Design help


#1

Hi all,

I have the following scenario

current setup (single isp with redundant fiber)
services : vpn , webserver
fw1------sw1----introuter1- foc—isp1
|
|
fw2------ sw2----introuter2–foc–isp1

new setup

Two isp
services : vpn , webserver
fw1------sw1----introuter1- foc—isp1
|
|
fw2------ sw2----introuter2–foc–isp2

What is the benefit if we use peplink
what is the best design
what if we don’t have our own AS number ?

Thanks


#2

I think you’ll install like this

peplink1----w1------sw1----introuter1- foc—isp1
| | |
A B C
| | |
| | |
1 2 3
| | |
peplink2—fw2------ sw2----introuter2–foc–isp2

benefits:

Lets suppose you have 3 ISP, A,B,C of 5 Mb on first site and 3 ISP 1,2,3 on second site.

Under normal scenario (traditional vpn) if A fails, then your vpn is down and you cant use your vpn,webserver.
You could have a failover with ISP B, but your fw1 should detect ISP A is down and start a new vpn fwith ISP B. Downtime at least 30 secs.

With peplink, if ISP A, fails, the VPN is not down, it will continue sending traffic from B and C to ISP 1,2,3 and your vpn and webserver will continue as same.

Second benefit: The TP of normal VPN iis 5 MBps between site A and 1 (because both are 5 Mpbs UP/DW). With peplink the Bandwith will be 5 + 5 + 5= 15 Mbps because of bonding. When A fails, then the TP will fail to 10 Mbps instead of 15, because we loose oiur ISP A, but when it get back automagically integrate again ISP A to VPN and you;ll get your 15 Mbps back again without downtime in your VPN.

Dont know what is AS number, but if you need more info please PM me.

AG


#3

Hi,
Dont know what is AS number, but if you need more info please PM me.

what i mean we don’t own ip address from RIPE .

if i publish a website

stattic nat 192.168.2.10 to x.x.x.x (PUBLIC IP )
where x.x.x.x from ISP A , if isp A down
how can i solve this issue

Thanks


#4

Hi,

Do you mean you are using dynamic public IP for both ISP? If my assumption is true, inbound load balance will not work.

Please find here to understand more on inbound load balance.


#5

Hi ,
Q. Do you mean you are using dynamic public IP for both ISP?
A :its not dynamic .
static ips provided by each isp
Thanks


#6

Hi simclt,
I assume your original diagram above is for a single site with your ISP supporting BGP over the failover circuit? This is a traditional ISP approach for link redundancy and tends to work really well for failover alone.

There are no immediate benefits to using Peplink to exactly replicate this deployment scenario since we do not support BGP, so rather than inbound service failover working at a routing level we would need to move it higher up the OSI and use DNS based inbound load balancing which isn’t as elegant as what you have currently.

However, Peplink isn’t just about failover, we support a bunch of other features too. One of the biggest issues that customers I see with your configuration have is that they are paying a premium for the ISP provisioned failover service/circuit that then sits there unused for (hopefully) 99.999% of the time. So what they will do instead is cancel the failover circuit with their current ISP and replace it with one or more internet connections from a second ISP (sometimes if they are still in contract for the FOC they will get it converted to a standard internet connection and then add an additional DSL or LTE WAN). They can then use both internet connections in an active/active configuration improving their bandwidth availability, and since the connections are from two different ISPs, even ISP specific faults (like DNS issues, core routing faults) don’t matter as the 2nd connection keeps them working.

In these cases, the customers don’t tend to mind about inbound services being load balanced at a DNS level instead of using BGP, because what we can offer them with our devices is more bandwidth, more diversity, cellular failover and of course our other technologies like SpeedFusion VPN bonding between locations as well as InControl Cloud Management and monitoring of their devices.

Take a look at this case study (in particular the deep dive document) http://www.peplink.com/solutions/case-studies/pluss/ to see how an enterprise approached the migration to Peplink devices. In particular note how they approached their initial Peplink deployment by simply installing another cheap internet connection alongside their existing infrastructure. A low risk approach for you would be to do exactly that to test out the inbound load balancing capabilities and increase the available bandwidth at your location.

You don’t mention if you have a WAN already, but if you do, SpeedFusion VPN is a great way to save on operational costs by combining multiple cheap internet connections of different types from multiple ISPs at a every location to increase site to site throughput and general internet traffic.

Martin