Cloud providers used for outsourcing virtual machines to the cloud, such as Amazon AWS, do not support layer-2 protocols such as VRRP. This means that common router redundancy concepts are not readily available and must be implemented differently. Amazon AWS offers an API that can be used to switch route entries to a secondary router in the event of a failover.
This scenario is structured as follows: One or more private virtual machines (EC2 instances) are available. Two redundant vRouters have a private subnet to the virtual machines and a public subnet to the Internet. Each vRouter has a VPN tunnel to the customer site, which thus provides access to the private machines. One vRouter is the primary router (active), the second router is secondary (passive). The latter is only involved in active routing in the event of a failover. An EC2 instance can only have one router as the next hop in the private subnet at a time. In case of failover, the AWS API uses the AWS routing table to switch from the primary vRouter to the secondary vRouter. If the primary vRouter is available again, it switches back to the primary router.
In order to access the AWS API, the vRouters require a role in the AWS Identity and Access Management (IAM).
A VPN tunnel is established between the two vRouters in order to detect the failure of the primary router. The action table in the secondary vRouter sends AWS API commands when it detects that the VPN tunnel to the primary vRouter is being established or shut down. The only purpose of the VPN tunnel is to detect the availability of the primary router. No data is transmitted via this VPN tunnel.
The vRouter needs access to the Internet in order to access the AWS API.
