Connectivity Fault Tolerance for Mission Critical Systems

Many businesses today operate out of multiple locations that need to communicate with each other and one of the most common ways of connecting them is via site-to-site VPNs. Site-to-site VPNs create secure connections between locations over the public internet and make computing resources in one location available in another location. Connecting over the public internet provides a lot of flexibility, but it also puts these businesses as the mercy of ISP outages which, unfortunately, are fairly common. Outages can be caused by human error, physical cable disconnects/damage, technology failures in the ISP’s network stack or a host of other issues. No matter the cause, site-to-site VPNs can’t operate during an outage which means that the business loses critical access to resources. For many businesses this can mean lost revenue, reputational damage or worse.

How is this solved today?

The only way to reliably achieve fault tolerance when an ISP suffers from an outage is to leverage multiple ISPs. While that sounds simple in concept, it’s not easy to implement with site-to-site VPNs. The VPN software must be configured to detect a failover and then subsequently route traffic from the primary connection to the backup. There is a long established protocol for handling this, but it’s not easy to configure and it’s a proprietary protocol which means you’re locked into using specific hardware which typically comes at a steep cost. Newer solutions exist which are far easier to setup, but those still require proprietary hardware and licenses. Alternatively, businesses with very savvy network engineers can manually configure automatic failover, but that type of expertise is hardly common anymore and it’s likely not easy to maintain anyway.

High Availability Site-to-Site VPN with Marconi

Marconi can be an easy to manage, cost effective solution for businesses needing site-to-site VPNs. However, with just a few additional commands it’s possible to use Marconi to create a fault tolerant network with automatic failover to redundant ISP connections. The Marconi Protocol can create multiple mPipes across different physical connections backed by different ISPs and then, using Marconi’s unique L2 bridging functionality, merge those connections to back a single virtual IP. Each site now has a Marconi virtual IP that apps & services in each site can be configured to use with confidence. Even if primary ISP goes down, that IP will still be operational since Marconi will seamlessly failover to the redundant mPipe connection. This can all be achieved on commodity hardware with Marconi’s open source software. Configuration is also minimal since much of the traditional configuration & information exchange needed for VPN setup is handled automatically through the blockchain.

If you’re interested in learning more about how to set this up in your own corporate network or datacenter today contact hello@marconi.org.