Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.
Š 2012 Peplink
Š Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited
Presentation Agenda • About Peplink Balance • Internet Link Aggregation & Failover • LAN/WAN Interface
• Understanding & Setting up Drop-in mode • Peplink Complete VPN Solution & Site-to-Site VPN • Outbound Policy and Inbound Access • Inbound Load Balancing / DNS Settings • NAT Mappings / NAT Pool / QoS / WLAN Controller • Hardware High Availability and LAN Bypass • Bandwidth Usage Monitoring • Additional Capabilities • Questions and Answers
© 2012 Peplink
About Peplink Balance
Š 2012 Peplink
Balance Series Specifications
Model
Balance 20/30
Balance 210/310
Balance 380/580
Balance 710/1350
Power User/ Home Office
Small Business
Mid-Size Business
Large Enterprise
1-25
25-150
100-1000
500-5000+
Throughput
100Mbps
100Mbps
200Mbps 400Mbps
800Mbps 1500Mbps
WAN Ports
2/3
2/3
3/5
7/13
1
1
1
1
Yes
Yes
Yes
Coming Soon
50 100
250 500
Target User Recommended Users
USB WAN Support Peplink VPN Bonding AP Controller Support
Š 2012 Peplink
Coming Soon
http://www.peplink.com/
Usage of Peplink Balance • Internet Link Load Balancing & Failover • Session based for Inbound and Outbound
© 2012 Peplink
Proprietary and Confidential
Usage of Peplink Balance • WAN Bonding • Packet based load balancing
• Single TCP/IP session can utilize all WAN links • Using Peplink Site-to-Site VPN technology
© 2012 Peplink
Proprietary and Confidential
Idea of Peplink Balance • Outbound • Access a server on Internet (WAN) side from LAN, and the server returns the web data back to LAN
• Inbound • A computer from Internet (WAN) access a web server on LAN. The web server returns the data back to Internet client
© 2012 Peplink
Idea of Peplink Balance • Outbound Load Balancing & Failover • Controlled by Outbound Policy
• Peplink will distribute the outbound sessions to different WAN links automatically
• Inbound Load Balancing & Failover • By using build-in authoritative DNS
• The resolution of DNS hostname contains IP addresses of all WAN links © 2012 Peplink
Internet Link Aggregation & Failover
Š 2012 Peplink
Internet Link Aggregation & Failover • Scenario: • A Peplink Balance unit • Three 1 Mbps Internet Links • All links are operational
Local Area Network
• Combined bandwidth: 3 Mbps = ISP A + ISP B + ISP C = 1 Mbps + 1 Mbps + 1 Mbps © 2012 Peplink
Internet Link Aggregation & Failover • Scenario: • A Peplink Balance unit • Three 1 Mbps Internet Links • One link down: ISP A
Local Area Network
• Peplink Balance re-directs traffic over ISP B and ISP C as failover. © 2012 Peplink
WAN/LAN Interface
Š 2012 Peplink
WAN • DHCP, PPPoE and Static IP Address • 1 x USB Mobile Connection
© 2012 Peplink
WAN • WAN link Health Check • Determine whether the ISP link is routable to Internet.
• Methods: Ping / DNS Lookup / SmartCheck • Ping – issue ICMP PING packets to test connectivity • DNS Lookup – DNS lookups will be issued to test connectivity with target DNS servers. • SmartCheck – applies only to USB mobile connection. It is optimized for mobile networks with high traffic latency © 2012 Peplink
WAN • Bandwidth Allowance Monitor • Designed for non-unlimited link (eg: Satellite, 3G) • Alert user when usage hits 75%/95% via Email • Disconnect when hits 100% allowance • Selectable billing cycle date
© 2012 Peplink
Proprietary and Confidential
LAN • DHCP server • DHCP reservation
• DHCP Option • LAN static route
• Local DNS Proxy • WINS server
© 2012 Peplink
Drop-in mode
Š 2012 Peplink
Drop-in Mode • Before the installation of Peplink Balance: • The network is connected to the ISP via a Router outside of the Firewall.
© 2012 Peplink
Drop-in Mode • Installation Phase 2: • Additional Internet links are installed. • Peplink Balance intelligently performs load balance and failover among the multiple links.
© 2012 Peplink
Non-disruptive Installation • Real-world considerations when installing network devices: • Re-configuration of components
• Risk isolation • Back-out strategy
• “Drop-in Mode” - an installation method designed to minimize disruption to the existing network.
© 2012 Peplink
Drop-in Mode • Requirement • An additional IP address is required for Drop-in Mode Peplink Such as: 210.10.10.3 210.10.10.2/24
192.168.1.0/24
© 2012 Peplink
Proprietary and Confidential
210.10.10.1/24
Drop-in Mode • Network > Interfaces > LAN
© 2012 Peplink
Drop-in Mode • Installation Phase 1: • Pre-configured Peplink Balance is “dropped in” between the Firewall and ISP Router. • The LAN clients, Firewall, and ISP Router maintain the same configurations.
210.10.10.1/24
210.10.10.3/24
210.10.10.2/24
192.168.1.0/24
© 2012 Peplink
Drop-in Mode • Installation Phase 1: • LAN and WAN1 of Peplink uses 210.10.10.3 210.10.10.1/24
210.10.10.3/24 210.10.10.2/24
192.168.1.0/24
© 2012 Peplink
Drop-in Mode • Installation Phase 2: • Configure WAN2 and WAN3 210.10.10.1/24
210.10.10.3/24 210.10.10.2/24
22.2.2.2/28 22.2.2.1/28 33.3.3.2/30
33.3.3.1/30
192.168.1.0/24
© 2012 Peplink
Difference between Drop-in and NAT • NAT Mode • All WAN links are in NAT mode • Traffic goes over a NAT’ed WAN, its source IP will be translated to the IP of corresponding WAN link • Drop-in Mode: • Peplink will bridge one of the WAN link and LAN segments • For other WAN links, they will act as NAT
© 2012 Peplink
Peplink Complete VPN Solution • Build-in PPTP Server • Proprietary Site-to-Site VPN • Bonding • Failover
• Network-to-Network IPsec VPN
© 2012 Peplink
Peplink Site-to-Site VPN • Key Features • VPN Bonding
• VPN Failover • Built-in Automatic Routing Protocol
• 256-bit AES Encryption • Easy configuration via Web Admin
© 2012 Peplink
Peplink Site-to-Site VPN • Allows VPN traffic to load balance across multiple connections (Balance 210/310/380/580/710/1350) • Two Suggested connection scenarios
Mesh Scenario
© 2012 Peplink
Star Scenario
Peplink Site-to-Site VPN Bonding • Aggregate all WAN connections’ bandwidth • Traffic load balanced at packet level
• Automatic failover during WAN link failure
© 2012 Peplink
Peplink Site-to-Site VPN Bonding Configuration of Branch A
1824-ABCD-1234
Configuration of Branch B
1824-1234-ABCD
Subnet A
Subnet B
192.168.50.1
10.10.10.1
Subnet should be different between two locations Š 2012 Peplink
PPTP Server • Allows Windows / Mac connect on public Internet to internal LAN natively
Š 2012 Peplink
Proprietary and Confidential
PPTP Server • Authenticate PPTP user via • Local User Account (Stored in Peplink itself)
• External LDAP Server • External Radius Server
© 2012 Peplink
Proprietary and Confidential
Outbound Policy
Š 2012 Peplink
Outbound Policy • 3 different Outbound Policies • Rule Based Custom Rules • Seven load balancing algorithms Click
•Click to add/edit custom rules •Drag and Drop to re-order the priority of rules
© 2012 Peplink
to delete a custom rule
Outbound Policy • Weighted Balance • Distribute the traffic across different WAN links based on the weight. • 10:5:1 means • 10 Sessions (10/16) will be across WAN1 • 5 Sessions (5/16) will be across WAN2 • 1 Session (1/16) will be across WAN3
© 2012 Peplink
Outbound Policy • Persistence • Make the specified types of traffic to always be routed through a particular WAN link based on source or destination IP address(es). • Example usage: • Secure login session such as HTTPS.
© 2012 Peplink
Outbound Policy • Enforced • Route the specified traffic through a single WAN connection/VPN Profile only, regardless of WAN link up/down status. • Example usage: • Restricting outbound SMTP traffic to one specific WAN link.
© 2012 Peplink
Outbound Policy • Priority • Distribute the traffic in the specified order.
• Highest-priority available WAN link/VPN profile will be used first. • Lower-priority WAN links will be used when higher-priority WAN links become unavailable.
© 2012 Peplink
Outbound Policy • Overflow • Route the traffic to a lower priority link when the highest priority link has been congested.
• Least Used • Route the traffic to the most available WAN link according to download usage.
• Lowest Latency • Route the traffic to the lowest latency WAN link
• Periodic latency checking will be performed to determine the latency
© 2012 Peplink
Outbound Policy • VPN Connection can be selected as Outbound Connection • Selected traffic will be routed across VPN Connection with Priority and Enforced Algorithms
© 2012 Peplink
Inbound Access
Š 2012 Peplink
Inbound Access • Also known as: Inbound port forwarding / Inbound port address translation
Š 2012 Peplink
Inbound Access • A web server located on LAN with physical private IP 192.168.1.100 • Existing firewall is doing Inbound NAT for 210.10.10.100 to forward to 192.168.10.100
Web Server LAN IP: 192.168.1.100 Public IP: 210.10.10.100
© 2012 Peplink
Inbound Access • To allow access the web server via WAN2 and WAN3, the Inbound Access rules are required.
Web Server LAN IP: 192.168.1.100 Public IP: 210.10.10.100
© 2012 Peplink
Inbound Access • Network > Inbound Access > Servers
• Network > Inbound Access > Services
© 2012 Peplink
Inbound Load Balance • Inbound Load Balancing distributes inbound traffic across multiple WAN links by using buildin DNS server. • Balance DNS server is required to be an authoritative DNS of the domain. • Eg: foobar.com
© 2012 Peplink
Inbound Load Balance • The DNS query result of www.foobar.com will be • Name: www.foobar.com • Addresses: 210.10.10.100, 22.2.2.2, 33.3.3.2
• If ISP2 goes down, the DNS query result will be • Name: www.foobar.com • Address: 210.10.10.100, 33.3.3.2 210.10.10.100
22.2.2.2
33.3.3.2
© 2012 Peplink
DNS Settings • Enable DNS listener • Create “Default SOA/NS”
© 2012 Peplink
DNS Settings • Define “Default SOA/NS Records”
IP of NS should be same as the IP selected in DNS listeners © 2012 Peplink
DNS Settings • Create domain name “foobar.com”
© 2012 Peplink
DNS Settings • Create A Record Click to Create a new A Record
Enter the host “www”
Select the IP address on multiple WAN links for “www”
© 2012 Peplink
One-to-One NAT Mappings • Allow the IP address mapping of all inbound and outbound NAT’ed traffic to and from an internal client IP address. Click to delete a NAT rules
Click to add/edit NAT rules
© 2012 Peplink
NAT Pool • A range of LAN IP address or a LAN subnet can be mapped to multiple IP public IP address as source IP for their outbound traffic.
© 2012 Peplink
QoS
Š 2012 Peplink
QoS • User Group Based Classification • Manager
• Staff • Guest
• Add/Edit User Group by • IP address or Subnet IP
© 2012 Peplink
QoS • Control Group Reserved Bandwidth • Reserve minimum bandwidth for user groups
• Control Per-user Bandwidth Limit • Define maximum bandwidth for each user of the groups
© 2012 Peplink
QoS • Traffic Prioritization for default and custom applications • 3 Priority levels: ↑High, ━ Normal, and ↓Low • Support different kinds of applications liked Email, VoIP • Based on TCP/UDP/IP/DSCP
© 2012 Peplink
Hardware High Availability
Š 2012 Peplink
Hardware High Availability • Peplink Balance 210/310/380/580/710/1350 support High Availability via VRRP, Virtual Router Redundancy Protocol: • A pair of Peplink Balance units work together. • One unit is Active. • The other unit is on Stand-by.
© 2012 Peplink
Hardware High Availability • In the event of Active unit fails: • The Stand-by unit becomes Active. • New Active unit re-establishes Internet connections. • Outage is minimized.
© 2012 Peplink
Hardware High Availability • Each unit has their own LAN IP address and use a same Virtual IP. • For non-drop-in mode, the VIP will be the default gateway of LAN hosts • For Drop-in mode, WAN1’s default gateway will be the default gateway of LAN hosts
192.168.1.3
Configuring HA for Slave unit
192.168.1.2
© 2012 Peplink
LAN Bypass
LAN1
WAN1
© 2012 Peplink
LAN Bypass • Available in Peplink Balance 580/710/1350 • LAN Bypass is a fault-tolerance feature that protects you in the event of power outage. • When used with Drop-in Mode, such failure would be completely transparent to the network. • In the following example, WAN1 and LAN1 ports are bridged together when the power runs out.
© 2012 Peplink
Bandwidth Usage Monitoring
Š 2012 Peplink
Bandwidth Usage Monitoring • Show the bandwidth usage statistics • Three periods of statistics: Real-Time, Daily, Monthly • Usage will not be shown at the time when device had been switched OFF • Real-Time • Click Show Details to view the usage of different WAN or type of traffic
© 2012 Peplink
Bandwidth Usage Monitoring • Daily • Detailed usage statistics of ALL WAN with IP Address can be shown by clicking corresponding Date • A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled
© 2012 Peplink
Bandwidth Usage Monitoring • Monthly • Detailed usage statistics of ALL WAN with IP Address can be shown by clicking the first two Month rows • A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled
© 2012 Peplink
Additional Capabilities
Š 2012 Peplink
Additional Capabilities • E-mail notification: • Send email to user for any WAN up/down event, Site-to-Site VPN, HA status.
© 2012 Peplink
Additional Capabilities • Rule-based stateful Firewall: • Support for an unlimited number of rules. • Drag and drop user interface
© 2012 Peplink
Additional Capabilities • Reporting Service
Š 2012 Peplink
Contact Support • Detail description of the issue • Network Diagram with detail IP address scheme • Troubleshooting steps that you performed • Diagnostic Report of related units (eg: S2S VPN) • Remote Assistance of related units (eg: S2S VPN)
• Send email to “priority.support@peplink.com”
© 2012 Peplink
Proprietary and Confidential
Diagnostic Report • Obtain Diagnostic Report via “Status > Device”
© 2012 Peplink
Proprietary and Confidential
Additional Support Information • Support Information Page contains • LAN/WAN Ethernet details • Remote Assistance • Network Capture • Realtime information of WAN Health Check
• To access Support Information page, from the Brower URL, change the link • http://<Peplink’s IP>/cgi-bin/MANGA/index.cgi © 2012 Peplink
Proprietary and Confidential
Additional Support Information • Support Information Page contains • LAN/WAN Ethernet details • Remote Assistance • Network Capture • Realtime information of WAN Health Check
• To access Support Information page, from the Brower URL, change the link • http://<Peplink’s IP>/cgi-bin/MANGA/support.cgi © 2012 Peplink
Proprietary and Confidential
Contact Us •
Peplink United States Office
•
800 West El Camino Real Mountain View, CA 94040 United States Tel: Fax:
•
Tel:
+27 12 665 5829
Peplink Hong Kong Office
Tel: Fax:
+852 2990 7600 +852 3007 0588
Peplink Italy Office Via Sismondi 50/3 20133 Milan Italy Tel:
•
Unit 24, Cambridge Office Park, 5 Bauhinia Street, Highveld, Centurion, South Africa
+1 (866) 463 0129 +1 (866) 625 4664
17/F, Park Building 476 Castle Peak Road Cheung Sha Wan Hong Kong
•
Peplink South Africa Office
+39 02 8986 6852
Peplink Saudi Arabia Office Queen’s Tower 24th Floor, Jeddah Saudi Arabia Tel:
© 2012 Peplink
+966 504336952
•
Sales: http://www.peplink.com/contact/sales/
•
Support: http://www.peplink.com/contact/support/