I work in rural Ohio, and we finally have been able to add backup fiber WAN circuits to several of my sites. My main site with our biggest data center has redundant fiber, Charter 500x500 and horizon 100x100. I run a couple of Windows file servers using DFS as a file repository for folder redirection for my users. As we are able to get redundant and better circuits in our remote sites, we’ve been adopting the model of moving their on-site data store over to our main data center there for saving funds in hypervisors and SANs, etc. However, this brings up the need for the best possible VPN configuration as their data will now all reside over a tunnel.
Currently - all of my remote sites are using the site-to-site style tunnels. A few of the sites have dynamic WAN addresses so they are set up with IKEv2 to negotiate the tunnel. During testing, I would disable the x1 interface (our main Charter Fiber) and test a full fail-over simulation. Several of the remote sites took longer than expected to connect to the secondary WAN interface (our Horizon fiber) and reestablish the tunnels.
We are passing VoIP, Access Control management, as well as data over the tunnel. So the delay causes a huge amount of issues.
All that to be asked, what direction would everyone head in? Route-based tunnels over a tunnel interface? SD WANs for sites with multiple wans?