Hello Peplink Community,
I’m planning a network deployment at one of our production sites in Cape Town and would appreciate some guidance to ensure optimal configuration and performance.
Current WAN Setup:
We have four WAN connections available:
WAN1 - SITE MAIN: 900/900 Mbps
- 60GHz air fiber link delivered via point-to-point across mountains, with built-in 5GHz failover. Prone to the odd 5-15 min outage, mostly unpredictable.
- 1x Public IP presented.
- Generally 10-20ms latency out to the internet.
WAN2 - SITE BACKUP: 500/500 Mbps
- Similar 60GHz air fiber link as above.
- 1x Public IP presented.
WAN3 - 4G LINK 1: 150/50 Mbps
- 4G link via high-gain omni antenna.
- 1TB monthly usage, CGNAT (no public IP).
- Generally 25-60ms latency.
- Delivered via bridged ZTE router into the SDX Pro.
WAN4 - 4G LINK 2: 150/50 Mbps
- Similar to WAN3, but with a high-gain directional antenna pointing to a different cell tower for redundancy.
I want to fully protect critical traffic (VoIP delivered via Zoom Cloud, Email, and Instant Messaging like Google Chat and WhatsApp) using SpeedFusion while also providing failover support for all other site traffic.
I also need high-priority upload capacity of around 500-600 Mbps for one or two end desktop clients.
Planned Hardware and Setup:
Peplink SDX Pro: To serve as the main gateway managing WANs. (Is the SDX better value, considering I don’t need integrated cellular?)
SpeedFusion: Consider whether to subscribe to SpeedFusion Connect or self-host.
PfSense Firewall: Connected via LAG (2 x SFP+) from the SDX Pro, handling all internal networking (VLANs, DHCP, DNS, firewall rules, etc.).
Network Devices: Downstream of the firewall—APs, desktops, etc.
Questions:
Is combining WAN1 with WAN3 and WAN2 with WAN4 optimal for latency and protection?
Should I remove the cellular links (WAN3 and WAN4) from SpeedFusion due to their higher latency and use them only for hot failover?
Do I need another WAN connection to provide a separate failover, or are the existing WANs sufficient when configured appropriately?
Can QoS and other features be safely configured on the SDX Pro while the PfSense firewall handles internal networking? Are there any best practices or potential pitfalls in this setup?
Should I plan differently to accommodate Starlink when it becomes available in the next 6-9 months?
Aware of ~19% overhead; acceptable for us but open to optimization suggestions.
Is it better to set up an AWS AMI of SpeedFusion in a Cape Town data centre and route traffic via that? While SpeedFusion Connect is more cost-effective, the cost isn’t necessarily a prohibiting factor for us. What are the advantages or disadvantages of each option?
I appreciate this is a broad and very specific use case, but I wondered if anyone has any advice.