As meeting the challenge of secure e-business becomes a corporate mandate, VPNs must serve as reliable, highly available means of secure communications - regardless of delays, link failures and connectivity issues.
The Nokia High-Availability (HA) VPN solution allows virtual private networks to fail-over if needed, thereby transparently increasing their availability to users, corporate partners, customers and remote offices. HA VPNs help prevent service interruptions caused by connectivity problems, delays, link failures and component failures - resulting in highly available, secure communications for users at any point on a VPN.
The Nokia HA VPN solution uses two standard routing protocols, OSPF and Virtual Routing Redundancy Protocol (VRRP, RFC 2338). OSPF provides the most efficient route based on hops; VRRP enables fail-over from a primary VPN to a secondary VPN.
When two VPN routers are placed at two sites, each location can establish a primary and secondary VPN for conditions of fail-over. As shown here, router A1 establishes a VPN link to B1 - negotiating IPSec variables such as encryption algorithms, security associations and Internet Key Exchange (IKE). Once in place, the VPN uses OSPF to find and learn the most efficient route over the network.
If router A1 should go down, router A2 will transparently take over. This transition involves A2 assuming the IP and physical layer address (MAC address) of router A1. Router B1 never knows that a transition has occurred, nor do any users, partners, customers or remote offices on its trusted side.
By functioning in this way, Nokia VPN solutions enable companies to advance their e-business operations
competitively and confidently, knowing that services and access will remain highly available.