Forum Discussion

daboochmeister's avatar
Oct 01, 2020

GTM (DNS Controller) monitoring of redundant VPN tunnels at different data centers

Hi, all - we have a VPN tunnel to a private VPC in AWS from each of our two data centers. If the tunnel in data center 1 (primary) is up, traffic to that VPC will be routed through that tunnel (via BGP); if that tunnel is down, routing changes will be propagated via BGP so that traffic to that VPC will traverse the tunnel in data center 2 (backup). That's all managed via standard VPN tunnel mechanisms. Because of that, the same IP is used to reach resources in the VPC no matter which tunnel will end up bearing the traffic.

 

I have a requirement to condition some wide-ips based on which tunnel is up. My initial thought was to setup two generic hosts, using the same IP in the VPC, each assigned to a different data center, with an HTTPS health monitor; then if the generic host assigned to the primary data center is up, that means the primary tunnel is up; if not, if the generic host assigned to the backup data center is up, the backup tunnel is up; if neither is up. both tunnels are down.

 

BUT - the GTMs won't allow me to setup two generic hosts with the same IP.

 

So - what is the "best practice" for utilizing availability of VPN tunnels in wide-ips?

 

Sorry if the explanation isn't clear - complex situation.

 

ty

No RepliesBe the first to reply