I am hoping to use a Balance 20x with Speedfusion for bonding/balancing of a WISP and my new Starlink Beta I received a few weeks ago. My hope is that bonding of these connections can improve my remote work connection stability so I have less dropped calls/video conferences.
However; I am quite heavily invested in the Unifi/Ubiquiti ecosystem and hoping to put my Balance 20x infront of my UDM pro - (I.e. ISP connects → Balance 20x → UDM Pro → network)… I am hoping to do this is a relatively painless wait but I am unsure if that is possible. My hope is I can preserve my metrics provided by the UDM front end, AP control/firmware updating from the controller software, as well as not needing to rebuilt a fairly large network of IOT devices with IP reservations etc.
I know how to disable NAT using SSH on my UDM Pro; my hope is that I could use my UDM pro with NAT disable but still allow it to handle DHCP; and use the balance 20x for NAT … I believe this is the best way to ensure Peplink Balance 20x’s outbound policy policies affect traffic appropriate (i.e. forwarding traffic for Netflix/Hulu on kids and wife’s devices over a single ISP with failover, instead of a speedfusion VPS that likely has its IP address blocked by Netflix).
Does anyone have experience with a similar setup to this that can help steer me in the right direct? I am a bit of a rookie when it comes to more involved networking setup like this; Can i keep DHCP servers running on both the UDM pro and the peplink Balance? are there specific static routes etc I need to setup? Any help is greatly appreciated!
Yep, if you can get rid of the NAT on the UDM Pro it should work out fine, you’d just need to add some static routes from the 20X LAN towards the UDM Pro for the networks behind it but that is pretty easy to do.
E.g.
20X LAN is 192.168.1.1 /24
UDM WAN is assigned 192.168.1.10
UDM Has 192.168.101.0/24 and 192.168.102.0/24 behind it you’d just need to add a static route on the 20X for those subnets via 192.168.1.10 and a default route on the UDM sending all traffic via 192.168.1.1.
Other than that you have the right idea, outbound policy can match based on source IPs of the networks or specific devices behind the UDM for onward routing either direct to a WAN with failover or to the SF tunnel.
For the SpeedFusion side of things I assume you’re planning on running a hub in a cloud provider like Vultr or similar, if so yes you’d likely find the IPs blocked by Netflix etc. so your plan to send that traffic direct out either WAN is best.
Something to bear in mind the 20X is only good for about 100Mbps of SF VPN without encryption, so over time your Starlink connection will likely be capable of delivering more throughput than the 20X can handle for SF VPN, but at that point if all you care about is using SF for certain traffic you probably don’t have much to worry about.
Thank you so much for the detailed reply! I finally got the routing working thanks to your help (well after 20 minutes of it not working, I remembered to “apply changes” - Doh!)
I also go outbound policies working and everything seems to be functioning correctly! I will install a boot script on my UDM tomorrow to ensure the disable NAT persists throughout reboots. I can’t thank you enough! That was the last ‘hump’ in my understanding needed to get it working.
On a related note - I agree regarding the SF VPN speed without encryption my WISP is about 20 mbs down and starlink is ~ 150-250 mbps down; I am looking for consistency… however, is there a more capable SF VPN device geared toward consumers/enthusiasts with a bit more throughput you might recommend?
Hah, that gets me sometimes but its handy to be able to stack up a lot of changes if I am working remotely on a device! Also I often forget that some advanced config is hidden away under those blue question mark buttons in the GUI.
The 20X is hard to beat for price / performance at the moment in the current lineup, especially when you factor in the low upkeep cost of Prime Care on that device vs Essential Care on higher end models.
The next step up is probably to something like the 310X or 380X if you don’t want to have the built in cellular but that comes as a significant price jump. Hopefully as Peplink expands the “X” series of models something else will come along to slot into that gap…
(well after 20 minutes of it not working, I remembered to “apply changes” - Doh!)