Network Architecture and Failover
Akamai Direct Connect supports a wide number of configurations allowing you to tailor deployments to meet your resiliency, and cost objectives. The following two primary baseline deployments provide the option to use the internet for failover and they offer varying levels of resiliency. You can use these reference architectures to build your specific deployment.
In the following sections, direct connection(s) refers to network connections between the 10 GE or 100 GE Akamai router port and your equivalent router port in the data center.
Your connection to a single Akamai Direct Connect router port can consist of Link Aggregation Control Protocol connections that are consolidated into a link aggregation group.
Reference architectures
Single-Metro. This deployment has at least two direct connections that terminate on separate Akamai routers within a single metro for each origin. If one of the direct connections is unavailable, requests are routed to the alternate direct connection. Using the internet for failover provides additional resiliency.
Multi-Metro. This deployment has a minimum of two direct connections that terminate on separate routers in each of two or more metros. Each backup direct connection and backup metro provides redundancy. Multi-Metro provides the highest level of resiliency when the metros are in different geographic locations, your origins in each metro are replicas of each other, and the internet is used for failover.
Bandwidth planning
The second direct connection in the metro is for redundancy, and not for capacity. Each backup direct connection and backup metro must be capable of supporting 100% of your traffic in the event of planned or unplanned maintenance. If the backup direct connection(s) do not have the bandwidth to support all of your traffic, performance degradation or failover to public transit (internet) results. If failover to public transit is blocked and there is not enough Direct Connect capacity, a denial of service (DoS) occurs.
For Origin failover, design your Origin redundancy to meet your business requirements.
Deployments with only a Single Direct Connect
The Single Direct Connect deployment consists of one direct connection per metro. This differs from the Single-Metro and Multi-Metro reference architectures which both use a minimum of two direct connections per metro. The single connection deployment still provides performance, and service consistency and reduces IP transit costs by providing direct connectivity to Akamai and the Intelligent Edge Platform. Failover to the internet or an alternate network path must be used as a backup to ensure traffic can reach your origin during planned and unplanned maintenance activities.
Maintenance
Akamai planned maintenance activities are scheduled and completed within a specified time period. Unplanned maintenance (emergency maintenance that is carried out unexpectedly), performed by the data center or by Akamai can last for an undetermined amount of time.
Akamai planned maintenance activities are executed on only one of the two direct connections in a metro at a time. Traffic is routed over to the other direct connection while maintenance is performed.
The following table provides options on how to avoid a DoS for Single-Metro and Multi-Metro deployments during maintenance when one or all of your direct connections are unavailable.
Deployment | One direct connection is unavailable | All direct connections are unavailable |
---|---|---|
Single-Metro - Minimum of two direct connections in a single metro. | Route requests to the backup direct connection. | Use the internet for failover. |
Multi-Metro - Minimum of two direct connections at each metro. - Minimum of two metros in the same or different geographic locations. | Route requests to the backup direct connection | Route traffic to the backup metro. Note: If both metros are in the same geographic location and unavailable, use the internet for failover. |
Single Direct Connect maintenance considerations
During maintenance events, if you deploy only one direct connection per metro, and failover to the internet is blocked, a denial of service (DoS) results because there is no backup direct connection for the traffic to failover to. To ensure uninterrupted service during planned or unplanned maintenance, the following options can help you meet your availability objectives;
- use the internet for failover,
- have a routing policy in place that routes traffic to another metro.
Failover to public transit
Akamai Direct Connect offers optional failover to the internet. When the internet is used for failover, requests are routed through the internet only when all Direct Connect routes to the origin are unavailable.
If you want to block public connectivity to your origins and not use the internet for failover, as an example, you can configure firewall rules to block public traffic.
When your deployment does not use the internet for failover, routes are advertised and propagated through Akamai's network only, blocking your origins and traffic from the internet.
Deployments without failover to public transit
A Multi-Metro deployment without failover to the internet provides a significantly higher level of resiliency than a Single-Metro deployment that also does not use the internet for failover.
Updated 12 months ago