FusionHub improvements

Right now we find it hard to make full use of the fusion hub as it lacks:

  1. Dynamic routing (BGP & OSPF)
  2. Any routing within VRFs. Ideally, I would like to be able to have dynamic routing on the base (no-VRF) and then share a route into a VRF, so we can have separation of routes such that each VRF only sees selected routes. Even static routes within VRFs would be an improvement.
  3. multiple WAN interfaces. This is seperate, so we could use fusion hub’s on smaller sites where physical devices are inappropriate.
2 Likes

Hi,

Thanks for the feeback.

  1. We are working on this feature.
  2. Putting this into feature request.
  3. Putting this into feature request.
1 Like

Extra LAN/VLAN interfaces would be nice as well, for more advanced deployments.

2 Likes

One major need is route isolation (like on the balance/max series).
We run a pure “star” topology (IP phone service). i.e. PEER-A should not see a route to PEER-B subnet via fusionhub.
Right now we have about 800 peers on balance routers in two data centers. Starting a major push into google cloud. When I have say 400 peers on a FH in one google region it will be an immense security hole AND waste of bandwidth for every peer to receive constant updates to 399 networks they should NOT see.

1 Like

Also (I have asked about this for some time) ability to add manual route advertisements.
Issue is that in google cloud the virtual machine has a “LAN subnet” of a single ip address. i.e. 10.145.0.17/32
The other VMs are all on 10.145.0.0/24. That is the “real” private subnet. But the DHCP gives the VM a single IP WITH NO GATEWAY. All routing/firewall rules are in the google cloud engine, not in the VM.
So FH advertises not 10.145.0.0/24 but 10.145.0.17/32. So you have an IP phone on a remote network that needs to reach 10.145.0.20…it cannot. So you have to add an outbound policy in every remote peer enforcing 10.145.0.0/24 to “GOOGLEEAST” vpn. This means that when I move a peer from a balance to a FH I have to add rules to the peer. If I add another subnet at google I have to go back into every peer to edit.
Solution I am requesting is to be able to add multiple manual subnets of any size to be advertised. So I would add 10.145.0.0/24 in the FH. It advertises it and everything now works

any feedback on this? Would love to see the VRF’s grow to be more useful with their own routing tables, and 2 WANs on Fusionhub would make it useful for any more deployments…