In order to have a static IP, I use a fusionhub. Works great, except that the noc was doing maintenance a couple times this week which took it offline for several minutes causing an “outage” for me.
I’m thinking of adding a second fusionhub at a different datacenter and then allowing both static IPs to various services which are restricted to IP.
Then if the first speedfusion tunnel is down, have traffic go to the second speedfusion tunnel to the second fusionhub.
yes, it has functions for that. when you set up the second Speedfusion profile in IC2, you can specify it as “Disaster Recovery” and it has lower priority for connection.
If you want them both active at once, you can instead increase the link cost’s in the profile for the second one, which will make them prefer the first one (and in that scenario you may also want to turn on speedfusion route isolation for the endpoints so they don’t share routes from one tunnel to the other and vice versa).
Yes. Add a 2nd profile to your device to create a new Speedfusion tunnel to the 2nd fusionhub in the same way you have the first.
Use outbound policy on your Peplink device to prioritise the first over the 2nd.
Hi!
We are looking to do the same as OP (aquablue), and we are quite new at the whole Peplink setup. I’ve been looking through the Outbound Policy and I can’t find any way to prioritize one over the other.
We have one connection working as intended, we only need to bring up the second with the correct priorities set. Wouldn’t the Cost in the “Speedfusion VPN” be the correct way to manage this (we are using OSPF for routing)? We would like both VPNs to be up at all times, and to use the second one only in cases where the first one comes down - if it’s possible.
Are there recommendations to bring it only up when the first one comes down?
Thank you
Both tunnels would be up, the secondary with a higher OSPF cost set at both ends. if you are only routing to routes discovered over OSPF then you are done.
if you also want to use the tunnels for internet traffic (as a default route) then you’ll need to have an outbound policy set for source any destination any as a priority rule, with the primary tunnel set above the secondary.
We also have the issue, where our default route is breaking our configured rules in the remote devices. See this post :
We want to achieve access to internal networks, but not route Internet through the VPN. Is there a way to achieve this (split tunnel, with SFConnect as Internet). Everything works fine without OSPF, as we’ve added rules in Outbound Policy