[ale] PPP/SSH VPN dies randomly

Mon Mar 4 22:36:48 EST 2002

If I calculated correctly, seven nines translates to about 3.2 seconds 
of downtime per year.  

- Jeff

James P. Kinney III wrote:

>If you're expected to provide 7 nines of VPN reliability, I'm glad I
>don't work for your company! 
>
>The only way to get even 99.99% VPM uptime would involve multiple,
>redundant, synchronous data lines. I don't want to even think about the
>engineering costs.
>
>As most places that have VPN's have them automated for connection setup,
>use that to your advantage. Keep a connection test running at intervals
>appropriate to your normal loading. When the connection test fails,
>reroute the VPN traffic before the tunneling to a buffered fifo and
>remake the connection. Dump the buffer through the connection when it's
>ready.
>
>I have never kept a VPN up for days on end. There has always been some
>network glitch outside my control that has required a reconnect. I saw a
>statistic (I need to keep a better log of this stuff) that claimed there
>is a fiber line cut every day in the US.
>
>On Mon, 2002-03-04 at 21:43, Christopher Bergeron wrote:
>
>>And this is acceptable?  Forgive me for being naive, but that would be like
>>using an Operating System that crashed almost daily and wrote it off as, "I
>>guess that's just how it has to be".  By definition there has to be a
>>"reason" for it and therefore, a solution.
>>
>>Have you confronted your VPN vendor about it (please say it wasn't Cisco)?
>>If so, what was their response?
>>
>>I'm currently adding a VPN watchdog to my crontab, but even 1 minute of
>>downtime per month is a major malfunction.  Someone has to have some clues
>>about this.  I'm not using IPsec, I'm using SSH over PPP.  I understand that
>>encryption can be finicky, but I have a hard time blaming SSH.  I'm expected
>>to produce 99.99999% availability and I can't accept anything less.  Call me
>>a spoiled Linux user for assuming availability, if you must...
>>
>>:)
>>
>>Anyone have any leads or even starting points for debugging this?
>>
>>Thanks,
>>CB
>>
>>
>>>-----Original Message-----
>>>From: Geoffrey [mailto:esoteric at 3times25.net]
>>>Sent: Monday, March 04, 2002 7:53 PM
>>>To: Christopher Bergeron
>>>Cc: Ale
>>>Subject: Re: [ale] PPP/SSH VPN dies randomly
>>>
>>>
>>>No real help, except to say that this happens to my (commercial) vpn
>>>connectivity on occasion.  It presents an error message something to the
>>>effect of: "heartbeat missed, assuming tunnel is down."  This is an
>>>ipsec vpn.
>>>
>>>Christopher Bergeron wrote:
>>>
>>>>Does anyone have any idea why my VPN connection dies
>>>>
>>>periodically?  It seems
>>>
>>>>to be okay for a few days and then one of the procees goes
>>>>
>>>defunct and the
>>>
>>>>connection goes down.  I'm tunneling ssh over ppp over a T1
>>>>
>>>connection to
>>>
>>>>the 'net on both sides.
>>>>
>>>>Any clues are greatly appreciated...
>>>>-CB
>>>>
>>>>
>>>>---
>>>>This message has been sent through the ALE general discussion list.
>>>>See http://www.ale.org/mailing-lists.shtml for more info.
>>>>
>>>Problems should be
>>>
>>>>sent to listmaster at ale dot org.
>>>>
>>>>
>>>>
>>>
>>>--
>>>Until later: Geoffrey		esoteric at 3times25.net
>>>
>>>I didn't have to buy my radio from a specific company to listen
>>>to FM, why doesn't that apply to the Internet (anymore...)?
>>>
>>>
>>>---
>>>This message has been sent through the ALE general discussion list.
>>>See http://www.ale.org/mailing-lists.shtml for more info.
>>>Problems should be
>>>sent to listmaster at ale dot org.
>>>
>>
>>---
>>This message has been sent through the ALE general discussion list.
>>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
>>sent to listmaster at ale dot org.
>>

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.