Today my scenario is as follows:
-
A central site with an 30 Mbps exit link to the Internet;
-
Twenty brach offices, connected to the main site trough an ISP VPN over MPLS links - note: remote sites don’t access Internet directly, they’re routed to the main site to go to the web.
We are studying to place a backup network to the MPLS with Peplink. Our goal is to put a Peplink 1380 appliance in central site and one Peplink 380 appliance in each remote site so we can make site-to-site VPN using DSL links in the branch offices.
Reading the documentation, we considered the following schema:
-
On branch offices, WAN 1 gets MPLS link and WAN 2 the DSL link;
-
On main office, WAN 1 gets static external IP address and WAN 2 gets the MPLS VPN link.
-
Create the VPN S2S pairs in the main office with each one branch office and in each branch office with only the headquarters.
Our main questions:
-
Is our proposed design ok?
-
How to put the DSL links in branch offices in a backup setup - i.e., used only if MPLS VPN is down?
-
How to route all the Internet traffic from branch offices to main office? Is it possible to use Peplink balancing rules inside de VPN Tunnel?
Thanks in advance!