Ability to create a specific backup speedfusion tunnel

Product Discussion Feature Requests
1

I have two projects on the go at the moment where this design would be useful and am bound to come across other projects where this setup would be an ideal.

The customers have dual DC setup, each DC is on its own network (no stretched layer 2 between) and across the 2 are linked by routed private circuits.
Each DC has a hub and one is designated as primary and the other as backup. However as they are different networks you end up with 2x active tunnels but we only want one live at a time, the ability to be able to make one Speedfusion tunnel a specific backup would be ideal (ie: it sits inactive until the primary tunnel fails, if it doesn’t reconnect within a defined threshold then it flips over to the backup tunnel)
So this isnt using a sub tunnel of one Speedfusion tunnel for different traffic, its using a completely separate tunnel to a different peer endpoint IP and routable network.

The key is that both customers want the failover for the site itself so it can always reach a DC and there is always a path back from either DC.

At the moment what we’ve had to do is create both tunnels but have one disabled and in the event of the primary hub failing or primary DC going offline we will enable the second tunnel manually.

We didn’t want 2x active tunnels as this uses valuable bandwidth on the cellular connections (is whats being used at the branch end).

I’ve attached an HLD of the setup,

image
image1562×956 59 KB

1 Like
2

This totally makes sense. We will involve the team to discuss.

@Team_SpeedFusion

2 Likes
3

I guess this can be done by Outbound Policy Expert Mode? You can create a Priority rule to route all Secondary DC traffics to Primary DC and put Secondary DC for failover. Such that the network in Secondary DC will not be reachable because all these traffics will be routed to Primary tunnel, and if Primary tunnel failed, traffics will go to Secondary DC instead. What do you think?

2 Likes
4

Hello @cgreen,
We currently do something similar to what @Steve has mentioned for some of our clients, where we use the priority outbound rules to define the data paths, it is working well for us, have you tried to do this, it can be done with multiple SpeedFusion options at the network edge device.
Happy to Help,
Marcus :slight_smile:

5

We’ve tried with policies but it doesn’t really achieve what we need, what you end up with is 2x active tunnels still.

What both solutions need is pure failover so the 2nd tunnel is sitting in standby mode and not actively using data (albeit small with keepalives etc but nonetheless using data)

2 Likes