Upload
lee-dennis
View
219
Download
4
Tags:
Embed Size (px)
Citation preview
© 2012 Peplink
Break Internet Bandwidth LimitsHigher Speed. Extreme Reliability. Reduced Cost.
© Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited
© 2012 Peplink
• About Peplink Balance
• Internet Link Aggregation & Failover
• LAN/WAN Interface
• Understanding & Setting up Drop-in mode
• Peplink Complete VPN Solution & Site-to-Site VPN
• Outbound Policy and Inbound Access
• Inbound Load Balancing / DNS Settings
• NAT Mappings / NAT Pool / QoS / WLAN Controller
• Hardware High Availability and LAN Bypass
• Bandwidth Usage Monitoring
• Additional Capabilities
• Questions and Answers
Presentation Agenda
© 2012 Peplink
About Peplink Balance
© 2012 Peplink
Balance Series Specifications
Model Balance 20/30 Balance 210/310 Balance 380/580 Balance 710/1350
Target UserPower User/ Home Office
Small BusinessMid-Size Business
Large Enterprise
Recommended Users 1-25 25-150 100-1000 500-5000+
Throughput 100Mbps 100Mbps200Mbps400Mbps
800Mbps1500Mbps
WAN Ports 2/3 2/3 3/5 7/13
USB WAN Support 1 1 1 1
Peplink VPN Bonding Yes Yes Yes
AP Controller Support Coming Soon Coming Soon50
100250500
4
© 2012 Peplink
•Internet Link Load Balancing & Failover
• Session based for Inbound and Outbound
Usage of Peplink Balance
Proprietary and Confidential
© 2012 Peplink
•WAN Bonding
• Packet based load balancing
• Single TCP/IP session can utilize all WAN links
• Using Peplink Site-to-Site VPN technology
Usage of Peplink Balance
Proprietary and Confidential
© 2012 Peplink
•Outbound
• Access a server on Internet (WAN) side from LAN, and the server returns the web data back to LAN
•Inbound
• A computer from Internet (WAN) access a web server on LAN. The web server returns the data back to Internet client
Idea of Peplink Balance
© 2012 Peplink
•Outbound Load Balancing & Failover
• Controlled by Outbound Policy
• Peplink will distribute the outbound sessions to different WAN links automatically
•Inbound Load Balancing & Failover
• By using build-in authoritative DNS
• The resolution of DNS hostname contains IP addresses of all WAN links
Idea of Peplink Balance
© 2012 Peplink
Internet Link Aggregation & Failover
© 2012 Peplink
• Scenario:• A Peplink Balance unit
• Three 1 Mbps Internet Links
• All links are operational
• Combined bandwidth: 3 Mbps= ISP A + ISP B + ISP C = 1 Mbps + 1 Mbps + 1 Mbps
Internet Link Aggregation & Failover
Local Area Network
© 2012 Peplink
• Scenario:• A Peplink Balance unit
• Three 1 Mbps Internet Links
• One link down: ISP A
• Peplink Balance re-directs traffic over ISP B and ISP C as failover.
Internet Link Aggregation & Failover
Local Area Network
© 2012 Peplink
WAN/LAN Interface
© 2012 Peplink
• DHCP, PPPoE and Static IP Address
• 1 x USB Mobile Connection
WAN
© 2012 Peplink
• WAN link Health Check• Determine whether the ISP link is routable to
Internet.
• Methods: Ping / DNS Lookup / SmartCheck• Ping – issue ICMP PING packets to test connectivity
• DNS Lookup – DNS lookups will be issued to test connectivity with target DNS servers.
• SmartCheck – applies only to USB mobile connection. It is optimized for mobile networks with high traffic latency
WAN
© 2012 Peplink
• Bandwidth Allowance Monitor• Designed for non-unlimited link (eg: Satellite,
3G)
• Alert user when usage hits 75%/95% via Email
• Disconnect when hits 100% allowance
• Selectable billing cycle date
WAN
Proprietary and Confidential
© 2012 Peplink
• DHCP server
• DHCP reservation
• DHCP Option
• LAN static route
• Local DNS Proxy
• WINS server
LAN
© 2012 Peplink
Drop-in mode
© 2012 Peplink
Drop-in Mode• Before the installation of Peplink Balance:
• The network is connected to the ISPvia a Router outside of the Firewall.
© 2012 Peplink
• Installation Phase 2:
• Additional Internet links are installed.
• Peplink Balance intelligently performs load balance and failover amongthe multiple links.
Drop-in Mode
© 2012 Peplink
• Real-world considerations when installing network devices:
• Re-configuration of components
• Risk isolation
• Back-out strategy
• “Drop-in Mode” - an installation method designed to minimize disruption to the existing network.
Non-disruptive Installation
© 2012 Peplink
Drop-in Mode• Requirement
• An additional IP address is required for Drop-in Mode PeplinkSuch as: 210.10.10.3
Proprietary and Confidential
210.10.10.2/24
210.10.10.1/24
192.168.1.0/24
© 2012 Peplink
•Network > Interfaces > LAN
Drop-in Mode
© 2012 Peplink
• Installation Phase 1:
• Pre-configured Peplink Balance is “dropped in” betweenthe Firewall and ISP Router.
• The LAN clients, Firewall, and ISP Router maintain the same configurations.
Drop-in Mode
210.10.10.2/24
210.10.10.3/24210.10.10.1/24
192.168.1.0/24
© 2012 Peplink
• Installation Phase 1:
• LAN and WAN1 of Peplink uses 210.10.10.3
Drop-in Mode
210.10.10.2/24
210.10.10.3/24210.10.10.1/24
192.168.1.0/24
© 2012 Peplink
210.10.10.2/24
192.168.1.0/24
210.10.10.3/24210.10.10.1/24
Drop-in Mode
22.2.2.1/28
22.2.2.2/28
33.3.3.2/30
33.3.3.1/30
• Installation Phase 2:
• Configure WAN2 and WAN3
© 2012 Peplink
• NAT Mode
• All WAN links are in NAT mode
• Traffic goes over a NAT’ed WAN, its source IP will be translated to the IP of corresponding WAN link
• Drop-in Mode:
• Peplink will bridge one of the WAN link and LAN segments
• For other WAN links, they will act as NAT
Difference between Drop-in and NAT
© 2012 Peplink
Peplink Complete VPN Solution
•Build-in PPTP Server
•Proprietary Site-to-Site VPN
• Bonding
• Failover
•Network-to-Network IPsec VPN
© 2012 Peplink
•Key Features
• VPN Bonding
• VPN Failover
• Built-in Automatic Routing Protocol
• 256-bit AES Encryption
• Easy configuration via Web Admin
Peplink Site-to-Site VPN
© 2012 Peplink
• Allows VPN traffic to load balance across multiple
connections (Balance 210/310/380/580/710/1350)
• Two Suggested connection scenarios
Peplink Site-to-Site VPN
Mesh Scenario Star Scenario
© 2012 Peplink
• Aggregate all WAN connections’ bandwidth
• Traffic load balanced at packet level
• Automatic failover during WAN link failure
Peplink Site-to-Site VPN Bonding
© 2012 Peplink
Peplink Site-to-Site VPN Bonding
Subnet A
192.168.50.1
Subnet B
10.10.10.1
1824-ABCD-1234 1824-1234-ABCD
Subnet should be different between two locations
Configuration of Branch A Configuration of Branch B
© 2012 Peplink
•Allows Windows / Mac connect on public Internet to internal LAN natively
PPTP Server
Proprietary and Confidential
© 2012 Peplink
•Authenticate PPTP user via
• Local User Account (Stored in Peplink itself)
• External LDAP Server
• External Radius Server
PPTP Server
Proprietary and Confidential
© 2012 Peplink
Outbound Policy
© 2012 Peplink
• 3 different Outbound Policies
• Rule Based Custom Rules• Seven load balancing algorithms
Outbound Policy
•Click to add/edit custom rules
•Drag and Drop to re-order the priority of rules
Click to delete a custom rule
© 2012 Peplink
• Weighted Balance
• Distribute the traffic across different WAN links based on the weight.
• 10:5:1 means• 10 Sessions (10/16) will be across WAN1
• 5 Sessions (5/16) will be across WAN2
• 1 Session (1/16) will be across WAN3
Outbound Policy
© 2012 Peplink
• Persistence• Make the specified types of traffic to
always be routed through a particular WAN link based on source or destination IP address(es).
• Example usage:
• Secure login session such as HTTPS.
Outbound Policy
© 2012 Peplink
• Enforced• Route the specified traffic through a single
WAN connection/VPN Profile only, regardless of WAN link up/down status.
• Example usage:
• Restricting outbound SMTP traffic to one specific WAN link.
Outbound Policy
© 2012 Peplink
• Priority• Distribute the traffic in the specified order.
• Highest-priority available WAN link/VPN profile will be used first.
• Lower-priority WAN links will be used when higher-priority WAN links become unavailable.
Outbound Policy
© 2012 Peplink
• Overflow• Route the traffic to a lower priority link when the
highest priority link has been congested.
• Least Used• Route the traffic to the most available WAN link
according to download usage.
• Lowest Latency• Route the traffic to the lowest latency WAN link
• Periodic latency checking will be performed to determine the latency
Outbound Policy
© 2012 Peplink
•VPN Connection can be selected as Outbound Connection
•Selected traffic will be routed across VPN Connection with Priority and Enforced Algorithms
Outbound Policy
© 2012 Peplink
Inbound Access
© 2012 Peplink
Inbound Access• Also known as:
Inbound port forwarding /Inbound port address translation
© 2012 Peplink
Web Server
LAN IP: 192.168.1.100
Public IP: 210.10.10.100
• A web server located on LAN with physical private IP 192.168.1.100
• Existing firewall is doing Inbound NAT for 210.10.10.100 to forwardto 192.168.10.100
Inbound Access
© 2012 Peplink
Web Server
LAN IP: 192.168.1.100
Public IP: 210.10.10.100
• To allow access the web server via WAN2 and WAN3,the Inbound Access rules are required.
Inbound Access
© 2012 Peplink
• Network > Inbound Access > Servers
• Network > Inbound Access > Services
Inbound Access
© 2012 Peplink
• Inbound Load Balancing distributes inbound traffic across multiple WAN links by using build-in DNS server.
• Balance DNS server is required to be an authoritative DNS of the domain.• Eg: foobar.com
Inbound Load Balance
© 2012 Peplink
• The DNS query result of www.foobar.com will be
• Name: www.foobar.com
• Addresses: 210.10.10.100, 22.2.2.2, 33.3.3.2
• If ISP2 goes down, the DNS query result will be
• Name: www.foobar.com
• Address: 210.10.10.100, 33.3.3.2
Inbound Load Balance
22.2.2.2
33.3.3.2
210.10.10.100
© 2012 Peplink
•To configure Peplink Balance as Authoritative DNS of the domain. It is required to point the NS record to Peplink in the Domain Registrar (eg: Godaddy.com)
Inbound Load Balance
© 2012 Peplink
•Enable DNS listener
•Create “Default SOA/NS”
DNS Settings
© 2012 Peplink
DNS Settings
•Define “Default SOA/NS Records”
IP of NS should be same as the IP selected in DNS listeners
© 2012 Peplink
•Create domain name “foobar.com”
DNS Settings
© 2012 Peplink
DNS Settings
•Create A Record
Click to Create a new A Record
Enter the host “www”
Select the IP address on multiple WAN links for “www”
© 2012 Peplink
• Allow the IP address mapping of all inbound and outbound NAT’ed traffic to and from an internal client IP address.
One-to-One NAT Mappings
Click to add/edit NAT rules
Click to delete a NAT rules
© 2012 Peplink
NAT Pool• A range of LAN IP address or a LAN subnet can
be mapped to multiple IP public IP address as source IP for their outbound traffic.
© 2012 Peplink
QoS
© 2012 Peplink
•User Group Based Classification
• Manager
• Staff
• Guest
•Add/Edit User Group by
• IP address or Subnet IP
QoS
© 2012 Peplink
• Control Group Reserved Bandwidth• Reserve minimum bandwidth for user groups
• Control Per-user Bandwidth Limit• Define maximum bandwidth for each user of
the groups
QoS
© 2012 Peplink
• Traffic Prioritization for default and custom applications
• 3 Priority levels: ↑High, ━ Normal, and ↓Low
• Support different kinds of applications liked Email, VoIP
• Based on TCP/UDP/IP/DSCP
QoS
© 2012 Peplink
• Manage up to 500 AP One within Peplink Balance• Software Add-on
• Access Point Auto Discovery• Configuration, Firmware Management
• Seamless Roaming of Wi-Fi Device
• Multiple SSIDs
WLAN Controller
Model 380 580 710 1350
Max. Number of AP support 50 100 250 500
© 2012 Peplink
•Four steps to setup the WLAN Controller
1. Enable “AP Management”
2. Define “SSID(s)”
3. Create “AP Profile”
4. Assign “AP Profile” to one or multiple AP One devices
WLAN Controller
Proprietary and Confidential
© 2012 Peplink
• Enable the Access Point Management feature at Network > AP Management.
WLAN Controller
© 2012 Peplink
• Define the SSID in Wireless Network Settings.
WLAN Controller
© 2012 Peplink
• Add a “New AP Profile”
WLAN Controller
© 2012 Peplink
• Enter the AP Profile Name
• Select the Wireless Networks (SSID) which defined in the previous step.
• Please note that you can enable a maximum of four wireless networks.
WLAN Controller
© 2012 Peplink
• Connect your AP One devices to the network containing the Peplink Balance.
• Go back to the Dashboard and click the Change AP Profile button.
WLAN Controller
© 2012 Peplink
• Select the connected/detected AP One devices to which you would like to assign the AP profile. Then select the desired AP profile from the drop-down list.
WLAN Controller
© 2012 Peplink
• Click the Yes button to confirm the change. The selected AP profile will apply to the listed AP One devices immediately.
WLAN Controller
© 2012 Peplink
Hardware High Availability
© 2012 Peplink
• Peplink Balance 210/310/380/580/710/1350 support High Availability via VRRP, Virtual Router Redundancy Protocol:
• A pair of Peplink Balance units work together.
• One unit is Active.
• The other unit is on Stand-by.
Hardware High Availability
© 2012 Peplink
• In the event of Active unit fails:• The Stand-by unit becomes Active.
• New Active unit re-establishesInternet connections.
• Outage is minimized.
Hardware High Availability
© 2012 Peplink
• Each unit has their own LAN IP address and use a same Virtual IP.
• For non-drop-in mode, the VIP will be the default gateway of LAN hosts
• For Drop-in mode, WAN1’s default gateway will be the default gateway of LAN hosts
Hardware High Availability
192.168.1.2
192.168.1.3
VIP:192.168.1.1
Configuring HA for Slave unit
© 2012 Peplink
LAN Bypass
WAN1
LAN1
© 2012 Peplink
• Available in Peplink Balance 580/710/1350
• LAN Bypass is a fault-tolerance feature that protects you in the event of power outage.
• When used with Drop-in Mode, such failure would be completely transparent to the network.
• In the following example, WAN1 and LAN1 ports are bridged together when the power runs out.
LAN Bypass
© 2012 Peplink
Bandwidth Usage Monitoring
© 2012 Peplink
• Show the bandwidth usage statistics
• Three periods of statistics: Real-Time, Daily, Monthly
• Usage will not be shownat the time when devicehad been switched OFF
• Real-Time• Click Show Details to
view the usage of different WAN or typeof traffic
Bandwidth Usage Monitoring
© 2012 Peplink
• Daily• Detailed usage statistics of
ALL WAN with IP Address can be shown by clicking corresponding Date
• A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled
Bandwidth Usage Monitoring
© 2012 Peplink
• Monthly• Detailed usage statistics of
ALL WAN with IP Address can be shown by clicking the first two Month rows
• A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled
Bandwidth Usage Monitoring
© 2012 Peplink
Additional Capabilities
© 2012 Peplink
• E-mail notification:• Send email to user for any WAN up/down event, Site-
to-Site VPN, HA status.
Additional Capabilities
© 2012 Peplink
• Rule-based stateful Firewall:• Support for an unlimited
number of rules.
• Drag and drop user interface
Additional Capabilities
© 2012 Peplink
• Reporting Service
Additional Capabilities
© 2012 Peplink
• Detail description of the issue
• Network Diagram with detail IP address scheme
• Troubleshooting steps that you performed
• Diagnostic Report of related units (eg: S2S VPN)
• Remote Assistance of related units (eg: S2S VPN)
• Send email to “[email protected]”
Contact Support
Proprietary and Confidential
© 2012 Peplink
•Obtain Diagnostic Report via “Status > Device”
Diagnostic Report
Proprietary and Confidential
© 2012 Peplink
• Support Information Page contains • LAN/WAN Ethernet details
• Remote Assistance
• Network Capture
• Realtime information of WAN Health Check
• To access Support Information page,from the Brower URL, change the link• http://<Peplink’s IP>/cgi-bin/MANGA/index.cgi
Additional Support Information
Proprietary and Confidential
© 2012 Peplink
• Support Information Page contains • LAN/WAN Ethernet details
• Remote Assistance
• Network Capture
• Realtime information of WAN Health Check
• To access Support Information page,from the Brower URL, change the link• http://<Peplink’s
IP>/cgi-bin/MANGA/support.cgi
Additional Support Information
Proprietary and Confidential
© 2012 Peplink
Questions and Answers
© 2012 Peplink
Contact Us• Peplink United States Office
800 West El Camino RealMountain View, CA 94040United States
Tel: +1 (866) 463 0129Fax:+1 (866) 625 4664
• Peplink Hong Kong Office
17/F, Park Building476 Castle Peak RoadCheung Sha Wan Hong Kong
Tel: +852 2990 7600 Fax:+852 3007 0588
• Peplink Italy Office
Via Sismondi 50/320133 MilanItaly
Tel: +39 02 8986 6852
• Peplink Saudi Arabia Office
Queen’s Tower 24th Floor, JeddahSaudi Arabia
Tel: +966 504336952
• Peplink South Africa Office
Unit 24, Cambridge Office Park,5 Bauhinia Street,Highveld, Centurion,South Africa
Tel: +27 12 665 5829
• Sales:
http://www.peplink.com/contact/sales/
• Support:
http://www.peplink.com/contact/support/