I managed to break Pepwave's "Unbreakable Connectivity"

Hi Forum Members,

I would like to share a harrowing tale of how I managed to break Pepwave’s awesome Speedfusion system. I have been using a Max Transit Duo for over a year for livestreaming, both on Platforms like Youtube and Vimeo and for hosting Zoom Webinars.

I was doing a Virtual Conference for a client in a remote location with quite poor 4G bandwidth and no hardline internet from the venue, but with the addition of a Starlink connection, I thought all would be well. But sadly, the 2 day conference was plagued with internet issues and my Transit got overloaded and shut down all WAN links and both Fusionhub and Speedfusion cloud tunnels multiple times over the 8 hour stream on both days.

After speaking with my local Peplink distributor and doing real time diagnostics, we managed to work out that the CPU on the Max Transit Duo was just not powerful enough to handle protecting the 6 HD zoom calls plus a livestream out to a virtual events platform over the WAN Smoothing tunnel. The CPU would be right up at 80-100% for most of the day and a few times actually crash the VPN tunnels causing massive disruption to the zoom calls and stream, even though there was enough upstream bandwidth on the 4 individual internet conenctions to cope with the load (3 different cell providers and Starlink).

One issue is that I was using a Saas outbound policy rule for Zoom in Incontrol2 which activates the DPI function on the router, which I’m now told is not recommended on the Transit series because of the CPU hardware limitations. Unfortunately, I use Zoom calls and webinars a lot over multiple computers and therefore need a way to identify the zoom traffic to protect it over the WAN smoothing tunnel but also not send traffic like dropbox downloads and windows updates on the same machines which would destroy my celluar data.

If anyone has any ideas how to steer the zoom traffic to the WAN smoothing tunnel without using a Saas rule from Incontrol2 I am all ears!

For now, my faith in this product has been severely shaken and it’s going to take time to be able to trust my Transit again to protect my livestreams. This is the first time in a year that I have had any issues with a usually bullet proof solution.

Thanks

I feel for you. Im sure that was a pain in the butt…

But you didnt “break SpeedFusion”, you “overran Max Transit” with more traffic/throughput than its capable of.

For comparison sake consider a 4cylinder vehicle (Max Transit) driven at FULL THROTTLE for 500 miles, how might that vehicle perform compared with a Formula 1 /Nascar (MBX or similar) race car?

Devices should be sized accordingly for the expected utilization. With headroom

I recently upgraded from Max Transit to Max BR1 Pro - specifically for the added throughput of Speedfusion.

@erickufrin The MAX Transit duo is capable of 100mbps of unencrypted speedfusion traffic. I was only pushing 15mbps down and 15mbps up…it should have been able to cope.

Here is a solution to eliminate the SaaS rule but it requires some work and potential “upkeep”

At the bottom of this page are txt files of IP ranges for Zoom products. https://support.zoom.us/hc/en-us/articles/201362683-Zoom-network-firewall-or-proxy-server-settings Like this: https://assets.zoom.us/docs/ipranges/Zoom.txt

Download those and import txt’s into inControl Network Groups. Then define your Outbound Policy using these Network Groups in destination. No more SaaS rule!

I assume what Peplink is doing is automatically reading in these files and keeping that list up to date. So in absence of the SaaS rule you’d need to keep up with any changes to this file. My gut tells me the lists change time to time but not that often. They scaled up big time last year, odds are they wouldnt be needing to add more ranges now that Zoom consumption is lower.

If its just matching the Zoom IP ranges that shouldnt require DPI. Seems silly that using the Zoom SaaS rule forces that.

Amazing! Thanks so much. This will go a long way to helping my CPU usage especially now as I’m using Zoom Bridge now as well which requires even more bandwidth.

Cheers