Looking for suggestions support two ISP connections
-
Do you have more than one ISP connection setup in a failover setup, or even using both at the same time? If so what are you using to bring those togehter?
-
I've done this using the main fiber with a Verizon DSL connection is a backup. I did not use them both at the same time, that can cause issues with some websites and other traffic. Cisco routers have NAT fail over you just configure. You just use weighting to set which one is primary and secondary.
-
A lot of devices have failover options. Even some Netgear Prosafe and ProSecure. Not that I am recommending those, just stating that we have had those units with WAN failover options before.
-
Some information on doing this with the Ubiquity EdgeRouter...
https://junipermyanmar.wordpress.com/2014/03/06/dual-wan-load-balance-on-er-lite-v-1-4-0/
-
@scottalanmiller said:
Some information on doing this with the Ubiquity EdgeRouter...
https://junipermyanmar.wordpress.com/2014/03/06/dual-wan-load-balance-on-er-lite-v-1-4-0/
Dual wan on the EdgeOS is still in Beta. They removed the one from Vyatta and put in their own.
-
Best bet, use Peplink.
http://www.peplink.com/products/balance/model-comparison/
Their shit just works. And the VPN component is pretty fuckin' sweet if you have multiple sites.
I currently use a pfSense router on my ESXi box to run both a TWC pipe and an AT&T U-Verse pipe into the house. It serves its purpose fairly well. I was using a Mikrotik router for that stuff before, but it wouldn't do the load balancing the way I was wanting it to go.
-
Peplink, that was the name I could not think of!
-
OK I looked at the spec sheet that PSX linked to.
Here's an excerpt.
I have never understood these numbers.
100 Mbps is for up to 25 users?
I currently only have a 10/10 internet connection and 70 users.I really need a device that can handle 400 Mbps for my 50-500 users when my pipe is only 10 Mbps?
I realize that I also need to make sure I have enough horsepower to handle VPN connections, so sure I'll need a more powerful processor for that, I just fine myself constantly shaking my head at things like this.
Perhaps it's more important to know what your bandwidth is, and how many VPN tunnels you're going to using at the same time, then ignore the rest as it's just marketing crap to try to get you to maybe over buy?
Care to enlighten me?
-
A lot of times they list the throughput as the max that you can expect to get out of the system if it is fully loaded. You may get more or less, depending on how many users you put on the system.
Also. extra capabilities, such as Web filtering, VPN, IPS, and Malware Dettection, etc... can have a HUGE impact on your throughput. I had a Fortigate that would slow our 20 meg connection (1000 users) from getting full 20 megs down to like 5 just for enabling the IPS or Antivirus along side of the web filter.
-
@Dashrender said:
I have never understood these numbers.
100 Mbps is for up to 25 users?
I currently only have a 10/10 internet connection and 70 users.Well no one would recommend 10/10 for even 10 users these days
But, my own rule of thumb is, ignore, always and 100%, "user count" recommendation numbers on networking gear. Pay attention to license limits, but not per user workloads. Those are numbers only for people who know nothing of the throughput and needs. Like when MP3 players list how many songs they can hold - they don't know how big your songs are. Those numbers are just based off of guesses for people who don't know what 1GB means.
So if you know what 100Mb/s is, don't even look at listings of how many users there are.
-
@Dashrender said:
I really need a device that can handle 400 Mbps for my 50-500 users when my pipe is only 10 Mbps?
You can safely ignore the number of users. If they are just farting around on text websites, you could have thousands of users on a 10Mbps pipe. If you have one idiot slurping down YouTube, then 10Mbps wouldn't be enough.
The number you need to pay attention to is the max speed. I have a Peplink 300 sitting on a shelf at the house. It can handle ~20Mbps between three pipes, no more. It hard caps at that level, so Peplink's numbers are very much the highest that you can go.
Don't short sell on your router now because you don't see things increasing. Especially with cheap commodity cable pipes, they change underlying technology all the time. DOCSIS3.1 is around the corner, with 16 channel bonding to bring you 500Mbps. TWC in my neck of the woods upgraded everyone with a DOCSIS3 modem to 100Mbps if they were setup for the 50Mbps profile. This was the main reason I had to drop my RV042, because it couldn't handle more than 75Mbps. With my 24Mbps U-Verse line, the box was screaming in agony. The pfSense setup I got now can handle lots of bandwidth, almost line speed. But if I had the money, I would be picking me up another Peplink.
-
And even for VPN connections, if you are using the pipe with ten users, each with their own VPN connection generated from the firewall itself and each user is creating lots of network connections then you need one thing. If you have ten users who are not online and they all connect to an application that talks over HTTPS to a single connection on the outside, you get completely different utilization.
-
@scottalanmiller said:
And even for VPN connections, if you are using the pipe with ten users, each with their own VPN connection generated from the firewall itself and each user is creating lots of network connections then you need one thing. If you have ten users who are not online and they all connect to an application that talks over HTTPS to a single connection on the outside, you get completely different utilization.
I understand this.
-
My current situation is:
Main location with SonicWall 2400 and internet pipe 10/10
There are 4 site to site VPN tunnels to our remote locations. user VPN tunnels are created at night to this location as well, max 12, but normal would be 2.The remote locations each have a SonicWall T210 with internet 15/3.
-
User VPN connections are made at night?
-
We have a customer with 2 WAN connections (Verizon is the main and a local ISP is the failover) set up on an EdgeMax router. We've tested the failover, and it appears to function flawlessly. There's some configuration required to do it, but it's pretty simple.
-
@scottalanmiller said:
User VPN connections are made at night?
People working from home, one would assume.
-
@JaredBusch said:
@scottalanmiller said:
User VPN connections are made at night?
People working from home, one would assume.
Ah okay, makes total sense. My brain lept to some automated process making VPN connections during the night to have them ready for the morning and I was confused if that could really be what it was
-
@Dashrender said:
My current situation is:
Main location with SonicWall 2400 and internet pipe 10/10
There are 4 site to site VPN tunnels to our remote locations. user VPN tunnels are created at night to this location as well, max 12, but normal would be 2.The remote locations each have a SonicWall T210 with internet 15/3.
I would bring in two pipes to each of the remote locations, maybe grab a cheap one from the local ILEC. At the main location, bring in three large pipes. The main problem here is that there isn't much upload on those el-cheapo pipes. Then use the Peplink with their Speedfusion VPN bonding to get the tunnels to use the entire range of the pipes.
Main site the sweet spot would probably be the 380, remote sites could use One's since they are not needing some of the other stuff except Speedfusion.
-
I'm closing my three remote locations and consolidating them into a new single remote location.
The cable modem connection will be 50/10 and the backup DSL will be 12/2.
We are surviving with the 10/10 today, and have been for 8 years. Moving to 50/10 will allow me to loosen up for things like streaming radio, etc.
I don't think we really need more than 10 for upload for normal day to day stuff.