With a Balance 210 and speedfusion bandwidth bonding, can I prioritize bandwidth to LAN port 1 or that device’s IP address so that other devices on LAN ports 2-7 can’t slow it down.
I asked this question before purchasing and didn’t get any answers. I wanted to do speedfusion in any case, so I bought a new balance 210 (HW4).
I followed this tutorial: How to set up Peplink QoS, and what is its capability? - #4 by aquablue but as far as I can tell that QOS doesn’t work in conjunction with speedfusion. With the Balance set with guest at 5% bandwidth and staff at 70% bandwidth QOS, doing a 1 GB test file download to a computer in Guest and a computer in Staff group at the same time results in the computer in Guest group downloading ~12 mbps and the computer in Staff group downloading ~12 mbps with around 25 mbps total bandwidth, so either I have something set wrong, or this feature doesn’t work with speedfusion.
Maybe one balance router doing QOS could be placed behind a separate balance router running speedfusion, but I don’t think my budget for this would allow this.
Another option might be the split speedfusion tunnel with one prioritized… have to research this more.
Or another option might be to only route manager or manager+staff over speedfusion and route guest not over speedfusion and click the box to always prioritize pepvpn might work to prioritize manager and staff always.
How have others done QOS in conjunction with speedfusion?
No it doesn’t. QOS is all about LAN to WAN not LAN to VPN.
If you want to set hard bandwidth limits on a group of users where traffic passes over a SpeedFusion VPN, create a subtunnel for each group and turn on bandwidth limits on that subtunnel then set outbound policies for those users / devices / apps so that the traffic goes over the right tunnel.
Ah, ok. Thanks.
I don’t necessary want to hard limit bandwidth, so I think maybe I’ll do some thinking and post a new thread as a feature request.
What I’d really like to be able to do would be to prioritize a “mission critical” or “manager” group over the guest group, so the guest group could use as much bandwidth as desired if there was no other demand, but if a person in the mission critical or manager group wanted to upload/download that would be prioritized and not slowed down by a device consuming data in the guest group.
Maybe simply unchecking “route all traffic over speedfusion” and change to only routing traffic from the manager group over speedfusion leaving the guest group off the speedfusion connection and clicking the “prioritize pepvpn” would be the best way to always prioritize manager group devices?
Yes, don’t see why this wouldn’t work.
I´v have simular problem with 580 FW 7.1.1 but with encryption option in PepVPN with SpeedFusion.
I want to split up the traffic so the QoS Manager Group use 256 Encryption and the Guest group uses Speedfusion without 256 encryption. Is that possible and how?
Hi Platon,
Unless the guest traffic is being sent to another location, this would not be possible at this time. You can create sub-tunnels but the encryption is either on for all of the tunnels in the profile or none of the tunnels in that profile.
Thanks for fast anwer.
So I loose 20-22% bandwidth if we use 256 encryption?
"One more Q in this topic.
Is it possible to route the internet traffic out from a 4G modem to the mobile operator on this site and the rest of the traffic is receved by a other Balance in a datacenter and using Speedfusion and uses 256 encryption, do the internet traffic uses “Speedfusion”? And how is that traffics behavior?
Or is this not possible? You answer
Unless the guest traffic is being sent to another location, this would not be possible at this time".
Do you have any block schematics of the balance functionality?
The overhead should be around 10% with the encryption enabled.
Please check this link here and let me know if this provides the information that you are looking for.
This should be fully possible. Without knowing how the router is configured I’ll provide a couple of options.
If you have Send All Traffic To enabled in the SpeedFusion profile section you’ll need to enable Expert Mode in the Outbound Policy section. Enabling this feature will allow you to create rules that to send traffic out a WAN, rather than the PepVPN/SpeedFusion tunnel. This can be done by clicking on the question mark in the Rules bar and click on the blue turn on Expert Mode text.
Here is a demo rule for a Guest VLAN that I’ve created. This rule will force any traffic from the 10.10.10.1/24 network to use the 4G WAN.
After you save the rule you’ll need to make sure it’s listed above the PepVPN / OSPF / BGP /RIPv2 Routes bar.
If you only want traffic from a specific VLAN to be sent over the PepVPN/SpeedFusion Tunnel this is possible as well with Outbound Policy rule(s). This will not require Expert Mode be enabled.
Simply create a rule for the VLAN that you would like to take the tunnel. List the Algorithm as Enforced and select the VPN connection you’d like the traffic to take.
It’s important to remember that the rules are processed from the top down. So if you have a device in the Office VLAN range that you want to only use a WAN you’ll need to have that rule listed above the Office VLAN rule. In the example below, Demo Rule 1 would be ignored since 192.168.80.75 falls in the 192.168.80.1/24 range and any packets would have met the first rules requirements.
I hope this information helps. Let me know if you have any other questions.