How to get the most out of your Outbound Traffic Rules


#1

The following are three examples of how-to configure the Balance's outbound traffic rules.

 

Example 1 – Setting up Weighted Balance Rules

The Weighted Balance allows you to set the ratio of how Peplink unit should distribute outgoing traffic requests across the WAN links.  Since WAN 2 is the fastest connection, you can put more weight on it.  For WAN 3 which has the lowest bandwidth, you may not want to assign traffic to it unless other links are not available.  When the weight is set to zero, it means the particular WAN will only be used when other links are not available.    

To illustrate, with the following link configuration:

  • WAN1: 6Mbps
  • WAN2: 10Mbps
  • WAN3: 3Mbps

The Weighted Balance rule should be set as follows:

  • Source & Destination IP: Any
  • Protocol & Port: Any
  • Algorithm: Weighted Balance
  • Load Distribution Weight: 6 : 10 : 3 (Derived from 6Mbps : 10Mbps : 3Mbps)

This distributes a larger proportion of traffic to WAN2 to take advantage of the faster links, and a smaller proportion of traffic to WAN3 and WAN1 to prevent over-saturation of the slower link.

 

Example 2 – Setting up Per-service Weight Balance Rules

Some types of WAN links have different upstream and downstream speeds (e.g. ADSL with 3M upstream and 512K downstream). In such cases, upload-intensive services may require special fine-tuning.

A common example is outgoing email (SMTP), where traffic is mostly upstream.

Building upon the previous link configuration:

  • WAN1: 3M Downstream, 512K Upstream (DSL)
  • WAN2: 2M Downstream, 2M Upstream (E1)
  • WAN3: 3M Downstream, 512K Upstream (DSL)

A per-service Weighted Balance rule should be added for SMTP as follows:

  • Source & Destination IP: Any
  • Protocol & Port: TCP 25
  • Algorithm: Weighted Balance
  • Load Distribution Weight: 1 : 4 : 1 (Derived from 512K : 2M : 512K)

Example 3 – Restricting IPSec VPN Traffic to the WAN1 Link

To configure Peplink Balance to restrict IPSec VPN traffic to WAN1, add the following per-service Enforced rules:

Rule to specify UDP Ports 500 / 4500 traffic:

  • Source & Destination IP: Any
  • Protocol & Port: UDP 500 / 4500
  • Algorithm: Enforced
  • Enforced Connection: WAN1

With these rules enabled, Peplink Balance will route IPSec VPN traffic with NAT-T (that require UDP ports 500 and 4500) to WAN1 regardless of its up/down status. In the event the WAN1 is down, by design, the specified traffic will simply be dropped rather than routed via the other WAN links.