Looking for suggestions support two ISP connections
-
A lot of times they list the throughput as the max that you can expect to get out of the system if it is fully loaded. You may get more or less, depending on how many users you put on the system.
Also. extra capabilities, such as Web filtering, VPN, IPS, and Malware Dettection, etc... can have a HUGE impact on your throughput. I had a Fortigate that would slow our 20 meg connection (1000 users) from getting full 20 megs down to like 5 just for enabling the IPS or Antivirus along side of the web filter.
-
@Dashrender said:
I have never understood these numbers.
100 Mbps is for up to 25 users?
I currently only have a 10/10 internet connection and 70 users.Well no one would recommend 10/10 for even 10 users these days
But, my own rule of thumb is, ignore, always and 100%, "user count" recommendation numbers on networking gear. Pay attention to license limits, but not per user workloads. Those are numbers only for people who know nothing of the throughput and needs. Like when MP3 players list how many songs they can hold - they don't know how big your songs are. Those numbers are just based off of guesses for people who don't know what 1GB means.
So if you know what 100Mb/s is, don't even look at listings of how many users there are.
-
@Dashrender said:
I really need a device that can handle 400 Mbps for my 50-500 users when my pipe is only 10 Mbps?
You can safely ignore the number of users. If they are just farting around on text websites, you could have thousands of users on a 10Mbps pipe. If you have one idiot slurping down YouTube, then 10Mbps wouldn't be enough.
The number you need to pay attention to is the max speed. I have a Peplink 300 sitting on a shelf at the house. It can handle ~20Mbps between three pipes, no more. It hard caps at that level, so Peplink's numbers are very much the highest that you can go.
Don't short sell on your router now because you don't see things increasing. Especially with cheap commodity cable pipes, they change underlying technology all the time. DOCSIS3.1 is around the corner, with 16 channel bonding to bring you 500Mbps. TWC in my neck of the woods upgraded everyone with a DOCSIS3 modem to 100Mbps if they were setup for the 50Mbps profile. This was the main reason I had to drop my RV042, because it couldn't handle more than 75Mbps. With my 24Mbps U-Verse line, the box was screaming in agony. The pfSense setup I got now can handle lots of bandwidth, almost line speed. But if I had the money, I would be picking me up another Peplink.
-
And even for VPN connections, if you are using the pipe with ten users, each with their own VPN connection generated from the firewall itself and each user is creating lots of network connections then you need one thing. If you have ten users who are not online and they all connect to an application that talks over HTTPS to a single connection on the outside, you get completely different utilization.
-
@scottalanmiller said:
And even for VPN connections, if you are using the pipe with ten users, each with their own VPN connection generated from the firewall itself and each user is creating lots of network connections then you need one thing. If you have ten users who are not online and they all connect to an application that talks over HTTPS to a single connection on the outside, you get completely different utilization.
I understand this.
-
My current situation is:
Main location with SonicWall 2400 and internet pipe 10/10
There are 4 site to site VPN tunnels to our remote locations. user VPN tunnels are created at night to this location as well, max 12, but normal would be 2.The remote locations each have a SonicWall T210 with internet 15/3.
-
User VPN connections are made at night?
-
We have a customer with 2 WAN connections (Verizon is the main and a local ISP is the failover) set up on an EdgeMax router. We've tested the failover, and it appears to function flawlessly. There's some configuration required to do it, but it's pretty simple.
-
@scottalanmiller said:
User VPN connections are made at night?
People working from home, one would assume.
-
@JaredBusch said:
@scottalanmiller said:
User VPN connections are made at night?
People working from home, one would assume.
Ah okay, makes total sense. My brain lept to some automated process making VPN connections during the night to have them ready for the morning and I was confused if that could really be what it was
-
@Dashrender said:
My current situation is:
Main location with SonicWall 2400 and internet pipe 10/10
There are 4 site to site VPN tunnels to our remote locations. user VPN tunnels are created at night to this location as well, max 12, but normal would be 2.The remote locations each have a SonicWall T210 with internet 15/3.
I would bring in two pipes to each of the remote locations, maybe grab a cheap one from the local ILEC. At the main location, bring in three large pipes. The main problem here is that there isn't much upload on those el-cheapo pipes. Then use the Peplink with their Speedfusion VPN bonding to get the tunnels to use the entire range of the pipes.
Main site the sweet spot would probably be the 380, remote sites could use One's since they are not needing some of the other stuff except Speedfusion.
-
I'm closing my three remote locations and consolidating them into a new single remote location.
The cable modem connection will be 50/10 and the backup DSL will be 12/2.
We are surviving with the 10/10 today, and have been for 8 years. Moving to 50/10 will allow me to loosen up for things like streaming radio, etc.
I don't think we really need more than 10 for upload for normal day to day stuff.
-
Currently the VPN tunnel supports DNS queries, AD authentication and the occasional file access, but the main work is done via an internet web app and that goes direct, not through our main branch.
I plan to add VOIP phones to the new location, so this will put upwards of 8 phones worth of traffic on the VPN as well.
-
Well then, buy three pipes each site, get some 380s and watch some serious speed go through them.
Usage is gonna go up considerably versus what you saw before with the different sites. Remember all those goons are now gonna be concentrated to a single site. Where one user slurping YouTube wasn't a problem before, they are all now together and slurping down YouTube, making things horrible.
Two 50/10 pipes each site for VPN connections and mission critical data, schlep interwebs over to the low bandwidth pipe. So what if they can't stream audio and get their cat pictures as fast as home?
-
I guess you're missing my current setup.
Of my 85 users, 78 of them are at my main location, all sharing a 10/10 pipe today, and have been for 7+ years.
The remote sites have all had 15/3 for those 7+ years.
At my main location, my main carrier can get me 100/15(20) but the backup carrier can't get me more than 12/2. I'm reaching out to other carriers, but I'm pretty sure they have no last mile access in my main location, so I'd be stuck with the two I'm currently looking at anyhow.
At the new locations, the primary carrier is the same, 100/15(20), but the backup can give me 100/100 over DSL (so they claim).
But I don't see the point in trying for 3 connections, when 2 will give me 5x at least more download than I have today.
-
Sounds as though your users have gotten used to using the slower pipe.
Two might be just fine. Keep your options open by buying the ability to get a third pipe in. So if the users suddenly see all this bandwidth, they might start getting sassy and slurp down shit, plugging in their own equipment and doing crazy crap. You might also start needing that much more bandwidth, start using O365, Sharepoint, and all kinds of cloud storage. You might get another site fired up, and those few users at the remote site will need to share ~13Mbps upstream with each other. Your also need to determine if you need HA at some point, adding another DSL pipe would let in some bit of redundancy.
If you are going like for like, yes, with your plan now it should be fine. But since these are usually two to three year contracts, start future proofing yourself now. Look longterm, but don't go bleeding edge.
As for a 100Mbps DSL loop, totally possible. AT&T's U-Verse Gigapower is VDSL2+, but the loop has to be super short, so lots of it is new construction areas with fiber to the VRAD and 1000' loops to the locations. CenturyLink is offering a 100Mbps DSL pipe over a pair bonded VDSL implementation, but I don't believe they are offering symmetrical loops.
-
@PSX_Defector said:
CenturyLink is offering a 100Mbps DSL pipe over a pair bonded VDSL implementation, but I don't believe they are offering symmetrical loops.
They claim to be now.
-
I'm starting a new thread to talk about internet connections themselves leaving this one for the firewall questions.
