Tencent Cloud VPN Connections provides a complete solution to guarantee the high availability of your business. Not only the VPN gateway itself supports a high availability, but also primary/secondary tunnels are supported. The VPN gateway uses health check to identify the tunnel status and triggers the traffic switch between the primary and secondary tunnels based on their status. This document describes how to configure health check.
Note:
We recommend you use a route-based tunnel for health check. If you use an SPD policy-based tunnel, you need to configure an SPD policy for 0.0.0.0/0
.
How Health Check Works
VPN tunnel health check uses the NQA mechanism and the ping
command by default. In this way, the VPN gateway regularly uses the local address of health check to ping (encrypted in the tunnel) the peer address, so as to determine the connectivity. If the ping fails multiple times in a row, the VPN gateway will consider the tunnel as abnormal and switch the traffic from the primary tunnel to the secondary tunnel. At the same time, the customer gateway also needs to implement a similar mechanism to switch the traffic to the secondary tunnel. To this end, you need to configure two IP addresses that are mutually pingable in the tunnel or adopt such two IP addresses automatically assigned by the system for health check. The IP ranges of the two addresses cannot conflict with those of the VPC and IDC.
Prerequisites
You have created the primary and secondary tunnels.
You have planned health check addresses or use the addresses automatically assigned by the system.
Configuring the Health Checks When Creating VPN Tunnels
This section only introduces the parameters for health checks. For other steps for creating a VPN tunnel, see Creating a VPN Tunnel. 2. Click VPN Connection > VPN Tunnel in the left sidebar.
3. In the VPN Connections page, click Create.
4. Configure the basic information in the pop-up dialog box. Then, enable health check and configure the IPs in Advanced configuration.
5. The health check configuration takes effect upon the tunnel creation.
Configuring the Health Check After Creating VPN Tunnels
You can also configure health check on the VPN tunnel details page after the tunnel is created.
Note:
Note that your business may be interrupted for a short time.
2. Click VPN Connection > VPN Tunnel in the left sidebar.
3. In the VPN Tunnels page, locate and click the target VPN tunnel to , and click Edit on the Basic Information tab.
4. Enable the health check and configure the relevant parameters.
|
VPN gateway IP for health check | It defaults to an IP within the range of 169.254.128.0/17 . You can also specify 0.0.0.0 or an IP within 224.0.0.0 - 239.255.255.255 but outside the VPC IP range. |
Customer gateway IP for health check | It defaults to an IP within the range of 169.254.128.0/17 . You can also specify an available on-premises IP. |
5. We recommend you select Destination route for the communication mode. If Destination Route is unavailable, we recommend you enter 0.0.0.0/0
for the local and peer IP ranges in the SPD policy to ensure that the communication between the local and peer health check IPs is encrypted based on the VPN tunnel.
6. Click Save.
Was this page helpful?