Introduction | |
|
|
Introduction
WAN communication links are traditionally the weakest component in computer networking. Unlike LAN components, which are typically in the owner's direct physical and administrative control, the facilities that make up the WAN link belong to and are controlled by a third party. These facilities also cover wide geographic areas, making them more susceptible to physical harm. Such characteristics make WAN links the single largest contributor to network downtime.
When the WAN link is critical to a network's operation, it is wise to design towards WAN resiliency. In some cases, the volume and criticality of the WAN might dictate the need to completely duplicate the WAN with redundant and independent facilities. The cost of this solution can be quite high, so the benefit must be carefully weighed.
Another common solution, especially in large hub and spoke networks, is to use dial backup around the WAN provider. In this solution, should a spoke lose its WAN connectivity to the hub, it will place a call to a
The Internet as an Alternative
Using the stateful inspection firewall and powerful IPSec VPN capabilities provided in the NetVanta router product line, the Internet can be a useful and low cost alternative for WAN connectivity
Following are descriptions and detailed examples of several
Note that detailed firewall design and VPN design are dependent on each network's unique requirements. The examples shown here are simpified to focus on the mechanics of using a primary and backup connection.
Also note that in these examples, the NetVanta is the remote site router. A NetVanta or a third party device can be used as the central router and the central FW/VPN gateway.
2 | Copyright © 2005 ADTRAN, Inc. |