Skip to search Skip to main content
Posted by
Karthik Krishnaswamy on
March 30, 2020
General

Companies Mitigating VPN Overload By Steering Connections at DNS Layer

Millions of employees worldwide are accessing VPNs for the first time all at once for remote access, straining these systems. According to this report, VPN usage in the US may grow exponentially by over 150% just by the end of this month (March 2020). Just during a one week period (last week), VPN usage grew by 112% in Italy.

This puts enormous stress on these systems. It could take a long time for users to establish a connection. Some users may never be able to connect. Not only does this result in a poor experience for employees, but it adversely impacts their productivity as they may not be able to perform their jobs without any connection to internal enterprise applications.

There are important steps companies can take to address these challenges so that connecting to company networks doesn’t leave employees frustrated during a time when stress levels are already high. Several of our customers have talked with us about how they're leveraging the Filter Chain™ capabilities to scale their VPNs elastically and meet demand..

Load Balance VPNs using Filter Chain technology

To provide concurrent remote access connectivity to 100 percent of employees at this time, you need to build more capacity. However, some companies are finding that simply adding more endpoints is not enough - many employees may still connect to the same endpoint overwhelming the VPN. For example, Cisco AnyConnect caches the last selected gateway for 14 days if the Optional Gateway Selection feature is enabled. You need to load balance VPNs by steering connections at the DNS layer.

NS1 customers are using Filter Chain™ to shape VPN traffic based on a variety of factors such as location, resource availability, number of existing sessions and a dozen other variables. Using Filter Chain, you can ensure traffic is routed to servers that are operational. You also have the ability to minimize latency by routing traffic to the server closest to the requestor (geo-routing) as well as avoid interruption of service by routing to the server that has the most capacity. You can use NS1 API to feed real-time capacity status of the VPN servers. For example, you can retrieve users connected to a specific AnyConnect gateway from Cisco ASA devices. It is thus very easy to set up rules to intelligently steer remote employees to the nearest, healthy VPN endpoints that have adequate capacity. This offers a vast improvement in reliability and performance over just providing employees a list of endpoints and letting them randomly choose one from a list.

Can Filter Chain™ help you scale your VPN? We're happy to walk you through different approaches we're seeing, help you take advantage of traffic steering capabilities in your stack, or just lend our expertise - whatever we can do to help as we all navigate change together. Reach out any time.

Request a Demo

Contact Us

Get Pricing