Will Speedfusion work for me?


#1

I have had a Peplink Balance One for over a year now and currently use it to balance two 10mps DSL lines from Centurylink. These are the fastest connections available in my semi-remote New Mexican Village. I have a 20mbps connection thanks to the load balancing but I do get in situations from time to time that act like the visual illustrations of speedfusion: namely something gets stuck in one lane of internet traffic and everything behind it gets stuck in the traffic.

What I would like is speedfusion and I’m willing to acquire more equipment and add another connection or two from Centurylink (each connection has its own IP) etc. but the question is can I use it in my home/office? It requires two devices…do they have to be connected by internet? Could they instead be connected with a lan cable? It would seem more efficient and less latency inducing to NOT use a third internet connection to receive the bonded internet traffic from another two given that all equipment would be at my home.

Thanks much for suggestions…I’m obviously not at IT and may well not understand the speedfusion process correctly. I do know that bonding would be useful for stuck packets from time to time.


#2

Hi,
SpeedFusion will definitely help here in that one network session will then be able to use more bandwidth than is available on a single WAN link. To use SpeedFusion in your scenario what you need is a remote device that you can connect to over your existing (internet) connections which has a really fast internet connection. This is because the remote device acts as a remote gateway for you. When you request a download on your PC connected to the Balance One, that download is routed over the internet link of the remote device and is then sent via the SpeedFusion VPN to your Balance One in your location.


So in the example above, the Balance One has two WAN connections (1.1.1.1 and 2.2.2.2 both at 10Mbps) but when you browse the internet the sites will see your traffic coming from the WAN of the remote device (3.3.3.3 on 100Mbps Fiber internet link) because all of your internet access is being passed over SpeedFusion VPN.

I would suggest then that you look to host a Fusionhub virtual appliance in the public cloud. Fusionhub acts as a SpeedFusion VPN concentrator and is designed for exactly this kind of deployment. You could host it in Amazon Web Services, or on nearly any cloud hosting service that allows custom images and has great internet connection speeds.

Hope that helps.

Martin


#3

Many thanks for the pointer. Looking into it and planning to give it a try.


#4

I tried Amazon AWS using the guildlines in the FusionHub set up as described in the manual and was hacked into by an apparent BitCoin miner who ran up a $1700 bill in less than 12 hours. Not the best experience with FusionHub deployment. Unfortunately hack occurred before I was able to see how FusionHub worked. Now Amazon AWS account is locked while they are running forensics on the hack job.


#5

Thats terrible! It sounds like your Amazon account was likely hacked to be able to run a BitCoin mining vm. I found a blog article here about a similar situation. http://zacharybears.com/amazon-aws-account-hacking-and-how-to-avoid-it/

No doubt you have already reported it, but if not here is the link to the abuse team https://aws.amazon.com/forms/report-abuse

If you work out how it happened please let us know here or directly to me via a Private Message so we can update any advise we might give relating to preventing potential abuse/hacking AWS as part of our FusionHub installation guide.

Kindest,
Martin


#6

I’ve no idea how the hacker gained entrance into my AWS account. I will consider it a failed experiment, not to be repeated, until AWS determines the mode of entry and tells me about it.

Yes I have contacted AWS and they are communicating with me. The account is locked for now. I’ll let you know when I find out more. At the moment, as above, I’m completely scared off of FusionHub. The main reason is that AWS REQUIRES your credit card and bills your credit card when you go over use limits of a free account. Sure they give you the ability to set an alarm, but all the hacker’s use of my account occurred in the wee hours of the night when an email alarm would do no good at all. I have suggested to them that users should be able to set absolute limits after which their account would be locked. For now I view use of AWS as wise as lending my Visa Card and its Pin number to a Heroin addict.

If there is a web service that only handles FusionHub, monitors the security, and only allows FusionHub to run I might look at FusionHub again. At the moment, however, Peplink Load Balance only for me…


#7

First off, I’m happy to say AWS Amazon is going to not bill me the $1700+. But they say it will be a one time exception. So…I really don’t want this to happen again. Unfortunately their feedback is very patchy and, as they are undoubtedly handling 1000s of cases, the responses and messages all seem pretty much cut and paste things…like they have folks gain unauthorized use of accounts all the time and run up $1000s of dollars of expense in an evening…possibly for bitcoins.

Ok, so is there a WAY FORWARD with FusionHub that doesn’t leave me open to exceptional expenses in a very short duration of time? I think there may be, with something like a ShopSafe computer generated Visa Card number from Bank of America, you can make a perfectly viable Visa Card that is good for 12 months and has a credit limit of $1.00. So, assumedly as soon as that credit limit is reached AWS might shut down the account, I don’t know yet. This may work for covering financial security when using AWS.

On the other hand, could a hacker get into AWS and then manipulate FusionHub to intercept everything going in and everything going out with the node being the AWS instance in which the FusionHub was made? I don’t know…but I’d appreciate some thoughts on the degree of exposure/security here.

Until AWS gets back with information to me on how someone gained access to my account I certainly will not run an instance of FusionHub on AWS… I need to know where the security breach occurred.

All this makes me think it would be great if Peplink had their own servers dedicated only for FusionHub with security tailored specifically for FusionHub.

Thanks


#8

From my reading it does seem that this is a big challenge with the way AWS billing works, as you have discovered it seems it is very difficult (if not impossible) to put in hard billing limits, and if your AWS account is hacked by suspected bitcoin miners then that activity (multiple vms, multiple cores, masses of ram) can burn through credit fast. Officially we support AWS, Vmware and Citrix Xenserver as the FusionHub Hypervisor. My suggestion would be to find a vmware hosting provider that bills on a pay as you go basis where you can set limits on your spending.

I tested Fusionhub a long time ago on http://www.stratogen.net/ and it worked great but can’t remember the billing options they had - it might be worth setting up a free trial with them to see what the options are.

I would also encourage our community here to share where they are hosting their FusionHubs to give you some more suggestions.


#9

As you noted “Officially we support AWS, Vmware and Citrix Xenserver as the FusionHub Hypervisor.” Of these three,only VMWare explicitly has a “Pay-as-you-go” plan. Not sure how to get FusionHub onto one of their accounts. Like AWS you can set up a plan for free. If I set up such a plan with them will Peplink then put a private image up on VMWare so I can test it out (free trial) or with this Hypervisor, would I need to buy FusionHub first? I’d really like to try it first to see how it works and see if it solves what looks like a few slow packets making an entire socket slow down.


#10

Hello,

We do offer a evaluation license of FusionHub that will work. You will just need to create a account on our cloud based management site InControl2.Peplink.com

Then just follow the guide below and it will go through the setup steps as point our where to create a free evaluation license.

http://www.peplink.com/support/downloads/fusionhub-binary-installation-guide/


#11

Stratogen has a 7day trial. You can generate your own trial Fusionhub license (2 Peers 50Mbps throughput) in InControl to test it. IN the Fusionhub download package you will find a OVA file which is a vmware packaged file format that can be uploaded to stratogen.

If I get a moment this week I’ll put together a video showing how install Fusionhub on Stratogen to act as a guide.

Martin


#12

As promised, I have just made a quick video walkthrough showing how to install FusionHub on Stratogen.net. Here is the link https://www.youtube.com/watch?v=DdX7PoRp1U0

I forgot to mention in the video that Stratogen.net uses the vmware client plugin (5.5), you will need to use Firefox as your browser when interacting with their control panel to run this effectively.

Although I have not yet had the need to use Stratogen myself in a production environment I have been impressed so far by the responsiveness of their support team and the proactive nature of their sales guys.


#13

Glad to say I have FusionHub up and running on AWS. I have used a SafePass generated Visa Card from Bank of America to create a bit of a financial firewall. It has a 12 month duration and a credit limit of $1.00.

One thing I’m unclear on in your diagram is whether or not I need to create an IPsec VPN between the AWS FusionHube and my Balance One in addition to establishing a PepVPN with SpeedFusion

A second question I have regards cost of deploying this system after the initial Free Trials.

It appears as if I will need to purchase:

FusionHub for a web server
SpeedFusion for my BalanceOne
and maybe, since my Balance One is out of warranty, an extended warranty so In Control will be active (I’m not clear on whether or not one MUST have In Control activated in order to use FusionHub with SpeedFusion.

Thanks much for the help. I enjoyed your YouTube presentation https://www.youtube.com/watch?v=d8PJ8Hz5EJs


#14

Hello,

No you will not need to create a IPsec VPN between FusionHub and your Balance.

You will need to purchase a Full FusionHub license after the trail ends.

On current firmware for the Balance you can connect to FusionHub using PepVPN rather then SpeedFusion. The main difference between the two is that PePVPN will not bond the WAN connections of the Balance One as you will only have one active WAN link apart of the PePVPN tunnel. Should the link go down it will fail-over to the other available WAN links in sequence (you can prioritize the order).

Otherwise if you need bonding you would have to purchase a SF license for the Balance One.

You will still be able to connect and use the VPN whether or not the units are in warranty. To manage them from IC2 however, they will need to be in warranty.


#15

I do like the FusionHub and SpeedFusion. Currently thinking about buying a Balance 580. A bit of a heavy weight for maybe 4 ADSL 10 mbps connections but, I do like a responsive internet.


#16

Wondering about what is possible. Would it be possible if one had 4 WANs to have then 4 FusionHub Virtual Appliances, each acting as a remote gateway, and then balance them at the level of a Balance 580? If so, would one need 4 FusionHub Licenses?


#17

Hi,
There would be no benefit to having 4 Fusionhubs for 4 WAN connections in a 1:1 relationship - that would have the same result as just load balancing using a single Balance router. To benefit from SpeedFusion Bonding you need to go 4:1 (Balance:Fusionhub) with the Fusionhub hosted at a location with an internet connection that is faster than the sum of the bandwidth on the 4 WANs.


#18

Hi Pecos Doc,

Don’t forget to factor in another $2,000 for the FusionHub Pro license, if you want to get the most from your 4 x 10 Mbps connections!

The Essentials license ($499) only gets you 25 Mbps.

Good luck with it all. I just ordered my first Peplink machine (310) and it’s being delivered on Monday. Can’t wait!

Edward


#19

Hi Martin

Many thanks for the video - extremely helpful. I’ve just been in touch to see if StratoGen would be suitable for me (I live in Thailand), and it turns out they have a data centre in Singapore, so it seems perfect. AWS sounds like a rather worrying option now.

If only Peplink actually offered a 2 peer / 50 Mbps license for all the Balance 310 and up owners (310 supports up to 50 Mbps SpeedFusion) who bought them for personal / small business use, to follow on from the StratoGen trial! One can but hope…

Thanks again, Edward