Join Log in
Score:0
avatar Server

How to setup load balanced / fail-over route where there are multiple valid routes to the same subnet?

ss flag
Philip Couling

We have a situation where we have multiple EC2 instances each running a VPN. Both the remote VPN server and remote subnet are run by a third-party and we have no say in the way they are setup.

We don't believe these are transferable to AWS client Lan-to-Lan VPN

The VPNs all route to the same physical subnet with the same CIDR block. There is some rate limiting for these VPNs (on the remote side) and we don't want to push all of our traffic for that CIDR block through the same subnet. Besides this we would like to have some form of health-check and fail-over so that if one VPN connection goes bad, we can re-route through another.

enter image description here

Does AWS have any form of transparent load-balanced routing? ...as opposed to an application load balancer. Likewise I believe AWS's Network load balancer acts as an endpoint routing specific ports to multiple providers.

Just to make this more complex, the VPN clients include a NAT meaning that the routing would need to be stateful.

This is something I'm aware is available on enterprise level hardware (cisco routers etc.) but I'm not sure if Amazon exposes any such feature.

32
0 + 0
cn flag
shearn89
Could you sketch out a diagram? I'm struggling to follow the architecture description.
0
Reply
cn flag
shearn89
Route53 could work, if you use DNS names. Or maybe a network load balancer? Have your clients target the NLB instead of the EC2s?
0
Reply
ss flag
Philip Couling
@shearn89 unfortunately the creators of this VPN like to use a lot of static IPs and don't put domain names on any of it. Not only do we need to use their VPN we also need to use their software so the only piece we control is the VPN client and the routing.
0
Reply
Zareh Kasparian avatar
us flag
Zareh Kasparian
I'm not familiar with AWS or so, but in general, if you want to have a route/routes as your backup, you have to use "Distance" in your routing configuration.
0
Reply
Tim avatar
gp flag
Tim
Where is the rate limiting taking place? In your EC2 servers or on the target VPN server?
0
Reply
cn flag
shearn89
I think I understand more now. If you want to be able to put something in the ??? box that can balance your connections to the two VPN Client boxes, a Network Load Balancer would do it. Incidentally, what problem does this VPN set up actually solve? Is there a better solution that doesn't involve a 3rd party VPN service?
0
Reply
ss flag
Philip Couling
@shearn89 desipite the name I believe [network load balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) routes specific ports to specific endpoints. We're looking for something to route the entire subnet (all IPs in it, all ports, ideally both TCP and UDP).
0
Reply
cn flag
shearn89
Yes, they operate at the network layer not application (hence the name). I didn't get that you wanted to route the whole subnet! Okay.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.