diff --git a/pages/site-to-site-vpn/concepts.mdx b/pages/site-to-site-vpn/concepts.mdx index 38c22b6e2d..5b55668fec 100644 --- a/pages/site-to-site-vpn/concepts.mdx +++ b/pages/site-to-site-vpn/concepts.mdx @@ -37,6 +37,10 @@ A customer gateway device is a real physical or software-based networking device Dynamic routing allows routers to automatically exchange reachability information using protocols such as BGP, rather than requiring an administrator to manually configure every individual route. +## High availability + +A high availability (HA) setup is an infrastructure without a single point of failure. It prevents a server failure by adding redundancy to every layer of your architecture. + ## IPsec **I**nternet **P**rotocol **Sec**urity (IPsec) is a suite of protocols used to secure IP communications by authenticating and encrypting each IP packet in a data stream. In the context of Scaleway Site-to-Site VPN, IPsec provides end-to-end security for traffic flowing through the VPN tunnel between a VPN gateway and a customer gateway. diff --git a/pages/site-to-site-vpn/faq.mdx b/pages/site-to-site-vpn/faq.mdx index 8934c64471..ada8941bf6 100644 --- a/pages/site-to-site-vpn/faq.mdx +++ b/pages/site-to-site-vpn/faq.mdx @@ -23,6 +23,12 @@ Site-to-Site VPN lets you securely connect your Scaleway VPC to your remote infr Site-to-Site VPN connections are secured with Internet Protocol security (IPsec). When creating a VPN [connection](/site-to-site-vpn/reference-content/understanding-s2svpn/#connection), you are prompted to define a **security proposal** (aka IPSec proposal) which defines the precise encryption and authentication methods to secure the tunnel. Read more about security proposals and encryption in our [dedicated documentation](/site-to-site-vpn/reference-content/security-proposals/). +### Does Site-to-Site VPN offer high availability (HA) or multi-site capabilities? + +Yes, you can easily set up a high availability and/or multi-site deployment by creating VPN gateways in different Availability Zones of a Region for a given Private Network. + +Refer to the [dedicated documentation](/site-to-site-vpn/reference-content/ha-multisite-configurations) for reference HA/multi-site configurations. + ## Compatibility and integration ### Can I use Site-to-Site VPN to connect two Scaleway VPCs? diff --git a/pages/site-to-site-vpn/menu.ts b/pages/site-to-site-vpn/menu.ts index 2ae228f1d6..9e89d67324 100644 --- a/pages/site-to-site-vpn/menu.ts +++ b/pages/site-to-site-vpn/menu.ts @@ -62,6 +62,10 @@ export const siteToSiteVpnMenu = { label: 'Establishing a Site-to-Site VPN between Scaleway and AWS with Terraform', slug: 'configure-site-to-site-vpn-aws-scw-terraform', }, + { + label: 'High availability and multi-site configurations', + slug: 'ha-multisite-configurations', + }, { label: 'Site-to-Site VPN Security proposals', slug: 'security-proposals', diff --git a/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-multi-2-2-2.webp b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-multi-2-2-2.webp new file mode 100644 index 0000000000..8db49e507b Binary files /dev/null and b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-multi-2-2-2.webp differ diff --git a/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-cross-ha-2-2.webp b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-cross-ha-2-2.webp new file mode 100644 index 0000000000..20aeeaab11 Binary files /dev/null and b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-cross-ha-2-2.webp differ diff --git a/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-ha-2-1.webp b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-ha-2-1.webp new file mode 100644 index 0000000000..796fcd2754 Binary files /dev/null and b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-ha-2-1.webp differ diff --git a/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-no-ha.webp b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-no-ha.webp new file mode 100644 index 0000000000..9c1416d5d1 Binary files /dev/null and b/pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-single-no-ha.webp differ diff --git a/pages/site-to-site-vpn/reference-content/ha-multisite-configurations.mdx b/pages/site-to-site-vpn/reference-content/ha-multisite-configurations.mdx new file mode 100644 index 0000000000..d898b71d88 --- /dev/null +++ b/pages/site-to-site-vpn/reference-content/ha-multisite-configurations.mdx @@ -0,0 +1,41 @@ +--- +title: Site-to-site VPN high availability and multi-site configurations +description: This page provides additional information to deploy high availability and multisite setups using Scaleway Site-to-site VPN. +tags: s2s vpn multisite ha resiliency redundancy setup deployment +dates: + validation: 2026-05-06 + posted: 2026-05-06 +--- + +import singleNoHA from './assets/scaleway-vpn-single-no-ha.webp' +import singleHA from './assets/scaleway-vpn-single-ha-2-1.webp' +import singleCrossHA from './assets/scaleway-vpn-single-cross-ha-2-2.webp' +import multiHA from './assets/scaleway-vpn-multi-2-2-2.webp' + +Site-to-site VPN allows you to set up high availability and multi-site deployments by letting you deploy VPN gateways across multiple Availability Zones within a Region, all attached to the same Private Network. + +Adding redundancy with a second VPN gateway eliminates single points of failure for critical infrastructure. You can then connect several distinct infrastructures to set up large-scale multi-site deployments. + +## Single site configuration without redundancy + + In this configuration, a VPN gateway in a single Availability Zone connects to a customer gateway in a single remote infrastructure. + + + +## Single site configuration with redundancy on Scaleway side + +The schema below represents a Site-to-Site VPN configuration between two VPN gateways in two AZs, attached to a single Private Network in a single VPC on the Scaleway side, and connected to a customer gateway in a single remote infrastructure. This setup offers high availability on the Scaleway side. + + + +## Single site configuration with crossed redundancy on both Scaleway and customer sides + +The schema below represents a Site-to-Site VPN configuration between two VPN gateways in two AZs, attached to a single Private Network in a single VPC on the Scaleway side, each connected to two customer gateways in a single remote infrastructure. This setup offers high availability on both the Scaleway and customer sides, with crossed redundancy for the connections. + + + +## Multi-site configuration with crossed redundancy on both sides + +The schema below represents a Site-to-Site VPN configuration between two VPN gateways in two AZs, attached to a single Private Network in a single VPC on the Scaleway side, each connected to four customer gateways across two remote infrastructures. This setup offers high availability on the Scaleway side, and each site on the customer side, with crossed redundancy for the connections. + + \ No newline at end of file