This post is also available in: Português English Español
According to a survey carried out by the Brazilian Internet Steering Committee, 98% of companies used the Internet in 2015. Taking into account only those companies with more than 250 employees, 100% (all of them!) made use of the worldwide computer network in that year.
Brazilian companies are increasingly connected and dependent on the Internet. For many, any period of unavailability of the network reflects directly or indirectly in financial losses. Faced with this scenario, it has become a challenge to always remain connected.
With the great diversity and offerings of corporate internet plans coupled with the fall in prices, having multiple links has become a very interesting measure when it comes to minimizing the unavailability of Internet access. However, in order for them to be used efficiently, good planning and tools are needed to enable the intelligent management of these resources.
Here are some tips on how to take advantage of the use of redundant links in companies.
Criteria for acquiring internet links
If the purpose of link acquisition is to ensure the availability of access, it is important to contract links from different carriers. Possessing several links from single provider is subject to problems in the structure of the operator itself, resulting in a simultaneous failure in all links.
Attention should also be paid to the cases of operators, generally the small ones, who use shared structures. In this situation, although they are different operators, problems of unavailability of the service have great chances of affecting the set of operators that use such a structure. Because of this, it is suggested to avoid hiring operators that use different trunks to obtain their Internet circuits.
Internet links balancing
With two or more access links, it is important to carry out load-balancing configurations, distributing traffic between available links. That way all the links are used, avoiding idleness and increasing return on the investment made.
For this, it is necessary to have specialized tools that allow this type of configuration. There are specific equipment for this purpose, such as load balance routers, as well as UTM firewallssolutions, with link balancing.
Firewalls with this feature typically display a variety of settings related to link balancing, so traffic distribution can be performed in the following ways:
- Based on addresses: in this model, the traffic is assigned according to the source or destination addresses of the connections. In the case of balancing by the source addresses, it is possible to define that certain equipment or group in the local network travel by a specific link, while other equipment will make use of other links. In the same way, it is possible to parameterize the balancing so that the accesses to predetermined destinations are routed through the desired link.
This type of configuration allows, for example, using links unique to critical sectors of the company or to access critical remote systems. This type of configuration prevents competing traffic from interfering with the performance of highly relevant business activities such as access to banks, electronic invoices, management systems and other web applications considered important to the company.
- Based on services: another possibility is to distribute the traffic between the links according to the type of service associated with the connection.
Example: Set all browsing traffic (HTTP and HTTPS) to be targeted to a specific link, while connections from one network email server use another link and all other connections a third link. Thus browsing traffic will not affect e-mail server connections or other services.
Another advantage derived from this situation is the contracting of cheaper links for navigation (ADLS, for example, with download rates much higher than upload), which does not have a high bandwidth requirement for sending files.
- Round-robin: allows to distribute equally traffic between available links. This type of balancing is more interesting when you do not want to prioritize the traffic by source, destination or service, and when the bandwidth of the links are equal or as close as possible, avoiding waste.
Internet link contingency settings
Another aspect that needs to be considered when dealing with redundant links is the contingency plan, that is, what actions will be taken when a link in operation becomes unavailable. Regardless of whether all network traffic or only part of it is under the link that became unavailable, it is desirable to ensure the availability of all connections assigned to it.
Some companies have contingency links to be used only when the main link fails (link backup). In these cases, the most common is to perform a physical exchange of links, disconnecting and connecting cables, as well as adjustments of settings in the workstations and servers.
There are also some UTM firewall solutions that allow you to make settings for exchanging traffic to other links, such as simply changing the router’s default gateway or another rules. This type of facilitated procedure still requires manual intervention, as it is known as SwitchOver. Although it is faster than situations requiring physical changes, a human intervention is still necessary, first to identify the sinister on the link and then to perform the necessary settings.
Modern firewalls allow you to automate this entire process in a simplified way, without requiring any administrator intervention. This type of contingency configuration is known as FailOver.
FailOver
FailOver, in general, is the term used to define the ability of a system or service, in case of failure of one of its components, automatically change its operation using a redundant component. The term FailOver is commonly found translated as “fault tolerance”.
Within the context of computer networks, FailOver is the ability of the device responsible for managing the links, detecting a possible failure or degradation in one of them, and performing the exchange of previously assigned traffic for a redundant link automatically.
The FailOver feature can be found in some firewall solutions, often under the name of automatic link redundancy. In environments where high availability is desired, this is an essential resource.
Firewalls that rely on the automatic link redundancy feature have mechanisms to frequently monitor the status of links and their availability, and when detecting any abnormality, perform the contingency configuration procedures, using another link to meet the demands previously to those who presented the fault. Which link will be used and what type of traffic will be migrated will be settings previously defined in the firewall settings.
Other important skills associated with FailOverare to record, maintain a history of link state changes, and notify an administrator of the changes. This allows those responsible to take the necessary steps and mitigate the flaws in the face of this information.
It is also expected from these solutions that, after a claim has occurred and contingency configurations have been made, the links that have failed will continue to be monitored and when they are reestablished, in a transparent way, the equipment will make some necessary changes to return to the original scenario, prior to the occurrence of the failure.
It is worth noting the importance of performing periodic (scheduled) tests of the FailOverconfigurations to ensure that their operation is in line with expectations and keeps up to date with changes in the structure.
When it comes to ensuring business continuity, an effective contingency plan and equipment that allows automatic link redundancy settings is essential.
In your company, do you already have a solution that makes it possible to configure FailOver‘s links? How about talking to one of our experts about this topic?
This post is also available in: Português English Español