Environment
A bank or retail organisation has multiple branches geographically spread across the country and uses an expensive but reliable MPLS network to link them together securely.
Requirement
Due to continued growth, new sites need to be added to the WAN securely, efficiently and cost effectively. One of the new sites is a new large branch location with enough space to locate a server rack for disaster recovery purposes (disk backup, virtual infrastructure replication).
More resilient bandwidth is required at all locations - especially the DR location and the head office / largest branch where the live production server / application infrastructure sits that serves all core functions within the business and is remotely accessed by the remote branches.
Lots of bandwidth is required between the head office locations and the DR site to speed up off site backups and replication.
Existing branch offices connected via MPLS need more bandwidth but MPLS service bandwidth increases for these locations come at a heavy cost and with long term contracts.
Suggested Solution
Head Office Balance 580 The head office B580 has an additional high speed fiber internet connection (and optional LTE connectino) installed alongside the existing MPLS connection to provide additional bandwidth for both direct internet access and for VPN bonding.
DR Branch Balance 580 The new branch that will act as a DR site does not have an existing MPLS connection. Instead 3 high speed internet links are installed (fiber and DSL - optional LTE is also shown) from a mix of providers.
Existing MPLS enabled Branches These all have Balance 210 routers installed. The existing MPLS WAN link is connected alongside new internet WAN links from the most suitable provider for their region using the most suitable connectivity technology (whatever is high bandwidth and reasonably priced - a mix of ISPs and connection types).
**New Remote Branches **When a new branch is added, MPLS connections are not installed. Instead multiple direct internet connections are used, from any ISP. An additional LTE cellular USB dongle can also be used as a failover / backup internet connection.
SpeedFusion VPN Bonding SpeedFusion VPN bonding is used at all branch locations to combine the available bandwidth across all active WAN links (MPLS and direct internet WANs) creating a hub and spoke network with head office acting as the primary active hub.
DR Failover Each remote branch also creates a second SpeedFusion VPN connection that acts as a failover to the DR Branch 580. If there was an event where the head office branch was unavailable, all remote branches would automatically failover to the DR site (with it acting as the SpeedFusion VPN Hub) and would remain connected to their applications and data via the services at this Branch. This failover occurs at the packet level so depending on the server and application architecture the failover process can be seamless to the end user and their applications.
Head Office and DR site replication These sites are connected via SpeedFusion VPN and so all bandwidth across the 3 WAN links at the DR site and the high speed fiber connection at the head office site is aggregated into a single logical high bandwidth point to point VPN connection - speeding up replication / sync jobs between the sites.
LTE for Failover or active use The diagram shows all sites with a LTE connection to the internet. This can either be used for just failover or as an active full time connection to increase bandwidth. LTE can even be used as the only connectivity at a remote location such as a mobile Banking/retail truck that might visit rural locations where where a full time branch would not make commercial sense.
Additional Notes
The Balance 580 supports up to 50 remote VPN peers, so this design could support up to 50 remote branches.
Remote staff (either working from home, or deployed in temporary pop up branches) can use small Peplink devices (MAX on the go or BR1 Slim) to securely connect to the corporate network using whatever connectivity they have available (at home DSL, cellular on the road / in the field).
The use of LTE connectivity is an attractive option as it provides over the air connectivity in those instances where fixed lines have been physically damaged (by roadworks or physical damage to the cables coming into the building).
Devices Deployed*: Balance 580, Balance 210*