Feature Request - WAN Grouping for PepVPN

A possibly feature request that I cannot easily think of a clever way around with outbound routing without needing another device upstream to detect WAN failures and then kill off the connectivity to the Peplink for a group of WAN interfaces.

310X, 2 Ethernet WAN + Cat18 LTE.

Client has two WANs, both 20/20 EFM circuits. They bond exceptionally well, delivering nearly 38Mbps both ways with no loss/latency/jitter after a little tweaking of the PepVPN settings.

The LTE performs exceptionally well too, in all testing to date we’ve never seen less than 50/50 out of it via PepVPN.

However, adding the LTE into the bonding trashes the performance of the PepVPN tunnel when combined with one or both of the EFM circuits. This is likely due to the latency differences and inherent low level loss / jitter in the LTE network compared to what are essentially two leased lines over copper. No amount of tweaking or tuning the PepVPN profile makes it a useful addition so it sits in a lower priority setting.

The client has a bandwidth requirement of 30Mbps, that is easily delivered by the two EFM circuits when bonded, the issue arises when we consider failover scenarios of 1 of the EFM circuits failing as one on its own is not enough but we have no way that I can think of to tell the Balance to stop using the remaining EFM circuit and switch to LTE only.

We would like to be able to define a failure group or something like that such that if 1 of the ethernet WANs was to become unavailable the VPN would shift to using just the LTE on its own as one remaining circuit cannot provide enough bandwidth, and bonding one remaining circuit with the LTE has proven too unpredictable vs just the LTE on its own.

Ideally something that would allow us to group a number of WANs and have a function that states “consider this group as UP only when X number of links are up”, the new “WAN Group” will simply show as another option on the PepVPN profile that can be assigned a priority like anything else.

At the moment our work around involves having a device in front of the Peplink, in this instance a Cisco switch using IPSLA and a couple of EEM scripts do some extra monitoring and shut down the ports that face the Peplink if a path failure is detected upstream.

1 Like

Like this idea.
It could be applied at the priority level maybe. ie change to lower priority if one of the wans in this priority fails.

1 Like

Sounds like a good idea too, as long as we were careful to avoid some cascade situation a way of setting some max/min priority dynamically would also be helpful.

Another aspect to also consider could be where the specified bandwidth of the WAN is taken into consideration.

We know in the above scenario the Ethernet circuits are very consistently 20/20. A way to tell the PepVPN profile that I need “X up and Y down” could also be used to drive the failover / priority order of connections on the fly.

Both of the above were features of a previous similar product we used to deploy, not generally used features but nice to have in these corner cases and allowed for some very powerful and more importantly very deterministic / predictable failover configurations.

1 Like

Like that idea. The new automated speedtest coming in the next firmware with IC2 reporting would finally make that possible.

1 Like

I have a slightly different use case, but being able to create a WAN group that then can be put into outbound rules would be nice. Actually being able to tie the same groups to SFC tunnels would be very nice as well. Having to maintain a ton of outbound rules frequently gets tedious.

My use case is for 100% (or high percentage) mobile users. The idea here is that I would like to define outbound policies based on a group that I can easily change based on my location. Sometimes that group would be Starlink and T-Moble Home. Other times that group might be Starlink and Verizon Hotspots etc etc…

There are times I don’t want low priority outbound connections to use a cell signal, but want my office to have full access, but other times I do. This scenario comes up often in certain areas just based on time of day and network congestions (Example being a cell network getting saturated in the evening). With the WAN side changing constantly for me, it seems difficult to have a static set of rules.

I know I could setup a ton of outbound policies to account for every combination of WANs and sources, but it would be nice to have limited outbound rules and just decide which WANs I want in that group for the week with an easy interface like the WAN priority interface. The feature should allow WANs to be duplicate across groups. Having 7 possible WAN combinations and so many different scenarios on the LAN side would make the outbound policy list unmanageable.

Definitely open to other solutions that may exist that I’m not thinking of.