Association). This is accomplished via the dead peer detection process mentioned above. This re-syncing should not occur very often, and will not as long as the keepalives are set to a low number.

If your VPN does not support NAT pass-through the VPN will NOT work on failover. It is recommended that a NAT enabled VPN solution is used.

If dead-peer detection is not enabled, then manual intervention when a network failure occurs is required.

If you have questions about network redundancy, or would like to know how to implement network redundancy, please post a comment, and we will respond.

How does Internet redundancy work without BGP?

Using a combination of routing technologies (Vector Routing by XRoads Networks) and dynanic DNS services, an organization can setup Internet redundancy through two or more ISP (Internet Service Providers) without needing to use complicated protocols like BGP (Border Gateway Protocol) and the like.

See this PDF for more information Redundancy HowTo.

Vector Routing

Vector Routing is designed to provide two fundamental services, load balancing network traffic across many paths and ensuring redundancy in the case that one or several of those paths fail.


In computer networks, such as the Internet, preventing a smaller portion of the network, or local network (one with only several connections to the rest of the network), from losing connectivity to the rest of the network can be accomplished by providing redundant paths to various points within the larger network.

The Internet as a whole is based on a routing scheme that uses IP address information in order to determine where a packet of information needs to be sent.

Vector Routing ensures redundancy by mitigating, and even eliminating network downtime by employing non-BGP multihoming. The term “multihoming” is used to describe a network that utilizes multiple connections to one or more Internet Service Providers (ISPs). Provisioning two or more connections to the Internet has become the primary means by which organizations build high availability into their access points.

It used to be that only by implementing a routing protocol, known as Border Gateway Protocol (BGP), could an organization deploy a multihomed solution. However, deploying BGP is costly, complex, and requires the cooperation of your ISP(s). In addition, network congestion is a limitation of BGP that causes over 50% of network traffic to be sent over sub-optimal routes.

Many products today are capable of providing connections to two or more diverse paths and use a variety of methods to determine when those paths are available or not available.

The problem is that many of these methods rely on complicated routing protocols to determine whether the path is acceptable for transmitting data traffic over it or not. Beyond being complicated, these routing protocols do not do a very good job of determining how well the path is performing for the end user. As long as data traffic is able to get to its remote destination, the path is used.

Several “network load balancing” products/methods have attempted to solve that problem by probing the local networks gateway routers in an attempt to determine the load of these gateways.

The problem with these solutions is that the load of the local gateway provides little to no information about the overall status of the network path that the local networks traffic is following. Issues that arise beyond the local gateway, within the local service providers network, or even within the 1st tier provider which provides transit for the local service provider, are not detected with this method, and thus do not provide true network redundancy and/or failover from one end of the communications session to the other.

Even if the device performs a per-packet test of the remote destination prior to sending the traffic, additional problems still exist. These problems include: slow response time for the initial packet, large memory requirements to cache routing information for routes which may never be used for long periods of time, and an overall increase in the costs associated with such a solution.


The XRoads Edge utilizes Vector Routing, which is a method for efficiently and accurately redirecting end-to-end communications sessions over the most appropriate network path when two or more diverse network paths are available without adding unneeded delay, or requiring large amounts of unused memory like many “network load balancing” devices require. This ensures a lower cost of total ownership and thus a higher ROI.

Vector Routing’s diverse path selection is based on the continued measurement of multiple predefined remote nodes via two or more diverse network paths to a larger external network. This is accomplished via Multi-Path Probing, and Real World Monitoring. By monitoring these remote nodes and gathering specific data measurements via each diverse network path, the Vector Routing module (software code) running on the XRoads Edge can determine which diverse path traffic should sent.

If the Vector Routing module determines that all paths are operating normally, local network traffic is equally distributed across the multiple network paths. Load balancing can be applied via Vector Routing’s Flexible Bandwidth Management. Using our flexible bandwidth manager, network administrators can determine what percentage of traffic they wish to forward over each of their diverse network paths. Unique to the XRoads Edge, these percentages can be applied per “critical network” (see Best Path Routing – White Paper).

In accord with the path selection by the Vector Routing module a DNS daemon running on the XRoads Edge can also be updated so that only those IP addresses of the network interfaces which a associated with the active network paths are provided in DNS responses to request made from external DNS clients.

The purpose of using diverse network path monitoring and route selection based on the analysis of the monitoring is to replace the existing complex and costly routing protocols used by many network routers today while still providing a more detailed status of the overall network path that many routing protocols do very well. At the same time, the reduced complexity ensures the lower overall cost of the Vector Routing enabled products.

XRoads Networks is a developer of intelligent routing solutions with core compancies in network redundancy and WAN failover systems.

Our strategy is to build the best TCO v. performance products on the market, integrating security, availability, and quality of service features.

XRoads Networks currently has four patents pending based on our Vector Routing, Best Path Routing, Virtual Technician Engine, and AME (Automated Management Engine) software modules which are key components of our Edge product line.

Founded in 2001, XRoads Networks, Inc. has a proven track record for delivering cutting edge products, and has been hailed by leading businesses and broadband service providers alike.