Dear Community
We are planing our Peplink-Network.
We’d like to have it Desaster-Proof and want to install FusionHub in two redundant Datacenters (Active/Active) with HA.
On our Peplink Devices we plan to install two VPN Routes with prioritys.
Is there any Network Example that could help us? Any tips how to setup such a szenario?
Thank you
Regards
Mathias
Hi Mathias,
First stop would probably be to find a good partner in your country / region to work with so they can help you make the best decisions as having some detailed knowledge of what features / functions are possible on each platform here is probably necessary.
Unfortunately at this time the FusionHub VM does not have any HA features, for that you require physical appliances and looking at the number of remote sites in your diagram that would be a 380X or bigger as a starting point depending on traffic forwarding requirements… dear Peplink please offer us a fully featured Balance VM already!
Depending on your VM environment you might be able to rely on its redundancy features although I’ve seen issues with migrating FusionHub VMs between distinct VMWare clusters (licences go invalid etc.) so that is something you would need to test + validate carefully.
Depending on how the integration with the rest of the “company network” works both physically and logically physical appliances might not be a bad approach anyway as they are generally more featured than the FusionHubs.
One big tip would be to use InControl2 to manage all the configuration for the VPNs here - I’d actually use it for managing as much of the configuration as possible - but just make sure to factor in renewal of support contracts for all the network elements when you are costing this solution.
Hi
Thank you for your Answer.
We are aware, that there is no HA Feature in FusionHub. We will try to do HA with our VM’s and test that.
We already have a small Peplink Network with a 310x as Backend. We choose FusionHub on a VM because of its Scaleabilty.
Our Partner who will deliver all the Devices next week just never did a Active/Active Scenario in two Datacenters. I need to know how to set that up, that it will work properly.
We will use InControl2 to manage that all, as we allready do. And we are aware of the renewal for the support contracts. That all is calculated.
Maybe you can give me a idea, how to set that up?
Thank you
Mathias
Your diagram is pretty much right. As you have drawn it the key thing is the remote devices can have a Speedfusion vpn actie to a fusionhub in both datacenters at the same time.
With one datacenter active and the other passive you would set the OSPF metrics on the tunnels to and from the passive one to be higher so that OSPF routes traffic via the primary datacenter as a preference.
What needs work is the datcenter bit as you noted and whats not clear is how you will manage failover. You have two fusionhubs in the primary datacenter and two in the secondary. Is your DR process to bring up two Fusionhubs in the secondary datacenter only when needed or will they be online all the time?
In these situations I would be using a dynamic routing protocol between Fusion hubs in the same datacenter (OSPF, BGP) and then across datacenters too. As will notes you wouldn’t be bale to use VRRP across FusionHubs but you really don’t want to any way.
Dear Martin
Thank you.
Both Datacenters would have FusionHub active. So we will need dynamic routing. As I don’t know how to do that, I hope the guys from the Datacenter do… I will tell them, that it would need dynamic Routing.
Is there any example scematic for such a solution that I could show them?
Regards
Mathias
