Gateway Failover Considerations

Context

In order to handle massive amounts of traffic and redundancy, companies rely on load balancers to distribute load among multiple appliances. They also provide fault tolerance for when one of these appliances fails.

Issue

When it pertains to mobility, a load balancer configuration based on device IP can’t always guarantee a user's device connects to the same gateway throughout the device's VPN activity. Users' mobile devices are in motion, causing their device IP to change. For example a user could go from WiFi to 3G/LTE back to WiFi. In this scenario a device could change IP address 3 times causing it to connect to 3 different gateway appliances. When this occurs, Gateway B & C have no knowledge of the initial connection to Gateway A and reject any form of reconnect token. This forces users to (re-)authenticate with those gateway appliances.

In addition, this issue may present itself if the source port information changes on the remote side, that is, the device is behind a NAT device.

Solution

We plan to address this functionality with a future release of the gateway appliance. Until then, we recommended configuring the load balancer to support active/standby. As a single gateway appliance is capable of handling ~100,000 concurrent connections, it is rarely necessary to distribute load across multiple appliances. This mode allows for redundancy and guarantees all connections terminate on the same gateway appliance throughout the active VPN session.