My Director recently purchased the Peplink Balance 20 as his solution for setting up a backup site to have failover between our normal internet and a second ISP purchased just for this site.
My question is if this device can even be setup to work for this with our setup. At the backup site, the secondary internet’s router is on-site to connect to the Peplink, but for our main internet there’s only one layer 2 switch which is ran via dark fiber back to our main core which is then connected to our firewall. These locations are in 2 different cities.
Every setup diagram shows the Peplink having to be behind the firewall, so is this even doable with our layout mentioned above? Do i need it physically connected to the firewall or the core that’s connected to the firewall?
I believe his thinking is to connect WAN1 to an open port on our Layer 2 switch and then connect WAN2 to the new ISP’s router, and when WAN1 goes down, WAN2 can take over. While WAN1 is running, it will give the 4 LAN connections DHCP addresses from our normal DHCP range, and then once it goes down and WAN2 takes over it will then re-assign them DHCP addresses from the secondary ISPs DHCP pool.
Is his thinking and idea sound and doable on this device if it can work without being behind the firewall and just connected to one of our Layer 2 switches to provide connection to WAN1?
I haven’t had a chance to play with the device much yet but the one time I got DHCP to work, it was serving out already in use IPs from our network range, so I definitely have lots more studying to do if it can be used in this way. That said I am also far from a network guru, so that part is likely on me. Even if it can do what he is wanting, I think because of the IP addressing scheme required and how the secondary internet is setup, it may not work still, but I want to make sure the device can be used on our setup before I start spending hours working out that part.
Any help would be greatly appreciated on whether we can go this route or if we need to look elsewhere for solutions.
Why not use the Peplink as a firewall/router for the network? Did he get the Balance 20 or Balance 20X (huge difference in specs).
What kind of speeds are your primary and secondary connections?
How many devices are on your network and how many VLANs are you using?
1 Like
Thanks for the reply!
It is the plain ol Balance 20 model.
While the peplink would probably be fine as the firewall/router for the secondary connection, we already have a firewall for the primary connection, which I am guessing is his thinking for not doing it that way. His whole intention for buying the device was to ensure that a specific switch powering a few devices has secondary failover internet in case our main building is totally down as that hosts all the infrastructure for the the county, including the core, firewall, servers, etc. That secondary connection does not connect to our normal network or firewall at all. I was leaning towards achieving this just using OSPF on our switches without the Peplink, but that decision does not fall to me.
Our Primary connection is running at 1Gbps to the devices, the secondary connection is only a 500mpbs connection to the devices.
Total devices on our network I’d estimate around 500 not counting devices on the WiFi, in which case that would put us nearer 700. VLANs I have about 15 currently.
Balance 20 is not really the device for you I think. Has he even checked the specifications of the device? The Balance 20 has a routing performance of 150-200Mbps and is suitable for networks with 60 users, officially is supports 16 VLANs, but I would not advice to use it to the max if you would use it as a router.
Peplink.com - Model Comparison
For higher end models within the Peplink lineup you can also use Drop-In mode, which might be a setup you would be interested in, but the Balance 20 is just too basic/low end for that feature.
The Balance 20X is a lot more potent, but still not fast enough for the size of your network, it does support almost the full feature set a Peplink can offer, with the new 8.3.0 firmware it supports even more, including up to three extra WANs (with extra licenses, one included).
Balance 310-5G and 310X are more in line in terms of performance for this kind of network, but doesn’t your current firewall/router support a second WAN so you can just route both connections through what you already have?
1 Like
I honestly could not tell you if he went over the specifications as when he put it on my desk and told me what he wanted to do, that was the first I’d heard of this brand and device. If I had to guess, the Balance 20 was the lowest priced one he seen with 2 WAN ports. That and i believe there’s only 3 computers at that offsite that he cares about having a constant internet connection, so he likely saw that this was the cheapest model that had enough LAN and WAN spots for our needs to be honest.
Playing around with this unit, I did see the option to do Drop-In mode, so i will definitely look into that, as well seeing if the models you recommended would suit our needs better, so thank you for the suggestions there.
Our current firewall does support a second a WAN, however he didn’t purchase a fiber connection and have it routed to our firewall and core to connect. For the secondary, backup connection he just purchased a basic Comcast internet setup that is terminated up in that offsite building. I’d priced having a legitimate redundant connection put in and they did not want to pay for that.
You can find more information on how to setup drop-in mode here: Configuring Drop-in Mode
The instructions are a bit older, but should still apply, if they ported it back to the Balance 20 it’s a recent update as they didn’t in the past.
But just to clarify, the Balance 20 is meant for the second site only? On this location you have one connection coming from the main site and a second direct Comcast connection? Are you planning to use the Balance 20 as router there or just an aggregator for both connections (drop-in mode) with another router behind it?
1 Like
Thank you for the link, I will be studying that shortly to see what I can do with it.
I’ve added a quick diagram below that I hope clarifies a bit but I believe you have it right; the Peplink is only for the offsite, and that offsite location has a dark fiber back to our main site and he had a second, unrelated to our main connection, Comcast internet setup (like you would see in a typical home setup) installed.
His hope is that we could plug our main switch at the offsite into the Peplink to provide internet to 3 devices that he wants to always have internet, and then also connect the Charter router to provide internet to those 3 devices should the connection back to our main site drop. So basically, he wants to use the Peplink to provide redundant internet connection although the two connections we have are not connected in any way whatsoever.
So Drop-In mode would probably be the route we would need to go using it seeing as we have a Firewall setup and router behind that on the main connection, and the basic charter router on the new secondary connection I would think. That is, if the Peplink can be setup to failover between the two different ISPs to provide basic internet connectivity.
Peplink Idea.PNG|1371x689
That should be fine, you can have both WANs of the Peplink behind a NAT with just a local IP on the WAN, just keep in mind that the subnets need to be unique on each WAN and LAN side of the Peplink.
So Network 1 from main site → WAN1
Network 2 from charter → WAN2 (is it necessary that their router stays in place? Or could you also bridge it directly to WAN2 on the Balance 20? Either will work)
LAN → Whatever you want for those three devices
If you need same WAN/LAN subnet, you can only use drop-in mode, afaik drop-in mode only works on one WAN at the same time, so one of the ISP’s can be used with drop-in the second will be ‘dropped in’ to take over, depending on what you configure in terms of fail-over/balancing on the Balance 20.
1 Like
Thank you so much for all of your help! I did a test the other day using Drop-In mode and while I got the results he was hoping for, I do need to do a bit of NAT work to get it running exactly the way he wants.
I really appreciate all of your assistance and knowledge in helping me out with this! Hope you have a great day and a wonderful weekend!
1 Like
