Hello I Have a balance 20 with 2 Vsat WAN connections and a USB 4G device.
Load valancing and failover works as expected however Speedfusion reduces line speed from 20Mbs to 4Mbs. This is almost certainly because the Speedfusion protocols do not work well with the Vsat acceleration and TCP compression protocols. Is there any way around this such as using a UDP protocol?
You might find my old article on this of interest:
Actually there are a combination of challenges when using VPN over high latency links.
Advertised ‘line’ speeds are only possible when techniques like TCP acceleration within the sat terminal itself can be used but because the headers of the VPN traffic are encrypted, the TCP acceleration does not have any affect, which lowers the overall throughput available in the tunnel.
Then even if we can get the VPN tunnel itself to use ‘line speeds’ the encrypted payload within the tunnel is still sending traffic and waiting for TCP Ack packets to return over the high latency link, so application traffic bandwidth is reduced even if the point to point VPN connection is running at near full speed. UDP payload traffic is your friend here.
Back in 2014 when I wrote that article, Peplink had come up with the idea of combining high bandwidth satellite links for download with lower bandwidth cellular for upload to reduce the overall latency when using satellite for IP traffic.
Today in the VPN profile we can enable the experimental exposure of TCP sessions to regain some of the benefits of that acceleration.
Guess the answer here really is try these different approaches, test the hell out of it, report back here and we’ll ask the Speedfusion team to check things over and see what tweaks are possible to improve things.
3 Likes
Now that is an exceptionally cool experimental feature! Is it compatible with encryption?
1 Like
OK that looks interesting.
How can I activate this on the speed fusion as my real interest is to have hot standby with the same IP address?
Also can I order a fixed IP address on Speed fusion for inbound traffic?
Regards
Stewart
Are you using SpeedFusion Cloud? If so you can’t as yet order a dedicated IP for inbound traffic.
You can either host a free licensed Fusionhub virtual appliance yourself, or approach one of the Peplink partners to do that for you.
Hello Martin,
Thanks for the update, we are aware of the UDP option being what is required.
We are not creating VPNs rather a SDWAN using speed fusion.
The idea is that we have hot standby with 4G and the failover is seamless.
How do we get the speed fusion to work with UDP?
Kind Regards
Stewart
Sure SDWAN for internet access got it. For seamless failover you will need to build a SpeedFusion Tunnel to either SpeedFusion Cloud (A pay as you go hosted service from Peplink) or you can host your own appliance (physical or virtual) in the cloud or in a datacenter / location with high speed internet access.
If you want your own IP for inbound traffic then you need to host a virtual Fusionhub or physical appliance somewhere as SFC doesn’t support inbound port forwarding etc at this time.
SpeedFusion uses UDP by default so once its set up you’re good to go.
I turned on speedfusion and the speed dropped by 75%. That is what I wish to resolve
Regards
Stewart
Because TCP acceleration isn’t available now as your traffic is encrypted - and you also have lost some bandwidth due to the overhead of speedfusion itself.
.
Your options are to only use speedfusion for certain traffic that needs to be super resilient and leave everything else going over the Sat link direct, or enable the experimental expose TCP sessions feature.
Is the Expose TCP sessions feature in the speed fusion dashboard?
We really need a UDP version of speed fusion
Regards
Stewart
Maybe I am missing a vital component here. How do I build the Speedfusion tunnel. I only subscribed to speedfusion and nothing else?