As the number of remote workers increases exponentially in more diverse settings, so does the dependency on resilient IT infrastructure, especially when it comes to the network. Without a network solution that can survive bumps in the road, continuous access to critical collaboration, productivity and business applications would not be available to keep remote workforces working.
High availability (HA) is an important consideration when designing infrastructure, but it is “in the eye of the beholder” for each company to customize and account for the elements of their design they deem most critical. Most companies have to pick their HA battles carefully, given that many cannot afford to deploy or manage all the infinite number of permutations that would deliver totally independent, parallel end-to-end systems. Since the network layer is frequently in focus, virtual networking offers a wide array of options to protect your network and your users from service disruptions.
Architecting For High Availability
Designing solutions with resiliency is one of the most important aspects of network and edge architecture. While there is no correct answer to how much resiliency is needed (we often refer to these topics as being "in the eye of the beholder"), there are best practices, suggestions for different use cases and some specific services and packages that Network Edge offers.Read More
High availability is an important consideration when designing infrastructure, but it is “in the eye of the beholder.”
Architecting high availability using virtual networks
Network Edge from Equinix is a fast and cost-effective way to globally deploy leading providers’ devices on Platform Equinix®, such as SD-WANs, firewalls and virtual private networks (VPNs). It uses a software image of many of the most popular devices in service at the edge of the enterprise today. Even before you implement specific high availability features on your NFV devices, there are several points of redundancy already built into the Network Edge platform as shown in the diagram below. The platform always maintains multiple high capacity port groups into both the Equinix Fabric™ and public internet access service (via Equinix Connect) from each availability zone. These ports use Link Aggregation Group (LAG) to ensure easy capacity augment and also protection from any one physical port failing. Each of these groups runs to fully diverse Equinix Fabric or Equinix Connect chassis groups, as well – preventing downtime from failure of an entire group of routers.
Leveraging Network Edge with a high availability service, a virtual network device can also be duplicated in various, user-selectable ways, either as a primary or secondary HA device, and could also be paired with additional physical devices, depending on the desired architecture.
We’re seeing customer interest in HA scenarios where many remote users home into a single aggregation point at an edge location close to their cloud assets. For example, an SD-WAN that acts as an aggregation point for user traffic or a firewall sitting in front of multiple clouds are scenarios where we are seeing a lot of requirements for redundancy and high availability. This is because that single point of failure has consequences for a lot of remote workers if it fails. Network edge makes deploying a remote virtual network device for high availability easy, reducing the time and expense of deploying additional hardware.
Redundant Network Edge Connections to the Public Internet and to Equinix Fabric
How to leverage high availability at the edge
The following four HA solutions are available via Network Edge on most devices and can be deployed in a variety of scenarios, depending on availability per metro. On the Network Edge platform, each HA service creates a duplicate secondary device that is permanently paired with the primary device that the user configures. The HA service places each device in a different virtual “plane” from the other, regardless of where each device is located ̶ whether they are in two separate compute servers, Equinix International Business Exchange™ (IBX®) data centers, metros or regions. This concept of planes ensures that there will never be a time when Equinix Operations is performing maintenance or other activities that would affect both devices simultaneously: even if customer HA devices spanned regions, Equinix would either be working on Plane A or Plane B.
The Network Edge HA pairing is always active/active, and the platform typically mandates duplicate connections, services and other configurations on each device in the pair so that they stay mostly in sync. Users can switch between them or use one but not the other as needed, such as treating one as if it is passive until there is an issue, but both are fully utilizable at all times.
The Network Edge high availability service is offered in all of the four deployment types, depending on metro availability and capacity:
- Diverse Compute: This HA solution is the system default mode and protects users from a single server failure. Each device in the HA pair is deployed on a separate physical server within the same availability zone or compute cluster. These devices are protected from either physical or virtual machine (VM)-level failures. This scenario would not protect against a failure of an entire data center.
Diverse Compute High Availability
- Diverse Availability Zones: In this solution, users are protected from a complete facility failure, such as from a fire or power outage. The two devices in the HA pair reside on two discrete infrastructure compute clusters in the same metro, and typically in different IBXs (where available). Given the proximity of the primary and secondary nodes, there are similar performance expectations to other interconnection services. As with the scenario above, this configuration would not be recommended for disaster recovery in the same metro.
Diverse Facility Availability Zones
- Diverse Metros: This HA solution can protect customer devices from metro-wide or interconnection platform-wide failures, which could occur during a massive natural disaster. Although the loss of an entire metro with multiple discrete data centers would be exceedingly rare, some customers opt for this – remember, the level of protection needed is “in the eye of the beholder.” Customers can select two different Equinix availability zones in two different metros in which to deploy devices. Once the primary and secondary devices are too far apart, there could be performance implications. However, the Network Edge platform gives the customer the option to terminate redundant connections to the closest onramp for the same cloud provider, the same as the primary, or choose another. This gives customers some new use case options for HA within the cloud itself, such as using two different cloud regions for their storage needs.
Diverse Metros High Availability
- Diverse Regions: This HA solution is effectively the same as the “diverse metro” solution, but much further apart and with some additional implications and use case options. It protects users from broad regional failures, such as catastrophic coastal disasters, regional power outages, software orchestrators or other engines that are shared in common per region, or IP routing and DDoS attacks in which entire route tables may be compromised. Customers can select a metro in two different regions (as they are defined by Equinix that would be Americas, EMEA, and Asia-Pacific) in which to deploy virtual network devices. The customer should choose the closest cloud destination that is reachable from the secondary metro, wherever available and where the proper performance and management can be ensured in both regions.
Diverse Regions High Availability
Harnessing virtual network devices for fast and cost-effective high availability
We are currently running multiple global Network Edge proofs of concept with several enterprise customers and service providers that involve High Availability services. For example, an online travel company wanted to run a proof-of-concept for backing up its Oracle® database between Equinix data centers in Frankfurt and Amsterdam, but it did not want to deploy another physical router in the Amsterdam facility. Using Network Edge services, the company was able to deploy a Cisco virtual router in Amsterdam in just minutes and connect to the Oracle Cloud via OCI FastConnect and ECX Fabric to exchange data with the OCI Data Center Region in Frankfurt.
Disaster Recovery Proof-of-Concept Using Network Edge Virtual Cloud-to-Cloud Routing
These are unpredictable times, with geographically dispersed users requiring fast connectivity to business, IT and cloud services at a moment’s notice. With Network Edge, customer’s don’t have to sacrifice resiliency and stability of their designs in order to maintain that speed to market.
Learn more about how to deploy Network Edge high availability services.