Anypoint VPN High Availability
To ensure your applications and related operations are tolerant to Anypoint VPN updates, issues, or individual Customer Gateway failures, implement High Availability VPN connections.
Each Anypoint VPN connection consists of two endpoints, providing High Availability (HA) on the MuleSoft side by default.
Sufficient entitlement for each VPN connection.
Two VPN endpoints using different public IP addresses.
Two VPN connections in Runtime Manager.
The following example shows a High Availability VPN topology using a single Anypoint VPC and two VPN connections.
A MuleSoft Virtual Private Gateway (VGW) supports one Anypoint VPC association, but it supports up to 10 VPN connections. You can locate your VPN Gateways in the same data center, or in different physical locations.
Use BGP routing to advertise the same routes via VPN-1 and VPN-2. See Anypoint VPN Path Selection using BGP Routing for instructions on how to control path selection via the routing protocol.
In this scenario, the VPN Gateways are configured to prefer: VPN-1 Tunnel-1, then VPN-1 Tunnel-2, then VPN-2 Tunnel-1, and finally VPN-2 Tunnel-2. This configuration produces an automatic failover to another tunnel, and to another VPN in the event of a VPN connectivity issue. This makes the Anypoint VPN solution more resilient and robust.
High Availability VPN connections also support static routing, in which you establish a VPN-2 to work as a redundant, standby connection in the event of a failure with VPN-1.