I’m wondering if the peplink speedfusion vpn might be a good solution for my environment.
I’ve got 8 small (/24) routable ip networks – 2 at each of four remote locations. Each location has multiple (up to five) paths to the ‘internet’ each with different costs, availabilities, and performance characteristics. Delivering any internet connectivity to these locations is laborious and very expensive – so we are limited to a very small set of mechanisms which may be used. These mechanisms often come with additional constraints – some links require us to use an isp specified routing device which may only present nat’ed ip addresses to us – these devices supply an interface and environment very similar to what one would expect from a domestic isp and home router combination. For security reasons, all traffic to/from each site must go through our main site (the main site is not one of the four remote sites I’ve listed – it has fully modern infrastructure with very fast network connectivity). There is no need for traffic to travel directly from site-to-site. We desire a very classic and standard hub and spoke topology.
As mentioned, each of the internet links at the remote sites are expensive, high latency (satellite or worse), very slow (really, VERY slow – in the range of 256-512kbps per link – except at some sites where 3g/4g speeds are sometimes achievable), and potentially at any time can become unreliable. Load balancing is not an objective – only reliability and preservation of the ability to move at least some traffic. Each link should be used in statically determined priority order – eg traffic should go over link 2 if link 1 is unavailable, link 3 if link 1 and 2 are unavailable etc … Because of the nature of the influences which impact the reliability of each link, failing traffic over between links should occur quickly if possible … A small amount of keepalive type traffic across the 2nd/3rd/…/nth priority links is acceptable as long as it is reasonably small.
It’s a little unclear to me from quick glance at your product page if the speedfusion vpn supports priority based failover between the underlying isp links or only a load-balancing behavior – can someone clarify that for me? Also can someone describe the overhead added to each packet to support the speedfusion vpn? Are MTU modifications typically recommended (its possible on some of our links) for best use of the speedfusion vpn? Have people had success using speedfusion vpn over very slow, high latency, often congested networks …?
I’m envisioning a speed fusion capable device for the main branch and one for each remote site with the specific model chosen appropriately for the number of wan connections at that site … Does this sound reasonable?
I appreciate any/all comments and advice. Many thanks