Excluding some traffic from SpeedFusion Cloud?

Hi all,

My home has two adults working full time and one remote college student, with lots of zoom meetings. We have two independent ISPs, both about equal in performance (though one has more frequent outages).

I’ve been reading about SpeedFusion Cloud to bond my two connections together, and to quickly failover should one connection fail. This would be great for our work and school traffic. However it appears that there is a data cap on the service, so I would love to be able to exclude some services (like Netflix) from the bonded connection, so I don’t blow through my data cap too quickly. Is something like that possible?

Thank you!

-Eben

Yes, you can create an Outbound Policy that looks for certain applications or categories of traffic destined to a SpeedFusion tunnel and re-direct it to a different interface or interfaces. I do the same thing to avoid tunneling streaming traffic to my SpeedFusion instance and instead take advantage of my cell networks’ video “optimization” to limit bandwidth usage.

1 Like

Easy to do. You don’t say which router you have but here’s an example from a Balance 305:

Navigate to Network --> Outbound Policy and then “tell” the router which traffic you want to go where. In the example I’ve shown the first two lines direct certain traffic to different SFC endpoints; the third line sets T-Mobile as preferred for the computer at 192.168.25.154 but only when using telnet on port 7373. Outbound policy is an extremely powerful capability of Peplink/Pepwave routers.

1 Like

Thank you! I have the Balance 20, and your example helps explain things.

OK! For your purposes the GUI of the B20 and 305 are the same. Take a close look at the various alternatives you have for outbound policies.

1 Like

Thanks again! Are there any shortcuts for recognizing Netflix or Youtube? Or do I just need to put in all the various domains they use? My ASUS wireless router seems to be able to recognize different application traffic, though I’m not sure how they do it.

If you have a collaborative environment then one simple solution is to create two VLANs/SSIDs, one for what you want to send through the SFC, the other not. The the policy rule would be based on the source IP address, sending those on the SFC-bound IP addresses to the SFC, the others, not. Then users can switch from one SSID to the other according to their usage.

Z

1 Like

I think that I’m starting to understand, here is what I did:

  1. I signed up for the free trial of SFC.
  2. I selected a cloud location
  3. I connected one of the clients to the SFC.
  4. Go to Network -> Outbound Policy, create a new custom rule for streaming, which indicates that anything going to the supported streaming applications, should instead go on one of my two WANs.

Does that prevent Netflix from burning through my SFC data cap?

Thanks @zegor_mjol, it sounds like I still don’t understand it right.

If I select a “Destination” other than “SpeedFusion Cloud”, then the Protocol menu doesn’t include the “Application” category.

I would like to redirect all streaming applications away from the SFC bonded connection.

The easiest way to isolate streaming traffic is by the devices that you use for streaming. Change Source to the IP or MAC of the device and Destination to Any. Then select where you want the traffic to go using Algorithm. The problem comes up when you want to do streaming on a general computing device, i.e., PC, tablet, etc… In this case you would use Source = Any and Destination = , then the Algorithm. Unfortunately, since the streaming services often send their traffic through several IP/domains, you will have to have a rule for each of them BUT can use an asterisk anywhere except at the beginning of a domain reference to minimize the number of rules required. The most important thing to remember is that the rules are “interpreted” from top to bottom and you must specify Fall Through and Terminate as in this example. You cannot use traffic type to segregate streaming traffic unfortunately since it is more likely https traffic.

1 Like

Thanks @joelbean, alas in my household it’s mostly the same laptops doing Zoom by day and Netflix in the evenings, so device-specific routing won’t help me there.

It appears that I would need a very large number of domain-name rules for all the various streaming services. I’d like to find out if the Protocol -> Application setting will work for this (as shown in my previous post). It looks like it might, but I haven’t been able to find any documentation on how the outbound rules work with SpeedFusion Cloud.

All outbound rules work the same to direct traffic. You simply select a LAN link or a VPN link using various algorithms. Think of SpeedFusion Cloud as just another place to send traffic.

1 Like

Specifying outbound rules by source and destination IP address or domain name make sense to me. I guess I’m confused by how SpeedFusion Cloud appears as both a possible “Destination” and also an “Enforced Connection”. What does it mean to specify SFC as both?

When you use the Enforced algorithm, you select maximum one link to enforce.
When you use, for example, Priority algorithm, you can select multiple links in a priority, of which SpeedFusion Cloud is one of them. You can mix and match VPN links and other WAN links for some algorithms based on latency, priority, fastest response, etc…

1 Like