Routing specific applications via SFC

Product Discussion Pepwave MAX
, ,
#1

What’s the recommended approach to routing specific application traffic via SFC in the current firmware? Is there any documentation available around this?

It looks like a new method was recently added (in 8.1.1?) which allows traffic for specific applications to be routed via the SFC interface:

image
image1721×619 59.9 KB

And the previous approach via Advanced => Outbound Policy:

image
image1472×1011 70.3 KB

The two approaches differ in application selection and other aspects. It’s unclear to me which one(s) to use in which scenarios.

#2

I understand that the first method uses DPI and the 2nd method uses a database of known IPs / Service ports to identify the traffic. So DPI should be more accurate / sucessful.

#3

Be nice to see some feature partity in the future here for those of us that do not use SFC and host our own hubs.

Given I’d think the DPI is being done on the Peplink sending the traffic anyway (as if its not how else does it know where to send things!) can’t really see why it would not be possible to implement it so we could use the DPI to send traffic to our own SF tunnels…

#4

We can do the same DPI outbound policies for the ‘daily driver’ applications (zoom, google, office365 etc) using our own hubs but the policy has to be pushed and managed from InControl - you can’t do it on the device.

#5

Do you mean like this, or is there another way that I am missing? :slight_smile:

Screenshot 2021-01-16 at 16.46.30
Screenshot 2021-01-16 at 16.46.301742×1004 80.2 KB

Just I get the same list of apps / options direct on the device directly:

Screenshot 2021-01-16 at 16.50.30
Screenshot 2021-01-16 at 16.50.301518×718 69.8 KB

#6

Its Destination SaaS not PepVPN

image
image801×481 24.2 KB

1 Like
#7

According to New DPI steering functionnality - #2 by cgreen, the Outbound Policy method also uses DPI. So this is quite confusing.

@sitloongs , would you mind clarifying please?

#8

indeed. The SaaS list is so much shorter - it has to be more complicated an approach surely?

#9

@Vitaly ,

I’m checking on this and i will get back to you ASAP.

#10

@Vitaly , @MartinLangmaid

Do allow me to answer your question first. If you are referring to route specific application via Peplink SpeedFusion Cloud (SFC) then the SpeedFusion Cloud —> Optimize Cloud Application page will best use here.

Do allow me to explain the DPI steering , SaaS Application and the Optimize Cloud Application for SFC.

1. DPI Steering (This is only work between SpeedFusion sub Tunnels) - Local WebAdmin

Example :
----Traffic Direction----->>>> Site A ----SF—> Site B ------> Internet.

A ------------------------Default Tunnel ---------------------B (All Traffic)
A ------------Sub Tunnel Smoothing enabled -----------B (Zoom , etc)

  • Use outbound policy to defined which application to use the smoothing sub tunnel.
  • Send all Traffics required
  • DPI engine will recognize the type of traffic after several packets passing through, so the first few packets may be routed to the default tunnel, but when DPI successfully recognized the traffic, it will be steered to the correct sub-tunnel while keeping the session intact, without any interruption.
  • WebAdmin will be improve for future firmware to reduce the confusion how the DPI Steering will work.

2. Optimize Cloud Application for SFC - Local WebAdmin

  • This will forward supported applications using SpeedFusion Cloud (SFC) connections.
  • This is using the SaaS application IP addresses DB that maintained by Peplink.
  • More SaaS applications will be added for the coming firmware.
    image
    image1263×558 45.5 KB

3. SaaS application rules via IC2.

  • This allow forward supported application via WAN direct or SpeedFusion tunnel.
  • This is using the SaaS application IP addresses DB that maintained by Peplink.
  • More SaaS applications will be added for the coming firmware.