With ANIRA, the target tunnel server IP addresses are on the AT&T VIG which consists of several blades, each with a separate IP address. A primary and a secondary list of tunnel servers are maintained and processed separately. The goal is to always connect the user to the blade that will provide the best and most efficient service: least latency, least system load. The results from each blade test are sorted based on the results of the test probe are sorted in the following manner:

1. For each separate AT&T VIG site, the blades are sorted from most to least favorable.
2. The first connection attempt will be made to the overall most favorable blade. If that fails, the most favorable blade at an alternate AT&T VIG site will be attempted.

The most favorable blade from each AT&T VIG site is tried first, followed by the second most favorable at each site, continuing if necessary until a connection is established or all blades have been exhausted.

Configuration values controlling the speed of transition back to a Primary Tunnel Server from a Secondary Tunnel Server are also defined in the VPN Gateway Profile in the AT&T Administration Server. Account administrators define the Backup TEP Max Time as the maximum session time the VPN Gateway can be connected to a secondary tunnel endpoint. Backup TEP Idle Time is also defined by the Account Administrator to define the maximum duration a connection to a secondary tunnel endpoint can be idle. When either time expires, the connection to the Secondary Tunnel Server is dropped and the VPN Gateway will retry all the Primary Tunnel Servers before returning the connection to a Secondary Tunnel Server. These values force the VPN Gateway to re-attempt the Primary Tunnel Server on regular intervals as set by the Account Administrator in the VPN Gateway Device Profile.

When connected to a Secondary Tunnel Server, Secondary Tunnel Endpoint Session Timeout values (if configured) are visible on the VPN Connected page of the VPN Gateway web interface.