A VPN connection is an encrypted and secure site-to-site virtual private network tunnel over the Internet. Monthly Recurring Cost is assessed on a per unique customer gateway. When requesting a VPN, at no additional cost, a VPN setup is issued for the the secondary site. The minimum commitment period is 6 months.
Delta1 TPIs are accessible via VPN gateways hosted at two US-based geographically separated sites. Each site hosts a a public gateway (with the exception of site-2 which hosts an additional gateway dedicated for the UAT Delta1 TPI, see Delta1 UAT VPN). For additional information regarding what services are available at each site please see Connecting to Services.
Suggested Customer Configuration
Both Production and Disaster Recovery Trading Platform Instances are available from VPN Site-1 and Site-2. When a customer requests a VPN setup, configurations are deployed at Site-1 and Site-2. This provides site-level (geographically diverse) redundancy for access to Delta1. Customers are encouraged to configure connectivity to both public gateways (vpn.site-1.onechicago.com, vpn.site-2.onechicago.com) and ensure the appropriate routing design to eliminate downtime in the event of a single site outage. Customers can elect to establish multiple customer gateways to support site-level redundancy for their source infrastructure. To determine what networks to route over VPN tunnels please see Required Networks and Ports.
Minimal Recommended Design
In the below design, a customer has provided the exchange one (1) gateway from which their tunnel will initiate. The exchange has deployed two (2) configurations to support exchange side multi-site redundancy. The customer has configured two (2) exchange gateways to support active IKE security associations to each site.
Customer Multi-Site Redundant Design (Preferred)
In the below design, a customer has provided the exchange two (2) gateways from which their tunnels will initiate. The exchange has deployed four (4) configurations to support exchange side multi-site redundancy for each customer gateway. The customer has configured two (2) exchange gateways at each customer site to support active IKE security associations to each site.
A Customer selecting a VPN connection as its desired connection method is required to have an internet connection and one of the following manufacturers:
The device must support IKE Version 2, phase 1 authentication of SHA-256, and the interesting traffic must be a publicly registered subnet.