126 Chapter 6 Configuring branch office tunnelsNN46110-500A DNS server will be aware of all the IP addresses that correspond to a particulardomain name. When a user requests a lookup for that domain, the DNS willprovide all the known addresses in a random order. The user can pick one of theaddresses to communicate with the service. The Nortel VPN Router always usesthe first address provided. If the first address is unresponsive, the Nortel VPNRouter performs a new query.Round Robin DNS can be used to achieve failover. Figure 23 shows a centraloffice that has two Nortel VPN Routers. The first VPN Router has a public IPaddress 1.2.3.4 and the second has public IP address 5.6.7.8. Both addresses havebeen mapped to the same DNS name ces.lab.com. The initiator is configured withthe remote endpoint set to the domain name of the responder ces.lab.com. Whenthe initiator performs a DNS query, the DNS server returns IP addresses 1.2.3.4and 5.6.7.8. The initiator selects 1.2.3.4 because it is first in the list of addressesand establishes a tunnel. If 1.2.3.4 goes down, the initiator must reestablish thetunnel and send a new DNS query. The DNS server returns addresses 5.6.7.8 and1.2.3.4 because of the Round Robin operation. The initiator selects address 5.6.7.8because it is the first in the list and establishes a tunnel with the second NortelVPN Router, achieving a failover.Figure 23 Failover exampleRound Robin DNS can be used to achieve a simple load balancing between NortelVPN Routers. Figure 24 on page 127 shows a central office that has two NortelVPN Routers. The first VPN Router has public IP address 1.2.3.4 and the secondhas public IP address 5.6.7.8. Both addresses are mapped to the same DNS name,such as ces.lab.com. There are multiple branch offices and the initiators at the
