Watchfront has several clients with requirements that are often mutually exclusive: 1) the need for resiliency of connectivity and 2) the need for real IP address space that is routable on the Internet. The reason it is often difficult to get both is that most providers will not announce IP space on broadband services, and even if they were, it's now impossible to obtain IPv4 address space from RIPE to do this with.
Watchfront's solution, using FireBrick hardware, involves making tunnel multiple connections from the customer's sites, outbound over whatever connectivity they have, to two datacentres - one in London and one in Amsterdam. Both datacentres BGP announce the same larger IP space. The tunnels then mesh, such that even if an entire datacentre goes offline, routing and tunneling can still take place via the other. If one of the broadband tails suffers an outage, similarly, connectivity will be maintained.
In addition, Watchfront offer a 3G/4G dongle and data SIM for further resilience. With this option a third FireBrick 105 Tunnel is configured to run over the mobile network in to Watchfront's datacentres in Maidenhead and Amsterdam.
Whilst this particular solution uses the lightweight FireBrick 105 Tunnel protocol, it could easily be IPSec between the FB2900 and the two remote datacentres. This would then ensure the traffic is encrypted between these two points.
The FireBrick has a few tunnel protocols, L2TP, IPSec, GPRS Tunneling Protocol (GTP), EtherIP (RFC3378) and its own lightweight tunnelling protocol (105 Tunnels). In this case, 105 Tunnels are used between the FireBrick and the remote datacentre where Watchfront host FB6000 endpoints.
Profiles can change much of what the FireBrick does based on time, pings and so on. In this case, profiles monitor the PPP and the tunnel status and changes routing accordingly so as to fail over gracefully between the
Simple 'dumb' VDSL and ADSL modems connect to the FireBrick and the FireBrick connected to the ISPs via PPP as normal.
IPv4 and IPv6 firewall rules are in place
(All the network diagrams on these case study pages are very rough representations and are not an accurate representation of live networks)
