Being able to guarantee a high level of uptime is no small task. Just have a look at Pingdoms map of website disturbances to understand how often an application can become inaccessible.
For OVPN’s VPN service to maintain a steady flow, we have spent many hours planning and improving our server architecture. Our most important priority has been making sure that you will always be able to connect to our VPN servers, even if it so happens that the website is suffering downtime.
The architecture looks like this:
Website
When a user connects to our VPN servers, an API call is made to website in order to authenticate the user. If the website is inaccessible, it is impossible to connect to our VPN servers, even if they're all are working. That's why we've integrated a solution that most telecommunication companies have as well. If our authentication system is down, we allow anyone to authenticate - even if the credentials are incorrect.
When the authentication system is back in service, all users will be re-authenticated and users with incorrect credentials will automatically be disconnected.
We might add more web servers in the future to minimize the risk of any downtime. But for now, we feel comfortable with our current solution.
Geographically separate servers
One of our goals is having VPN servers in most major cities in Europe to minimize the response time for our users and also to constantly have accessible servers. Every datacenter that we reside in features multiple fiber connections, UPS, a cooling unit, and an alarm center.
If one of the datacenters we're currently stationed in becomes inaccessible, you will still be able to use OVPN since there are available servers in other cities and countries.
Load balancers
If you use one of the ordinary OpenVPN clients, and not the one we have built, you'll most likely connect to pool.prd.<country iso code>.ovpn.com
Every VPN server’s IP address is added as an A record with a TTL of 60 seconds for the respective sub-domain.
We use round-robin DNS in order to balance the load on our VPN servers. If a VPN server becomes inaccessible, it will automatically be removed from the pool domain. When the server regains access, it's A record gets added anew.
You will never need to update the configuration on your client when we add more VPN servers. That is the advantage of using round-robin.
If you use the OpenVPN client that we've developed, it goes even further. When launching the client, an API request is sent to fetch the status and load from all our VPN servers. The client then chooses the server with the lowest load in order to maximize your connectivity.
Surveillance
To ensure that our servers are accessible, we are using LibreNMS. In the case of our servers becoming inaccessible, we will be notified immediately, giving us a heads-up so that work on restoring the server can begin.
Guarantee
OVPN guarantees that the VPN service is accessible 99.5% of the time. If we can’t keep this promise, every user with an active subscription will get added time to their subscriptions.
For every minute passing the 99.5% marker, two minutes get added to the subscriptions. The accessibility is examined monthly, and if we haven’t been able to maintain 99.5% or higher, the time will be added automatically.