Topology assistance required


#1

We currently have two sites in our organisation which we have connected via a Microwave RADIO Link at 100Mb

I am trying to add some redundancy in the event the link was to fail

I was hoping to use an IPSec Site to Site tunnel between two sets of Peplinks in HA Active/Passive using SpeedFusion to aggregate some internet connections

Then I would like to use a dynamic routing protocol (such as OSPF) to weight my RADIO link as a higher priority and therefore used unless it fails, then cutover to the IPSec tunnel.

Is this possible?

I have put together a basic diagram to try and make it clearer.

  1. Does Peplink support OSPF or other Dynamic Routing?

  2. Is there a better way to achive this?

  3. Additionally, when Peplinks are in HA should you be using NAT (and therefore double NAT from the modem) or can you use PPPoE (obviously there will be a lost connection in the event of HA failure until the other unit re-established the connection

  4. Ignore the random person out to the right in the diagram, not sure what happened there :slight_smile:

Thanks in advance.


#2

StylusPilot,

If the radio link has an ethernet hand-off you could move it to the 3rd “WAN” connection of the Balance,then define “Outbound Policy” to route traffic accordingly. you can define the radio link “3rd WAN” to be a failover connection. If redundancy between sites is the goal, i would suggest maybe using the Speedfusion VPN with all 3 links between sites. if you do not want to use the radio link unless the other 2 failed, you could set the “WAN Connection Priority” of the radio link in the Speedfusion profile to a lower priority, that way the tunnel will still build over all links, but will only use the radio for S2S VPN if the other 2 failed. Thoughts and comments welcome, this was an initial thought looking at your config


#3

Thank you for the info.

I’m actually trying to achieve the opposite, and by that I mean the Radio link is the primary, for us it’s not only quicker, but free for unlimited data.

So my goal is to have all data destined for the secondary site to go across the Radio link, unless the Radio link is down, and thereby fail over to a speedfusion connection which is a bundle of several adsl connections.

This was why I was initially thinking OSPF but if there is another way to achieve this I’m all for it.

as an example lets say

Site 1 has a CIDR of 172.16.0.0/16

Site 2 has a CIDR or 172.17.0.0/16

I would set the Peplink as the gateway for our existing Router/Firewall on both sites so anything destined for another site (or the internet) would hit the peplink

Then I want the Peplink to be able to make a routing decision based on shortest (and fastest path) to be via the radio link, unless the Radio is down, thereby go over the SpeedFusion/Site to Site connection to reach the subnet required.

However I don’t want this to affect the Peplink’s other role as an internet access (load balancing) device.

As the internet is not accessible across the Radio link (internal only) I wasn’t sure how to treat the Radio link as its not a WAN connection as such.

Is it possible and whats the best way to configure this?


#4

StylusPilot,

If you would like to talk more in detail, feel free to contact me. We can even setup a Web meeting so you can see easy it would be to setup these rules for what you want to accomplish. If you are routing traffic destined for your remote location to the peplink, once it is there we can create an outbound policy that would use only the radio link, but in the event of the radio link failing, it would then route traffic over the speedfusion.