Peplink Certified Engineer Training Program

(1)

Training Materials

All rights reserved. No part of this manual may be reproduced, transcribed, stored in a retrieval system, translated into any language or computer language or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the copyright owner.

The copyright owner gives no warranties and makes no representations about the contents of this manual and specifically disclaims any implied warranties or merchantability or fitness for any purpose.

(2)

The copyright owner reserves the right to revise this manual and to make changes from time to time in its contents without notifying any person of such revisions or changes.

(3)

Course Agenda

Module 1: Understanding Multi-WAN and SpeedFusion

Brief description of Peplink/Pepwave’s most important technologies

Module 2: Peplink and Pepwave Products Overview

Introduction of Peplink and Pepwave products.

Module 3: Balance and MAX Routers

Exploring different configuration scenarios with Balance and MAX

routers.

Module 4: Wireless Access Point

In-depth configuration guide for Wireless Access Points.

Module 5: Surf Series

Explanation and setup instructions for the Surf Series.

Peplink Balance Series Enterprise-class Multi-WAN Router

(4)

In this chapter, we will focus on how SpeedFusion functions, it’s

distinguishing features/benefits, and it’s implementation scenarios.

(5)

Course Agenda

Module 1: Understanding Multi-WAN and SpeedFusion

Brief description of Peplink/Pepwave’s most important technologies

Module 2: Peplink and Pepwave Products Overview

Introduction of Peplink and Pepwave products.

Module 3: Balance and MAX Routers

Exploring different configuration scenarios with Balance and MAX

routers.

Module 4: Wireless Access Point

In-depth configuration guide for Wireless Access Points.

Module 5: Surf Series

Explanation and setup instructions for the Surf Series.

(6)

A well-designed VPN provides a business with the following benefits:

- Extended connectivity across multiple geographic locations without using

a leased line

- Improved security for exchanging data

- Ability for remote offices and employees to use business intranet over an

existing Internet connection as if they were directly connected to the

network

- Savings in time and expense for employees to commute if they work

from virtual workplaces

- Improved productivity for remote employees

Examples of VPN usage, accessing resources only available in HQ (File or

Print sharing), and some restricted internal applications require VPN to be

established.

(7)

Peplink’s Unbreakable VPN uses multiple WAN connections to keep VPNs up

and running when a connection fails. Powered by our patent-pending

SpeedFusion technology, Unbreakable VPN automatically and seamlessly

moves VPN sessions to standby WAN links when active links drop out. All this is

transparent to users, making all VoIP calls and video streams run flawlessly.

Your business continues, uninterrupted.

SpeedFusion VPN is useful for Public Transport, Video Streaming, Mobile

Command, Branch-to-HQ, and Rural Areas. It is applicable anywhere you need a

reliable VPN connections.

(8)

Introducing the World’s Easiest VPN

PepVPN is our core VPN engine. It is ideal for establishing a secure tunnel over

any WAN link. On top of all the benefits of IPsec and other conventional VPN

technologies, the PepVPN engine also offers:

Long-distance Ethernet cable − You can easily build a secure and seamless

Ethernet tunnel over any IP connection (Layer 2 over Layer 3). It virtually

provides a long-distance Ethernet cable over any WAN link.

Seamless transition − PepVPN and SpeedFusion share the same core VPN

engine, meaning that all your PepVPN and SpeedFusion-enabled devices will

work flawlessly together. It also allows you to easily upgrade a PepVPN endpoint

to SpeedFusion, taking advantage of the added benefits without worrying about

compatibility.

Works in any dynamic IP environment − PepVPN is fully compatible with any

dynamic IP environment and NAT, allowing you to establish a VPN behind a NAT

gateway or firewall without worrying about static IP addresses.

This technology can be applied to SOHO and Mobile Office; any environment that

(9)

requires reliable connectivity, without using multiple low cost Internet links for their

business operations via VPN. Even if you have one encrypted peer and another

not encrypted, PepVPN will still create an encrypted tunnel. As PepVPN is easy to

setup, hence no technical assistance needed on-site.

(10)

SpeedFusion Hot Failover − Unbreakable VoIP and VPN

SpeedFusion Hot Failover is a premium add-on that manages multiple redundant

connections to keep VPNs and VoIP deployments up and running at all times.

Easy setup − Just add connections, you can even mix wired and wireless

technologies.

Unbreakable VoIP and VPN − With other VPN technologies, WAN failover

terminates existing VPN connections, creating costly downtime. SpeedFusion Hot

Failover prevents this by maintaining secure tunnels over all available WAN links.

In case of a WAN failure, SpeedFusion Hot Failover will instantly and seamlessly

switch traffic to another available tunnel. This creates unbreakable VPNs and

VoIP sessions.

For scenarios that require uninterruptable connections (like Mobile Command,

POS, ATM, and VoIP deployments), SpeedFusion Hot Failover provides an

always-on VPN link that helps these application run smoothly. The

“make-before-break” mechanism built-into SpeedFusion Hot Failover VPN. This provides a

transparent switch-over: if there is any link failover or link recovery, the user will

not notice any interruptions. This cannot be accomplished with any other VPN

solution in the market.

(11)

SpeedFusion Bonding − Packet-Level Bandwidth Bonding.

Working hand-in-hand with Hot Failover and PepVPN, SpeedFusion Bonding

builds a fat tunnel using all your connections, giving you blazing throughput

whenever you need it.

Multi-WAN bandwidth bonding − SpeedFusion Bonding combines multiple links

from multiple providers into a single, superfast tunnel.

VPN Bonding – SpeedFusion Bonding can create high speed VPNs by bonding

multiple WAN links together.

Unbreakable

Session

Hot

Failover

−

SpeedFusion

Bonding

monitors

connections and automatically turns control over to Hot Failover when links

become unstable.

Packet Level Bandwidth bonding – The packets of your session are distributed

across all your available links.

Layer 2 Tunneling – SpeedFusion operates on Layer 2, bonding your available

links at the data link layer.

(12)

Easy, on-demand scalability − Need more speed for mission-critical VPNs? How

about temporary bandwidth for a specific projects? With SpeedFusion Bonding,

you can plug in connections from any provider and get more speed, whenever

you need it.

Instant Bandwidth Control – And you can unplug connections at any time,

keeping your costs under control.

HQ-to-Branch, on the field news Video Streaming, High Speed Public Transport

(eg. train): all of these applications need high bandwidth and reliable links to push

high volumes of data back to their HQ/Media Center/Control Center for

processing. SpeedFusion Bonding is able to combine multiple Internet lines into

one logical big pipe to carry the information over.

(13)

This table compares the features of IPSec, PepVPN, SpeedFusion Hot Failover

and SpeedFusion Bonding

(14)

We will now explore the application of SpeedFusion, with various case studies.

1) MPLS Replacement

2) Branch Network Connection

3) SpeedFusion 3G/4G Bonding

4) Video Transmission in the Air

5) Data Transmission over Water

6) Replace Expensive Satellite Connection

7) Mission Critical Video Surveillance

8) 100% Uptime for First Responders

9) Money Saving on Branch Network Connections

10) Flawless Connections in Remote Areas

(15)

(16)

(17)

(18)

(19)

(20)

(21)

(22)

(23)

(24)

Peplink is the leader in Internet load balancing and VPN bonding

solutions. Peplink Balance Multi-WAN Routers have been deployed around

the world, helping thousands of customers increase their bandwidth,

enhance their internet reliability, and reduce their costs. Our complete

product line accommodates business of all sizes, providing an award

winning Internet experience for customers.

Pepwave is the proven market leader in delivering specialized wireless

solutions for industrial networking services, wireless mobility services,

internet service providers, and professional hotspot providers. As an

innovator in wireless technology solutions, Pepwave operates in global

cooperation with distributors, system integrators, ODM partners, and

strategic allies.

(25)

Course Agenda

• Module 2: Peplink and Pepwave Products Overview

Introduce Peplink and Pepwave product suite.

(26)

We offer five major categories of products:

1. Multi WAN Router 2. Cellular Router

3. Enterprise Access Point 4. Carrier Grade Access Point 5. SOHO Router

6. Router Utility

Peplink and Pepwave solutions cover different market segments, ranging

from SOHO, Mobile Office, Small Office, Branch Office, Regional Office,

and HQ-level Data Centers.

(27)

Target Market Segments for Balance Products

1) Power User and Home User

- Balance 20 & 30

- 2 to 3 WAN interfaces, with 1 USB for Mobile Internet dongle - 25 max users recommended

2) Small Business

- Balance 210 & 310

- 2 to 3 WAN interfaces, with 1 USB for Mobile Internet dongle - 50 max users recommended

- Comes with SpeedFusion Bonding, up to 2 SpeedFusion peers max

3) Mid-Size Business

- Balance 305, 380 & 580 - 19” Rack mount form factor

- Recommend up to 500 users max for 305 & 380, while 580 can support up to 1,000 users max

- Model 305 (with separate license) & 380 support 20 SF peers max, while 580 support 50 SF peers max

- Default can act as WLAN Controller, support 10 Access Points default

- Can manage up to 50 (Model 305 & 380), and 100 (Model 580) AP with separate license purchased

4) Large Enterprise

- Balance 710 & 1350

(28)

- 19” Rack mount form factor

- 710 can support 2,000 users max while 1350 can support up to 5,000 users max - Model 710 support 300 SF peers max, while 1350 support 800 SF peers max - Default can act as WLAN Controller, support 20 Access Points by default

- Can manage up to 250 (Model 710), and 500 (Model 1350) AP with separate license purchased

(29)

A. Internet Load Balancing

By balancing Internet traffic over active links, Peplink Balance gives you extra reliability. Peplink gives you seven Load Balancing Algorithms to fine-tune your network traffic. The following types of Outbound Traffic Rules are available:

• Weighted Balance • Persistence • Enforced • Priority • Overflow • Least Used • Lowest Latency

B. Inbound Load Balancing

Inbound Load Balancing distributes inbound data traffic over multiple WAN links to computers behind Peplink Balance. Peplink Balance 210, 310, 380, 390, 580, 710, and 1350 have a built-in DNS server that enables this functionality.

Authoritative DNS functionality is not available on Peplink Balance 20 and 30. Inbound Load Balancing is configured via both of the following:

• DNS records configured within Peplink Balance • External DNS records at an Authoritative DNS Server

(30)

Site-to-Site VPN Bonding in Mesh Scenario

All offices are connected to each other

Highly reliable network with bonded links and encrypted traffic Communication between offices has never been faster

All offices deployed with Balance 380 model

(31)

Site-to-Site VPN Bonding in Star Scenario

Headquarters serve as central site

Bonded VPN for reliable and uninterrupted VPN services

Fast and convenient way to securely transfer data to transaction server HQ installed with Balance 1350

Supermarket POS deployed Balance 380

ATM in Subway station equipped with Balance 210 Shopping Mall POS will need Balance 310

ATM in branch can installed with MAX Mobile Router

(32)

For existing Balance customers who wish to implement a WLAN solution, Peplink

can help save significant money and effort. From the model 305, 580 and

onwards, the Balance comes with built-in AP management. This makes deploying

Pepwave AP much easier and affordable.

In this example, the Balance Multi-WAN router can serves three roles: it is a WAN

load balancer, a Wireless LAN Controller, and when needed, a site-to-site VPN

termination point as well.

(33)

Product Market Positioning

1) MAX On-The-Go

Comes with 3 SKUs:

- the lowest SKU connects a single USB modem

- the second SKU allows 4 USB modems with Hot Failover

- the highest SKU allows SpeedFusion Bonding in addition to the 4 USB modems. - This product is good for mobile offices that reside in rural areas without access to cable internet

2) MAX BR1

- Rugged metal case is suitable for industrial-grade usage - Comes with 2 SKU, 3G WAN and 4G-LTE modems built-in

- Supports a redundant SIM with dual SIM slots, providing failover functionality between them.*

- Built with terminal block for reliable power sourcing, and a rugged 10V-32V DC power supply to be deploy in mobile vehicle

- Ideal for mobile command, high speed public transport, and harsh environment deployment

- Advanced Car-Fi Roaming + IPsec X.509 Certificate Support (only available for BR1 as add-on feature)

(34)

3) MAX 700

- Rugged metal case is suitable for industrial-grade usage - Support up to 7 WAN links (2 Wired, 4 USB, 1 WiFi)

- Ideal for on-the-field media streaming and live broadcasting deployment, that require bigger bandwidth

4) MAX HD2

- Rugged metal case is suitable for industrial-grade usage - Come with 2 variants, built-in 3G and built in 4G-LTE modems - Supports up to 6 WAN links (2 Wired, 2 Cellurar, 1 USB, 1 WiFi)

- Ideal for on-the-field media streaming and live broadcasting deployment, that require a bigger bandwidth

- If GPS enabled, both (or any one of its) SMA antenna ports can be use to locate GPS signal and position

5) MAX HD2 IP67

- IP67 waterproof enclosure ideal for outdoor applications

- 2x embedded cellular modems, each with redundant SIM slots, securely installed inside the unit

- Come with 2 variants, 3G and 4G-LTE modems built-in, with options of Verizon and AT&T, AT&T/Telcel/Rogers, and Worldwide carrier

- Using 10V-30V DC power supply

- Ideal for machine-to-machine communication, surveillance, military and other mission-critical applications outdoor, the MAX HD2 IP67 is as comfortable on a construction site, oil platform, disaster scene, or factory floor as it is on a battlefield

MAX Routers power redundancy

For models which come with dual power sources (DC Jack & Terminal Block), it serves as input power redundancy. If any of the power source is interrupted while the other is active, the MAX router will continue to operate without being affected by the power disruption. *Please note that redundant SIM does not equal two cellular modems. That is, only one SIM can be active at any time; you will not be able to get better throughput or load balancing by filling both SIM slots.

(35)

MAX Router Deployment Scenarios

SpeedFusion Bonding (on MAX HD2)

- Deploy multiple low cost 3G connections

- Save money, enjoy higher bandwidth, avoid dead spots

- Seamless failover ensures reliable video stream from mobile sites to HQ

Hot Failover (MAX BR1 or HD2)

- Everywhere LTE

- Ensures optimal performance by choosing the carrier with the best signal - Saves money by using only one carrier at a time

-Hot failover ensure flawless video stream from mobile sites to HQ

GPS Fleet Tracking (MAX BR1 or HD2)

- Homeland security

- Monitor and coordinate fleet vehicles wherever they may be - Hot failover ensure flawless video stream from mobile sites to HQ

(36)

Features At A Glance

Network

- Bridge Mode, Router (NAT) Mode, Wireless Distribution System (WDS), Support for PPPoE, Static IP, DHCP, Management VLAN (802.1p), Spanning Tree Protocol (802.1d) - Support up to 16 Wireless Network SSIDs configured, and it can broadcast up to 4 SSIDs concurrently

Client Management

Per SSID

VLAN with QoS (802.1p/802.1q), Bandwidth Control, MAC Address Filtering, Layer 2 Client Isolation, Limit on Max. Number of Client

Per Client

VLAN with RADIUS, VLAN with VLAN Pool, Bandwidth Control, Multicast Filter, IGMP Snooping/Multicast Enhancement

AP Security

Open, WEP, 802.1x with Dynamic WEP, WPA-PSK/RADIUS, WPA2-PSK/RADIUS

Complete VPN Solution

PepVPN, Site-to-Site VPN, 256-bit AES Encryption, Pre-shared Key Authentication, Dynamic Routing

(37)

Captive Portal

Device Management

Web Administrative Interface, InControl Cloud Management, Peplink Balance WLAN Controller, SNMP v1, v2c and v3

(38)

Pepwave AP One access points offer fast, affordable, and dependable wireless

networking without administration headaches. Ready for anything and built to go

anywhere, AP One access points deliver enterprise-grade Wi-Fi that drops in

quickly and immediately gets to work -- so you can get back to your work.

Minimize Wi-Fi management hassles with the AP One series and the Peplink

Balance with WLAN Controller. Fully integrated with the Peplink Balance, our

WLAN Controller makes it easy to configure, manage, update, and report on up

to 500 AP One devices from a single intuitive interface. Prefer the flexibility of

cloud-based administration? Our InControl remote management system gives

you complete control over every device on your network and in-depth reporting

with just a few clicks, all from a simple, yet powerful, web-based tool that’s

available anywhere you have online access and a supported browser.

(39)

Here are four different deployment scenarios for the AP One wireless solution.

Professional Hotspots – coupled with Balance WLAN Controller (or InControl

cloud management) feature, the AP One and AP One X can be deployed

effectively as a professional hotspot solution. No expensive controllers required.

Wireless Mobility – Pepwave wireless solutions make wireless application in

high speed environments a budget friendly reality.

Service Provider Wi-Fi – the AP One can help you deploy a carrier grade

wireless solution, install many for citywide Wi-Fi CPEs. The range of these

devices leads the industry.

Industrial Networking – AP One series allow the IP devices stay connected

wirelessly over long distances. It provides reliable wireless for data devices.

(40)

Highlights of Flex AP Features

• World’s First AP with Software Selectable, Embedded Directional and

Omni Antennas

• Power up to two Devices from a Single Source

• Central Management, Anytime, Anywhere

• Reliability in Extreme Environments

• Connect Worldwide without External Modems

(41)

Flex AP –Operating Mode and Antenna

• Flex AP can operate in Routing or Bridge mode

• Flex AP built-in with 2x2 MIMO 802.11n,

switchable omni- or uni-directional

WiFi antenna

• For 3G and Dual 3G, it comes with a cellular antenna,

as for LTE models,

2 antennas needed to operate

• It can operate up to 4 antennas simultaneously on the Dual 3G model, to allow

maximum signal coverage and bandwidth

(42)

The Pepwave Surf SOHO is a professional-grade Wi-Fi router designed for home

office, small business, and power users. With its support for 4G LTE/3G, cable,

DSL, and other broadband connections, the Surf SOHO makes it possible to

deploy fast and secure 802.11abgn Wi-Fi hotspots anywhere.

The Surf SOHO also features built-in a long-range antenna, optional external

antennas, business-class VPN, cellular usage monitoring, and URL blocking. This

makes it an ideal networking solution for a wide range of mobile and office uses.

(43)

Unlimited Wi-Fi. Anytime, Anywhere Connectivity for Every Device.

Pepwave Surf combines enterprise-level performance and features with outstanding durability and versatility. The Surf Pro, our carrier-grade outdoor client solution, is ruggedized and features a high-gain, extended-range antenna, making it ideal for video surveillance, traffic signal control, meter reading, and other outdoor applications.

For indoor wired/wireless connectivity, there's our Surf On-The-Go, the ultimate travel router. The Surf On-The-Go's Wi-Fi radio lets you connect an unlimited number of wireless devices at once. Built-in Ethernet port ensures that no printer, scanner, or other wired device gets left behind, and multiple connection profiles make device management a snap.

4 Operating Modes

• 4G/3G USB Wi-Fi Router

• Cable / DSL / Ethernet Wi-Fi Router • Wi-Fi Repeater

• Wi-Fi Adapter for Wired Devices

3 WAN Modes

• WiFi WAN

• USB Cellular WAN • Wired WAN

(44)

True Enterprise AP. Powerful, Affordable, Elegantly Simple.

Pepwave AP One access points sets up quickly and deliver fast, affordable, and reliable enterprise networking without administration headaches. TruePower RF Technology eliminates dead spots and provides wider signal coverage with less equipment and maintenance. Secure Captive Portals reinforce your brand and ensure the best possible online experience for employees and visitors alike.

Management is easy, too: just add a Peplink Balance router and use the Balance's integrated WLAN Controller to manage up to 500 indoor (AP One/AP One 300M) and outdoor (AP One X) access points from a single intuitive interface. With this powerful combo, you get instant access to all devices across your headquarters, district offices, and branches.

Industrial-Grade Reliability. Unmatched Peace-of-Mind.

No matter what your industry, Pepwave offers a durable, rock-solid networking solution to help you get the job done. Ruggedized and certified for harsh environments, the MAX series handles temperatures of -40 to 65°C and resists shock and vibration on factory floors, remote job sites, and anywhere you need tough, ready-for-anything connectivity. Add the compact and capable outdoor Flex AP to stay connected at all times with built-in high-gain Wi-Fi antenna, embedded 3G/4G LTE, and dual Ethernet ports. Stepping up to the AP Pro, will offer enhanced signal coverage, extreme environment tolerance, and lightning/surge protection.

(45)

Complete WAN, VPN and Wireless Integration

This deployment scenario illustrates how Peplink MAX routers, AP One and Flex AP work together to enable wired and wireless connectivity in reliable and cost effective way. Adding the Balance will also provide robust and high bandwidth VPN connectivity to the wireless mobility devices. In addition, the AP One access point can be managed centrally either through the WLAN Controller built-into the Balance, or the InControl cloud

(46)

Router Utility - Peplink Mobile Application

The RU (Router Utility) helps to monitor and control all your Balance and MAX routers* from any iOS or Android device. It is ready when you are, wherever you are, the Router Utility app gives you instant insight into device status, events, bandwidth usage, and more. With full support for push notifications, you’ll know immediately whenever there’s an important status change or performance issue, helping you to keep small glitches from becoming major problems.

Keep Traffic Moving with Anywhere, Anytime Green Light Checks.

Check the status of all your Balance and MAX routers with the Router Utility’s dashboard and traffic light indicators. With just a quick glance, you get the peace of mind of knowing that your network’s healthy. And if there is a problem, it’s easy to drill down and inspect SpeedFusion VPN parameters, bandwidth statistics, CPU load, and more from any iOS or Android device.

Monitor and Control from the Palm of Your Hand.

Check Device Status - Monitor WAN Status, External IP Addresses, and SpeedFusion

VPN Links.

Inspect Event Logs - Keep an eye on router event logs using any iOS or Android

device.

View Bandwidth Statistics - Get up-to-the minute insight on bandwidth usage and

throughput across your WAN.

Maximum Mobile Control at Your Fingertips.

Our Router Utility gives you new ways to monitor and control your MAX mobile router anywhere you can use your device.

See How You’re Connected - Just check the Router Utility’s dashboard on your device

(47)

to a Wi-Fi hotspot or change 4G LTE/3G connection priorities.

Automatic Cellular WAN Status and SpeedFusion Alerts - Keep tabs on cellular WAN

(48)

This module will examine different real life deployment scenarios, and

describe how to configure the routers to achieve the desired result.

(49)

Course Agenda

Module 3: Peplink Balance and MAX Routers Configurations

Study how Balance and MAX routers implement into the various deployment scenario, and explain the steps to configure these routers.

(50)

Physical hardware layout and control panel for Balance high-end model.

Below show some of the frequently used functions in Control Panel Navigation

(base on Balance 380 model):

HA State: Master/Slave > LAN IP

> VIP

System Status > System

-> Firmware ver. (shows firmware version) -> Serial number (shows serial number)

-> CPU load (shows current CPU loading, 0-100%) -> LAN

---> Status (shows LAN port physical status) ---> IP address (shows LAN IP address) ---> Subnet mask (shows LAN subnet mask)

> Link status (shows Connected/Disconnected, IP address list) -> WAN1

-> WAN2 -> WAN3 > Link usage

-> Throughput in (shows transfer rate in Kbps) --->WAN1

--->WAN2 --->WAN3

(51)

-> Throughput out (shows transfer rate in Kbps) ---> WAN1

---> WAN2 ---> WAN3 Maintenance

> Reboot > Reboot? (Yes/No) (to reboot the unit) > Reset Admin Password? (Yes/No)

> Factory default > Factory default? (Yes/No) (to restore factory defaults) > Remote Assistance

NOTE:

For model below 310, there is no feature to reset admin password through the Control Panel, it only available for models from 310 and above.

(52)

Out of the box, Peplink Balance come with below default settings:

• IP: 192.168.1.1/24 • Username: admin • Password: admin • LAN DHCP: Enabled • DHCP IP Range: 192.168.1.10 – 192.168.1.250

In diagram above, the switch is optional for console into Peplink Balance.

You can plug the UTP cable directly from PC/Notebook into Balance LAN

port for the same purpose.

(53)

After entering the parameters correctly, you will be able to login to the Wed

Admin page.

The Dashboard provides an overview of the condition on several key

parameters:

• WAN interfaces connectivity status • LAN interface connectivity status • System Uptime

• System CPU Load, in % • Device Throughput, in Mbps

(54)

In Status page, there are a few items to take note of: • Router Name • Model • Hardware Revision • Serial Number • Firmware

Diagnostic Report Download

• You can download a copy of the diagnostic report for your reference on the status page

Bandwidth Statistic Display

In status page, you can view the following information:

• Bandwidth usage on who consumed the most traffic • Top user running most number of sessions

• Which user is running active Bittorrent traffic

• Who is currently consuming most bandwidth on individual WAN.

(55)

Understanding Peplink Site-to-Site VPN

The proprietary Site-to-Site VPN of Peplink Balance (a.k.a VPN Bonding), is specifically designed for a multi-WAN environment. The Peplink Balance can aggregate the bandwidth of all WAN connections available for routing VPN traffic. Unless all the WAN connections of one site are down, the Peplink Balance can still keep the VPN up and running.

- Peplink Site-to-Site VPN encrypts traffic with the military-grade 256-bit AES algorithm. - Site-to-Site VPN is available with the Peplink Balance 210, 310, 380, 580, 710, and 1350.

- The Peplink Balance 380/580/710/1350 supports multiple Site-to-Site VPN connections among twenty or more locations, is designed for Headquarters/Regional Offices.

- The Peplink Balance 210/310 supports two Site-to-Site VPN connections; ideal for Branch Offices.

- Site-to-Site VPN connections can be established for all Dynamic IP/Static IP scenarios. Please refer to the Requirement section for more information.

Being able to establish multiple VPN connections provides variety and flexibility in deploying your network. You may choose to create a network in a Mesh or Star topology, or you may even combine the two setups to create a more complex network.

(56)

System Requirement for Site-to-Site VPN Configuration

When configuring a VPN connection, there are two aspects to consider: • Whether the WAN connection has a Dynamic IP or Static IP.

• Whether the Peplink Balance unit has Public IP or is behind NAT.

This creates four WAN possible types you use to establish the VPN connection. Peplink Balance supports all four types. However, to establish VPN connection using a Dynamic IP WAN connections, you have to configure at least one Dynamic DNS.

• WAN has Dynamic IP with Peplink Balance has Public IP. • WAN has Static IP with Peplink Balance has Public IP. • WAN has Dynamic IP with Peplink Balance is behind NAT. • WAN has Static IP with Peplink Balance is behind NAT.

The table above illustrates the system requirement for configuring Peplink Site-to-Site VPN connection.

For users who have placed a firewall in front of the Balance:

In Firmware 5.1.x, Peplink proprietary Site-to-Site VPN used TCP port 32015, IP Protocol 47 and IP Protocol 99 for establishing VPN connections. if you have a firewall in front of the Peplink Balance devices, you will need to add firewall rules for these ports and protocols. This will allow inbound and outbound traffic pass-through the firewall. Another point to note, if both sides of the SpeedFusion VPN having the same LAN subnet, it will prevent the SpeedFusion tunnel to establish, just like any other 3rd party VPN technologies.

(57)

SpeedFusion Configuration Guidelines

When configuring SpeedFusion VPN connection, there are few items to be aware:

• LAN Subnet – Avoid having same LAN subnet on either end of the SpeedFusion

tunnel, this will prevent the tunnel from establish a successful connection. Try to change either side of the LAN subnet to different IP Addresses. You can also consider putting a NAT device can be considered as well.

• WAN Connection Priority - You can specify the priority of the WAN connections to

be used in making VPN bonding connections. A Wan connection will never be used when OFF is selected. Only available WAN connections with the highest priority will be utilized. Grouping WAN with similar characteristics like latency, packet loss to same priority can help bonding performance.

• SpeedFusion Bonding Efficiency – To establish an reliable SpeedFusion Bonding

VPN, there are few parameters need to be considered, eg. good cellular signal strength, low latency WAN, low packet loss, and buffer bloat in ISP will help to build an effective bonding VPN tunnel.

• Cellular Bandwidth Availability – It is always good to subscribe to two different

ISP/carriers when you want to establish SpeedFusion 3G/4G Bonding with MAX router. Take for example, when all modems connect to same cell (RF tower), total bandwidth is limited by the cell tower backhaul's bandwidth. If the modems connect to different cells (RF tower) from different carriers, theoretically this can provide you the double bandwidth as compare to one ISP.

(58)

With our new three-tier structure, it’s never been easier to migrate to

SpeedFusion. Once you use it, you will see why customers around the

world have replaced IPsec and other conventional VPN technologies.

Note:

1

_{With other VPN technologies, WAN failover terminates existing VPN}

connections, creating costly downtime. SpeedFusion Hot Failover is

completely automatic and invisible, so you won’t miss a beat when

switching between connections.

(59)

Possibly the World’s Easiest VPN.

PepVPN is our core VPN engine. It is ideal for establishing a secure tunnel

over any WAN link. On top of all the benefits of IPsec and other

conventional VPN technologies, the PepVPN engine also offers:

Long-distance Ethernet cable − With PepVPN, you can build secure and

seamless Ethernet tunnel over any IP connection (Layer 2 over Layer 3). It

virtually provides a long-distance Ethernet cable over any WAN link.

Seamless transition − PepVPN and SpeedFusion share the same core

VPN engine. It means all your PepVPN and SpeedFusion devices will work

flawlessly together. It also allows you easily upgrade a PepVPN endpoint

to SpeedFusion, taking advantage of the added benefits without having to

worry about compatibility.

Works in any dynamic IP environment − PepVPN is fully compatible

with any dynamic IP environment and NAT, allowing you to establish a

VPN behind a NAT gateway or firewall without worrying about static IP

addresses.

Requirement:

The portrayed scenario shows a typical remote-to-HQ VPN connection, where Peplink Balance Series Enterprise-class Multi-WAN Router

(60)

SpeedFusion PepVPN allows site-to-site VPN connections with auto-failover capability. WiFi WAN is primary link for the VPN, when WiFi WAN down, WAN 5 (Wired WAN) will take-over the VPN connection automatically. Users are transparent to this changes.

(61)

To create a SpeedFusion VPN tunnel, follow the steps below:

1) Go To Network > SpeedFusion, a SpeedFusion window appear to ask for Local ID, if this is the first time creating SpeedFusion VPN.

2) Enter a Local ID, the remote VPN peer will use this ID to identify this unit during VPN establishment.

3) Click Save button, then will click on the New Profile button to proceed. Above steps apply to both remote and HQ Balance router configurations.

(62)

Above shown the VPN profiles at both HQ and Remote sites.

HQ VPN Profile

1) At the VPN Profile window, enter a meaningful word for the Name, this name should be same for both sides, eg. MY-MOTG.

2) For the Remote ID, enter the SpeedFusion ID of the Balance at the opposite side. 3) At the WAN Connection Priority window, choose the WAN links that should be

included in the SpeedFusion VPN tunnel, in this case WAN 1 & 2 are bond together. 4) Save and apply the changes.

Remote Site VPN Profile

1) At the VPN Profile window, enter a meaningful word for the Name, this name should be same for both sides, eg. MY-MOTG.

2) For the Remote ID, enter the SpeedFusion ID of the Balance at the opposite side. 3) For remote site, you need to enter at least one Public IP (or DNS/DDNS) of the HQ

router WAN link, if HQ has multiple WAN links with static Public IP, you can key in all the IPs.

4) Choose the WAN links that should be include in the PepVPN tunnel. Since this is PepVPN, so it only support normal failover. WiFi WAN will set to Priority 1, while WAN 5 is Priority 2.

5) Save and apply the changes.

Note:

It is important to ensure the Remote ID correctly (either by router ID or Serial Number), otherwise the SpeedFusion tunnel will not able established. If you see the error message(s) similar to “"Refused connection made from unknown peer (foobar)" or "Refused connection made from unknown peer (XXXX-1234-ABCD)“, which indicate Peplink Balance Series Enterprise-class Multi-WAN Router

(63)

If the Encryption is accidentally turn-off in one of the router, the VPN tunnel will still be encrypted in both directions, as the other router will trigger to turn on the encryption on both end.

(64)

Once the VPN profile has been created on both sides, and if the WAN links are

up, the routers will automatically initiate the VPN connection. If all the parameters

are correct, it will take only few minutes.

As shown in the screenshots, at the Dashboard page, the status of the VPN

connection will change to “Established”, indicating a successful VPN connection.

(65)

To verify which links are participating in the VPN connection, you can click on the

Status button in the SpeedFusion or PepVPN section as shown in the screen

capture.

It also lists the network(s) learned from other sides, via the built-in routing

protocol. HQ will see the 192.168.0.0/24 network from Remote router, and

Remote will learn 10.0.0.0/8 network from the HQ side.

In our screencaps, the HQ side router is using WAN 1 for the VPN connection,

while the remote site is using WiFi WAN as VPN link.

(66)

To ensure the end-to-end connectivity is up, a PING test to the other side host

(LAN IP) should receive a response as shown above.

Ping Test:

1) HQ side ping to Remote LAN IP: 192.168.0.11 • Passed or Failed

2) Remote side ping to HQ LAN IP: 10.0.0.10 • Passed or Failed

(67)

With PepVPN, the failover process is carried out automatically.

Failover Test:

1) Unplug WAN 1 at HQ, and/or

2) Disconnect the WiFi WAN at Remote 3) Observe the changes to the routers

Failover Test Result:

1) HQ side WAN 2 will take over, maintaining the VPN connectivity 2) Remote site WAN 5 will resume the VPN link

Ping Test:

(68)

SpeedFusion Hot Failover − Unbreakable VoIP and VPN.

SpeedFusion Hot Failover is a premium add-on that manages multiple redundant

connections to keep VPNs and VoIP deployments up and running at all times.

Easy setup − Just add connections, you can even mix wired and wireless links of

different WAN technologies.

Unbreakable VoIP and VPN − With other VPN technologies, WAN failover

terminates existing VPN connections, creating costly downtime. SpeedFusion Hot

Failover prevents this by maintaining secure tunnels over all available WAN links.

In case of a WAN failure, SpeedFusion Hot Failover will instantly and seamlessly

switch traffic to another available tunnel. This provides unbreakable VPNs and

VoIP sessions.

Requirement:

A customer with branch-to-HQ connections often run delay sensitive applications like VoIP, so it needs a fast failover VPN connectivity to ensure the VoIP session not interrupted if any of the WAN links break. The following set-up will fulfill this requirement: - A MAX BR1 installed at branch level with Wired and WiFi WAN,

- A Balance 380 deployed in HQ with 2 wired WAN (eg. Metro-e) with static Public IP assigned at each WAN link.

(69)

The user interface is same across the MAX router series. Assuming we are taking

the same HQ setup in previous example, the VPN profile creation process is the

same except the name changed to MY-MaxBR1. Here are the steps to creating a

VPN profile on the MAX BR1.

At the MAX BR1 router, go to Advanced > SpeedFusion to create the VPN

profile.

VPN Profile

1) At the VPN Profile window, enter a meaningful word for the Name, this name

should be same for both sides, eg. MY-MaxBR1.

2) For the Remote ID, enter the SpeedFusion ID of the Balance at the

opposite side.

3) For remote site, need to enter at least one Public IP (or DNS/DDNS) of the

HQ router WAN link, if HQ has multiple WAN links with static Public IP, you

can key in all the IPs.

4) The MAX BR1 WAN link supports Hot-Failover, so the SpeedFusion VPN will

follow the state of the WAN link in order to maintain the VPN link, (eg. if WAN

1 active and WAN 2 standby, the SpeedFusion VPN will use WAN 1 as

primary link to forward VPN traffic, while keep WAN 2 in hot standby mode).

5) Save and apply the changes.

(70)

Once the VPN profile is created on both sides, and if the WAN links are up, the

routers will start negotiating the VPN connection. If all the parameters correct, the

VPN will come up in minutes.

As shown in the screenshots, on the Dashboard page, the status of the VPN

connection will change to “Established”, indicating a successful VPN connection.

Failover Test:

1) Before starting the test, at the Remote site, launch the command prompt window and conduct a continuous ping to HQ LAN IP (10.0.0.10)

2) Unplug WAN 1 at Remote (MAX BR1) 3) Observe the changes at the routers

Failover Test Result:

1) Remote site WiFi WAN will resume the VPN link 2) Any timeout during failover? Yes or No

Ping Test:

(71)

The SpeedFusion Hot Failover recovery process should have no timeout.

Recovery Test:

2) Plug back the WAN 1 at Remote (MAX BR1) 3) Observe the changes at the routers

Recovery Test Result:

1) WAN 1 will resume the VPN link 2) Any timeout during failover? Yes or No

Ping Test:

(72)

To monitor the SpeedFusion Hot-Failover and recovery process, you can view the

SpeedFusion Status window.

1) Go to DashBoard, click on Status button at SpeedFusion section

2) Click on the blue triangle beside the MY-MaxBR1 to expand the statistic

3) Monitor the changes on the WAN status during the failover and fallback

(73)

SpeedFusion Bonding − Packet-Level Bandwidth Bonding.

Working hand-in-hand with Hot Failover and PepVPN, SpeedFusion Bonding

teams up all your connections to give you blazing throughput whenever you need

it.

Multi-provider bandwidth bonding − SpeedFusion Bonding combines multiple

links from multiple providers into a single, superfast tunnel.

Automatic Hot Failover handoff − SpeedFusion Bonding monitors connections

and automatically turns control over to Hot Failover when links become unstable.

Easy, on-demand scalability − Need more speed for mission-critical VPNs?

How about temporary bandwidth for a specific project? With SpeedFusion

Bonding, you can plug in connections from any provider and get more

bandwidth instantly. And you can unplug connections at any time, keeping your

connectivity costs under control.

Requirement

SpeedFusion VPN Bonding technology is particularly useful for customers with a higher volume of VPN traffic between sites. It assures that the VPN link is aggregated as bigger pipe, and same time provide the reliability.

In this example, we will install a Balance 310 at the branch level, while HQ maintains with Balance 380. We also configure the Balance 310 to Drop-In mode, assuming the branch has existing infrastructure setup.

(74)

We take the same HQ setup in previous example, the VPN profile creation process is the same except the name is changed to MYKL-VPN. Here are the steps to create VPN profile in MAX BR1.

At the branch router (Balance 310), go to Network > SpeedFusion to create the VPN profile.

VPN Profile

1) At the VPN Profile window, enter a meaningful word for the Name, this name should be same for both sides, eg. MYKL-VPN.

2) For the Remote ID, enter the SpeedFusion ID of the Balance at the opposite side. 3) For remote site, need to enter at least one Public IP (or DNS/DDNS) of the HQ router

WAN link, if HQ has multiple WAN links with static Public IP, you can key in all that IPs.

4) Balance 310 is capable of VPN Bonding, so choose the active WAN links from the

WAN Connection Priority section to be bond by SpeedFusion VPN, this example

will use WAN 1 & 2 to forward VPN traffic. 5) Save and apply the changes.

(75)

Once VPN profiles have been created on both sides, and if the WAN links

are up, the routers will start negotiating the VPN connection. If all the

parameters are correct, the VPN be online in a minutes time.

As shown in the screenshots, at the Dashboard page, the status of the

VPN connection will change to “Established”, indicating a successful VPN

connection.

Failover Test:

2) Unplug WAN 2 at Remote router (Balance 310) 3) Observe the changes at the routers

Failover Test Result:

1) Any timeout during failover? Yes or No

Ping Test:

(76)

To monitor the SpeedFusion Hot-Failover and recovery process, you can

view the SpeedFusion Status window.

1) Go to DashBoard, click on Status tab at the top, and the

SpeedFusion tab on the side

2) Click on the blue triangle beside “MYKL-VPN” (or the name of your

VPN) to expand the statistic

3) Monitor the changes on the WAN status during the failover and fallback

SpeedFusion Hot Failover recovery process should have no timeouts.

Recovery Test:

1) Before sttest start, at the Remote site, launch the command prompt window and conduct a continuous ping to HQ LAN IP (10.0.0.10)

2) Plug back the WAN 2 at Remote router (Balance 310) 3) Observe the changes at the routers

Recovery Test Result:

1) WAN 1 resume the VPN link

2) Any timeout during failover? Yes or No

Ping Test:

(77)

(78)

Ethernet-easy WAN

Unlike traditional WAN technologies, PepVPN works with any IP

connection, sets up in minutes, and requires almost no maintenance. It

connects sites, regardless of the distance, with a lightning-quick 256-bit

AES-encrypted

tunnel.

It

is

100%

compatible

with

all

your

Peplink/Pepwave devices.

PepVPN is so fast and easy to use, it’s like having everyone on the same

LAN, connected by Ethernet cables. PepVPN eliminates the 100-meter

limitation. In fact, it eliminates any distance limitations, so go ahead and do

business anywhere you please – across town, throughout the country,

around the globe.

Requirement

Many companies need to mobilize a team at the project while keeping the team connected to the company network. However, some systems in their company don’t work well in a routed environment or a VPN (eg. NetBIOS, Mainframe base application, and even Vmware SRM). In these situations, the solution is to extend the office network to the project site using SpeedFusion Long Distance Ethernet VPN solution.

In this scenario, they are deploying a Balance 380 at HQ, and a MAX On-The-Go (MOTG) at the remote site. The HQ’s LAN IP (192.168.125.0/24) will be extend to remote site, with DHCP enabled to assign IP to remote hosts.

(79)

Extending the HQ LAN to the remote site can be done using the

SpeedFusion L2 approach. These screencaps show the VPN profiles at

both HQ and Remote sites.

HQ VPN Profile

1) At the VPN Profile window, enter a meaningful word for the Name, this name should be same for both sides, eg. SF-L2.

2) To enable Layer 2, first click on the “?” at the top-right of the SpeedFusion Profile window and click on the link to unhide the Layer 2 Bridging feature.

3) Tick the checkbox for Layer 2 Bridging, select the Bridge Port to LAN (default setting).

4) Since the HQ serves as the DHCP server end, tick on the checkbox of Preserve

LAN Settings Upon Connected.

Remote VPN Profile

2) To enable Layer 2, first click on the “?” at the top-right of the SpeedFusion Profile window and click on the link to unhide the Layer 2 Bridging feature.

3) Tick the checkbox of Layer 2 Bridging, select the Bridge Port to LAN (default setting).

4) As remote site to follow HQ DHCP assignment, leave the checkbox of Preserve

LAN Settings Upon Connected unchecked, a warning message will display to

remind that this site (Remote) LAN will follow HQ LAN IP assignment.

(80)

5) In order to manage this router (MOTG), you need to manually assign an unused HQ LAN IP to this router. Once SpeedFusion is connected, you will be accessing this router via this new IP (192.168.125.5).

(81)

Once both sides VPN profile created, and if the WAN links are up, the

routers will start negotiating the VPN connection. If all the parameters

correct, the VPN will come up in a minutes time. The description on the

SpeedFusion will change, with the added wording “Layer 2” beside

SpeedFusion. At the remote router, a warning message display at the

bottom of the Device Information section.

(82)

To verify the SpeedFusion tunnel, you can view the SpeedFusion Status

window.

1) Go to DashBoard, click on Status button at SpeedFusion section

2) Click on the blue triangle beside the SF-L2 to expand the statistic

3) Notice that the Remote router IP is 192.168.125.5, as assigned in the

VPN profile

Remote Host Verification:

1) Open command prompt of the remote site notebook, check the ip with ipconfig, you will notice the host grabbed 192.168.125.11 from HQ DHCP server.

Ping Test:

(83)

SpeedFusion 3G/4G Bonding

As more business takes place outside the office, telecom providers have

responded by boosting the speed and reliability of their 3G networks. In

addition, they are rolling out innovations like 4G, LTE, and WiMax in an

increasing number of markets.

However, no matter how quickly cellular data bandwidth and quality

improve, mobile business always to demand more. From live video

streaming and conferencing to ever-larger file transfers and real-time

collaboration, today’s mobile applications strain even the latest and

greatest cellular technology to its limits. The result is fluctuating data

quality, unpredictable data rates, and widespread frustration, in addition to

costly overage charges

Requirement

In our previous case, the remote site area doesn’t have any WiFi or Wired Internet facility. So, the project team needs to use Cellular WAN to establish a VPN back to the office. We can combine both 3G cellular lines into SpeedFusion Bonded VPN to allow greater throughput and reliability. The remote site LAN IP is 192.168.0.0/24, and the HQ LAN IP is 192.168.125.0/24.

(84)

Assuming the HQ router has created the SpeedFusion profile named SF-L2, a normal Layer 3 bonded VPN. Here are steps to creating a VPN profile in MAX OTG.

At the branch router (Balance 310), go to Advanced > SpeedFusion to create the VPN profile.

VPN Profile

2) For the Remote ID, enter the SpeedFusion ID of the Balance at the opposite side. 3) At the remote site, enter at least one Public IP (or DNS/DDNS) of the HQ router

WAN link, if HQ has multiple WAN links with static Public IP, you can key in all the IPs.

4) MAX OTG is capable of VPN Bonding, so choose the active WAN links from the

WAN Connection Priority section to be bonded by SpeedFusion VPN, this example will use WAN 1 & 2 to forward VPN traffic.

(85)

Once VPN profiles have been created on both sides, and if the WAN links

are up, the routers will start negotiating the VPN connection. If all the

parameters correct, the VPN will come up in a minutes time.

As shown in the screenshots, the Dashboard shows the status of the VPN

connection changing to “Established”, indicating that the VPN connection

process is successful. Also notice that both WAN 1 & 2 are up and

connected to the Internet.

(86)

To further verify the SpeedFusion tunnel, you can view the SpeedFusion

Status window.

1) Go to DashBoard, click on the Status button at the SpeedFusion

section

2) Click on the blue triangle beside the SF-L2 to expand the statistic

3) Notice that both WAN 1 & 2 are connected to the SpeedFusion VPN,

and forwarding the traffic via the VPN tunnel

Load Sharing Test via multiple Ping commands:

1) Remote side launch at least 2 ping command to HQ LAN IP: 192.168.125.1 • Passed or Failed

• WAN 1 & 2 links Receive (RX) and Transmit (TX) counters increase? Yes or No

• Refer to next page for the traffic statistics

(87)

Realtime graph to show the traffic passing thru the SpeedFusion Bonded VPN tunnel. In the event if the uplink direction experiencing link interruption, the SpeedFusion graph will indicate packet loss.

(88)

Using SpeedFusion Behind a Firewall

If a Peplink Balance is placed behind a firewall, simply define firewall rules and inbound port forwarding policy in order to allow VPN traffic to pass through it.

By default, SpeedFusion uses TCP port 32015 and UDP port 4500 for establishing VPN connections and transmitting data. However, you can change the Data Port assignment in your SpeedFusion profile to another value.

(89)

SpeedFusion

bonded

VPN

requires

all

transmitted

data

to

be

encapsulated in a special UDP stream. This stream contains additional

packet headers with all the information needed to reconstruct the original

data stream in the correct order at the remote location.

SpeedFusion adds an additional 80 bytes of data to each packet sent

over a SpeedFusion connection, no matter what size the original data

packet is. This compares well to the 58 bytes of overhead required by

IPsec, especially considering that SpeedFusion provides advanced

routing, load balancing, and 256 bit AES encryption within the tunnel.

As the chart on the left shows, when a SpeedFusion VPN tunnel is used to

transmit IMIX data (4084 bytes), an additional 960 bytes of SpeedFusion

overhead is required.

The SpeedFusion overhead is 19% of the total transmitted data (IMIX +

overhead). Since it uses a fixed number of bytes per packet transmitted (an

additional 80 bytes), SpeedFusion is much more efficient when transmitting larger

packet sizes.

(90)

Accounting for SpeedFusion bandwidth overhead and assuming that the

traffic passing across the links is similar to the previously mentioned IMIX

standard, we can calculate available real-world bandwidth at the remote

site:

Download: 10Mb + 10Mb = 20Mbps - 19% = 16.2Mbps

Upload : 2Mb + 2Mb = 4Mbps - 19% = 3.24Mbps

It is important to explain SpeedFusion bandwidth overhead to your end

users so that they understand why they will not get full 20Mbps/4Mbps

bandwidth when using VPN bonding.

Remember, while conventional VPN technology such as IPsec has an

overhead of 14.6%. SpeedFusion provides bandwidth aggregation &

WAN resilience for only an additional 4% overhead.

SpeedFusion Isn’t Just about Bandwidth Aggregation

The big benefit of SpeedFusion is VPN reliability and the highly availability connection it provides (with packet level fail-over).

Customers can take advantage of this reliability and use a pair (or more) of low-cost DSL circuits to achieve higher reliability and throughput than comparable private circuits – often at up to 80% less cost.

(91)

We always recommend the use of WAN links with similar bandwidth

profiles from different ISPs to allow for the best possible SpeedFusion

throughput.

Using at least two different ISPs offers the benefit of provider diversity,

which means less chance of a technical (or even accounting/billing) error

causing a network outage. Provider diversity also lessens the impact of

bandwidth sharing, a common problem when using multiple circuits from a

single provider.

Download : 20 + 20 = 40 - 19% = 32.4Mbps

Upload : 4 + 4 = 8 - 19% = 6.48Mbps

The above configuration example uses two DSL circuits from two different

ISPs, each circuit having a similar bandwidth profile, as the best use case

for fixed line SpeedFusion bonding.

(92)

The Effect of WAN Link Characteristics on SpeedFusion VPN Connections

Another important factor to consider is the quality of the WAN links connecting SpeedFusion enabled devices. Let's consider some of the typical drivers for using SpeedFusion in the first place:

1) Internet Connection Bandwidth Availability – SpeedFusion is often deployed by

customers who are limited to slow DSL or cellular connections at a given location. Typically, these customers want to combine these slow links to create a faster aggregate connections between locations.

2) Internet Connection Reliability – We often see poor physical line quality at

customer locations, particularly DSL using old copper (and sometimes even lead) cable over a long run from the nearest exchange or POP. These connections are inherently unreliable and can sometimes be affected by rain ingress into the physical circuits, as well as temperature changes. We also see customers who have no physical lines and want to use cellular connectivity. Naturally, the quality, bandwidth availability, and reliability of cellular connections vary depending on location.

3) Flexibility – One of the benefits of SpeedFusion is that it is connection agnostic, so

we often see customers who want to use it to bond WAN links of different technology types, such as 3G/4G, VSAT, DSL, and leased lines. Obviously, the characteristics of these connections are very different (VSAT has high latency, cellular connections have variable latency/bandwidth depending on their location/signal strength, etc.).

(93)

4) ISP Diversity – This is a big driver for customers who want to make sure that even if

an ISP has a service issue, they can still connect using a WAN link from another ISP. The same DSL product from different ISPs can have quite different characteristics, with everything from variable contention, latency, and bandwidth availability being factors.

(94)

The Effect of WAN Link Characteristics on SpeedFusion VPN Connections, Continued

The two main WAN link characteristics that are important are;

Packet Loss

When the SpeedFusion engine detects excessive packet loss on a WAN link, the link will fail its health test and will not be used by SpeedFusion as an active link until it passes a subsequent health test.

Latency

When latency characteristics are the same across connected WAN links, it has very little effect on SpeedFusion bandwidth throughput. However, when the latency of WAN links vary considerably, bandwidth throughput will be affected.

Example 1. If WAN1: 100ms, WAN2: 400ms, the resulting latency of SpeedFusion bonded link will be 400ms, which follow the higher WAN.

Example 2. Or, if packets travel multiple SpeedFusion hops (site A-> site B-> site C), with 100ms per link between 2 sites, then total latency will be 200ms from site A to site C (via site B).

Any variation of these characteristics have an effect on the amount of WAN link bandwidth that is available for use by SpeedFusion.

Packet Loss in high latency environments

In the example above, there is a 3G connection which is highly susceptible to packet loss. Because the latency across the SpeedFusion link is equalized to the link with the highest latency (800ms), SpeedFusion will take longer to spot the packet loss (800ms+). Peplink Balance Series Enterprise-class Multi-WAN Router

(95)

In certain conditions, such as a combination of regular timed packet loss and high latency on the above 3G link, the TCP protocol method of retransmitting lost packets can have a drastic effect on the available bandwidth over the VPN. This is another reason why we recommend that, whenever possible, high latency links be used for failover and not as an active SpeedFusion WAN link.

Recommended latency difference = Less than 150ms

Note: Using UDP traffic over SpeedFusion can provide higher throughput than TCP