Much appreciate an insight into the below , in my deployment we are using multiple service providers and its hub and spoke network when considering the branch network.
The plan is to have a Balance 580 at the data center onto which there would be 1x MPLS, 1x VPLS and 1x ISP link from the multiple service providers being terminated and to use the Speedfusion functionality to achieve greater throughput together with the InControl SDN management framework
for the pilot testing we have identified few branches with multiple service provider links (MPLS and ISP) these branches would have a Balance 380 and I believe Speedfusion will work without any complications.
The concern i have is would the other branches which does not yet have any Peplink device (these have Cisco or Huawei basic routers with a IP based WAN & LAN interfaces) and one service provider link only. Could these branches still access the data center resources via the service provider networks … i.e would the Balance 580 at the data center which now acts as the main router just pass through the traffic from branches which does not have any peplink Speedfusion capable devuice ?..
Much appreciate any thoughts… thank you in advance.
Is the one service provider at the other branches part of the MPLS network? If so, the Balance 580 at the data center would still be able to bridge this traffic over the MPLS WAN with a drop-in mode deployment.
Thanks for the update Yes the branch network and the Data center are serviced by the same service providers. Basically the entire organisation use same 3 service providers for all the connectivity across the WAN.
So you reckon the traffic from a branch which does not have a peplink device will go pass the 580 and hit the service at the datacenter without any specific configurations on the Peplink 580.
Adding to the above , what i am anticipating is the Balance 580 at the Datacenter to serve the branches with the Balance 380 deployed for speed fusion services (managed via InControl) plus the branches which does not have peplink but connected to the same MPLS or VPLS network via a Cisco or Huawei basic router.
This is a good scenario for drop-in mode as the 580 will still pass inbound traffic on the MPLS WAN.
Outbound policy rules need to be configured in the 580 for sending private traffic outbound. Private traffic would either go through the MPLS WAN, or through SpeedFusion for remote sites with Peplink devices.
Note the VPLS and ISP links would be used for SpeedFusion so it is important to keep those IP addresses (used for WAN routing) unique from the MPLS IP network.
The MPLS, VPLS, and ISP connections can be bonded together for greater throughput and this works best when each link has similar bandwidth and latency.
If sites with a non-Peplink device are still connected to the MPLS network, they could still route to the MPLS LAN configured on the 580 with drop-in mode. Is OSPF or or a VPN used with the MPLS network now?
No OSPF or VPN is used at present and the small branch there is only a layer2 planet switch or a cisco router which is connected to the MPLS … as per the dropin mode do you anticipate any complications, the larger branches with dual links (MPLS / VPLS and Internet) will have peplink 380s with speedfusion .
Attached is the network topology, what i want to achieve is once the peplink 380’s are deployed for larger branches such as branch-1 in the attached, the smaller branches which mostly has planet layer-2 switches to be able to communicate with the data center and the head office plus the data center and the head office to communicate with the branches as well.
in a nut shell the the peplink solution should not impact the communications between the smaller branches which has just one link and a basic layer-2 switch, eventually at some stage these branched will embrace a peplink solution but until such time is should have seamless access (both way)
As of now no OSPF of IPSEC VPN tunnels are in place all routing from the service provider perhaps one default route from the branch end point to the WAN.
So VPLS is the provider common to all sites? In that case the VPLS network would be used with drop-in. The branches without a Peplink would normally have a default route of the local router and simply route between sites without a NAT.
The Balance 580 can handle 1.5 Gbps of bi-directional traffic but it is rated at 200 Mbps for encrypted VPN traffic. The diagram indicates you have a lot of bandwidth so please check here for sizing this deployment.
We also have certified partners that can help you get this deployed without impacting communications between the smaller branches.
VPLS , MPLS are from the same service provide across the entire network and common , just one classification as you have outlined in a previous reply : " i would need to configure an outbound policy on the data center 580 so that it knows on which links to reach the branches with no-peplink device ? . "
For branch sites not going through SpeedFusion you would want to route out the VPLS WAN if there are multiple WANs on the 580. This is configured using outbound policy rules.
so in summarizing “since there are multiple WAN links on the data center 580 i can specify which WAN connection to use to reach the branch network with non peplink end point and the IP addresses has to be unique across the WAN and the LAN…”
Correct. Is the 172.1.1.X network used by the Cisco routers only for WAN routing so each site has a unique LAN network? If that is true drop-in mode is the way to go.
On your concern about encrypted VPN traffic ; in the POC environments the 3 links between the head office and data center are private point to point links (the entire capacity of the links vary between 300Mbps - 600Mbps) would the concern of encrypted / VPN traffic come up as the 580 is rated for 200Mbps PepVPN Throughput. The agenda is to utilize the the entire bandwidth by combining the links between the head office and data center so a bigger pipe exist.
The Speedfusion is mainly to optimize the bandwidth usage across branches which has multiple links . A branch link on the higher side is 10Mbps links (2 at each) and the total number of branches are 6
much appreciate your insight.
tks SD-WAN-POC.pdf (102.8 KB) the links between the DC and Head office