© 2012 Peplink Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. © Peplink. All Rights Reserved. Unauthorized Reproduction

© 2012 Peplink

Break Internet Bandwidth LimitsHigher Speed. Extreme Reliability. Reduced Cost.

© Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited

© 2012 Peplink

• About Peplink Balance

• Internet Link Aggregation & Failover

• LAN/WAN Interface

• Understanding & Setting up Drop-in mode

• Peplink Complete VPN Solution & Site-to-Site VPN

• Outbound Policy and Inbound Access

• Inbound Load Balancing / DNS Settings

• NAT Mappings / NAT Pool / QoS / WLAN Controller

• Hardware High Availability and LAN Bypass

• Bandwidth Usage Monitoring

• Additional Capabilities

• Questions and Answers

Presentation Agenda

© 2012 Peplink

About Peplink Balance

© 2012 Peplink

Balance Series Specifications

Model Balance 20/30 Balance 210/310 Balance 380/580 Balance 710/1350

Target UserPower User/ Home Office

Small BusinessMid-Size Business

Large Enterprise

Recommended Users 1-25 25-150 100-1000 500-5000+

Throughput 100Mbps 100Mbps200Mbps400Mbps

800Mbps1500Mbps

WAN Ports 2/3 2/3 3/5 7/13

USB WAN Support 1 1 1 1

Peplink VPN Bonding Yes Yes Yes

AP Controller Support Coming Soon Coming Soon50

100250500

4

© 2012 Peplink

•Internet Link Load Balancing & Failover

• Session based for Inbound and Outbound

Usage of Peplink Balance

Proprietary and Confidential

© 2012 Peplink

•WAN Bonding

• Packet based load balancing

• Single TCP/IP session can utilize all WAN links

• Using Peplink Site-to-Site VPN technology

Usage of Peplink Balance


© 2012 Peplink

•Outbound

• Access a server on Internet (WAN) side from LAN, and the server returns the web data back to LAN

•Inbound

• A computer from Internet (WAN) access a web server on LAN. The web server returns the data back to Internet client

Idea of Peplink Balance

© 2012 Peplink

•Outbound Load Balancing & Failover

• Controlled by Outbound Policy

• Peplink will distribute the outbound sessions to different WAN links automatically

•Inbound Load Balancing & Failover

• By using build-in authoritative DNS

• The resolution of DNS hostname contains IP addresses of all WAN links

Idea of Peplink Balance

© 2012 Peplink

Internet Link Aggregation & Failover

© 2012 Peplink

• Scenario:• A Peplink Balance unit

• Three 1 Mbps Internet Links

• All links are operational

• Combined bandwidth: 3 Mbps= ISP A + ISP B + ISP C = 1 Mbps + 1 Mbps + 1 Mbps


Local Area Network

© 2012 Peplink

• Scenario:• A Peplink Balance unit

• Three 1 Mbps Internet Links

• One link down: ISP A

• Peplink Balance re-directs traffic over ISP B and ISP C as failover.


Local Area Network

© 2012 Peplink

WAN/LAN Interface

© 2012 Peplink

• DHCP, PPPoE and Static IP Address

• 1 x USB Mobile Connection

WAN

© 2012 Peplink

• WAN link Health Check• Determine whether the ISP link is routable to

Internet.

• Methods: Ping / DNS Lookup / SmartCheck• Ping – issue ICMP PING packets to test connectivity

• DNS Lookup – DNS lookups will be issued to test connectivity with target DNS servers.

• SmartCheck – applies only to USB mobile connection. It is optimized for mobile networks with high traffic latency

WAN

© 2012 Peplink

• Bandwidth Allowance Monitor• Designed for non-unlimited link (eg: Satellite,

3G)

• Alert user when usage hits 75%/95% via Email

• Disconnect when hits 100% allowance

• Selectable billing cycle date

WAN


© 2012 Peplink

• DHCP server

• DHCP reservation

• DHCP Option

• LAN static route

• Local DNS Proxy

• WINS server

LAN

© 2012 Peplink

Drop-in mode

© 2012 Peplink

Drop-in Mode• Before the installation of Peplink Balance:

• The network is connected to the ISPvia a Router outside of the Firewall.

© 2012 Peplink

• Installation Phase 2:

• Additional Internet links are installed.

• Peplink Balance intelligently performs load balance and failover amongthe multiple links.

Drop-in Mode

© 2012 Peplink

• Real-world considerations when installing network devices:

• Re-configuration of components

• Risk isolation

• Back-out strategy

• “Drop-in Mode” - an installation method designed to minimize disruption to the existing network.

Non-disruptive Installation

© 2012 Peplink

Drop-in Mode• Requirement

• An additional IP address is required for Drop-in Mode PeplinkSuch as: 210.10.10.3


210.10.10.2/24

210.10.10.1/24

192.168.1.0/24

© 2012 Peplink

•Network > Interfaces > LAN

Drop-in Mode

© 2012 Peplink


• Pre-configured Peplink Balance is “dropped in” betweenthe Firewall and ISP Router.

• The LAN clients, Firewall, and ISP Router maintain the same configurations.

Drop-in Mode

210.10.10.2/24

210.10.10.3/24210.10.10.1/24

192.168.1.0/24

© 2012 Peplink


• LAN and WAN1 of Peplink uses 210.10.10.3

Drop-in Mode

210.10.10.2/24

210.10.10.3/24210.10.10.1/24

192.168.1.0/24

© 2012 Peplink

210.10.10.2/24

192.168.1.0/24

210.10.10.3/24210.10.10.1/24

Drop-in Mode

22.2.2.1/28

22.2.2.2/28

33.3.3.2/30

33.3.3.1/30


• Configure WAN2 and WAN3

© 2012 Peplink

• NAT Mode

• All WAN links are in NAT mode

• Traffic goes over a NAT’ed WAN, its source IP will be translated to the IP of corresponding WAN link

• Drop-in Mode:

• Peplink will bridge one of the WAN link and LAN segments

• For other WAN links, they will act as NAT

Difference between Drop-in and NAT

© 2012 Peplink

Peplink Complete VPN Solution

•Build-in PPTP Server

•Proprietary Site-to-Site VPN

• Bonding

• Failover

•Network-to-Network IPsec VPN

© 2012 Peplink

•Key Features

• VPN Bonding

• VPN Failover

• Built-in Automatic Routing Protocol

• 256-bit AES Encryption

• Easy configuration via Web Admin

Peplink Site-to-Site VPN

© 2012 Peplink

• Allows VPN traffic to load balance across multiple

connections (Balance 210/310/380/580/710/1350)

• Two Suggested connection scenarios

Peplink Site-to-Site VPN

Mesh Scenario Star Scenario

© 2012 Peplink

• Aggregate all WAN connections’ bandwidth

• Traffic load balanced at packet level

• Automatic failover during WAN link failure

Peplink Site-to-Site VPN Bonding

© 2012 Peplink

Peplink Site-to-Site VPN Bonding

Subnet A

192.168.50.1

Subnet B

10.10.10.1

1824-ABCD-1234 1824-1234-ABCD

Subnet should be different between two locations

Configuration of Branch A Configuration of Branch B

© 2012 Peplink

•Allows Windows / Mac connect on public Internet to internal LAN natively

PPTP Server


© 2012 Peplink

•Authenticate PPTP user via

• Local User Account (Stored in Peplink itself)

• External LDAP Server

• External Radius Server

PPTP Server


© 2012 Peplink

Outbound Policy

© 2012 Peplink

• 3 different Outbound Policies

• Rule Based Custom Rules• Seven load balancing algorithms

Outbound Policy

•Click to add/edit custom rules

•Drag and Drop to re-order the priority of rules

Click to delete a custom rule

© 2012 Peplink

• Weighted Balance

• Distribute the traffic across different WAN links based on the weight.

• 10:5:1 means• 10 Sessions (10/16) will be across WAN1

• 5 Sessions (5/16) will be across WAN2

• 1 Session (1/16) will be across WAN3

Outbound Policy

© 2012 Peplink

• Persistence• Make the specified types of traffic to

always be routed through a particular WAN link based on source or destination IP address(es).

• Example usage:

• Secure login session such as HTTPS.

Outbound Policy

© 2012 Peplink

• Enforced• Route the specified traffic through a single

WAN connection/VPN Profile only, regardless of WAN link up/down status.

• Example usage:

• Restricting outbound SMTP traffic to one specific WAN link.

Outbound Policy

© 2012 Peplink

• Priority• Distribute the traffic in the specified order.

• Highest-priority available WAN link/VPN profile will be used first.

• Lower-priority WAN links will be used when higher-priority WAN links become unavailable.

Outbound Policy

© 2012 Peplink

• Overflow• Route the traffic to a lower priority link when the

highest priority link has been congested.

• Least Used• Route the traffic to the most available WAN link

according to download usage.

• Lowest Latency• Route the traffic to the lowest latency WAN link

• Periodic latency checking will be performed to determine the latency

Outbound Policy

© 2012 Peplink

•VPN Connection can be selected as Outbound Connection

•Selected traffic will be routed across VPN Connection with Priority and Enforced Algorithms

Outbound Policy

© 2012 Peplink

Inbound Access

© 2012 Peplink

Inbound Access• Also known as:

Inbound port forwarding /Inbound port address translation

© 2012 Peplink

Web Server

LAN IP: 192.168.1.100

Public IP: 210.10.10.100

• A web server located on LAN with physical private IP 192.168.1.100

• Existing firewall is doing Inbound NAT for 210.10.10.100 to forwardto 192.168.10.100

Inbound Access

© 2012 Peplink

Web Server

LAN IP: 192.168.1.100

Public IP: 210.10.10.100

• To allow access the web server via WAN2 and WAN3,the Inbound Access rules are required.

Inbound Access

© 2012 Peplink

• Network > Inbound Access > Servers

• Network > Inbound Access > Services

Inbound Access

© 2012 Peplink

• Inbound Load Balancing distributes inbound traffic across multiple WAN links by using build-in DNS server.

• Balance DNS server is required to be an authoritative DNS of the domain.• Eg: foobar.com

Inbound Load Balance

© 2012 Peplink

• The DNS query result of www.foobar.com will be

• Name: www.foobar.com

• Addresses: 210.10.10.100, 22.2.2.2, 33.3.3.2

• If ISP2 goes down, the DNS query result will be

• Name: www.foobar.com

• Address: 210.10.10.100, 33.3.3.2


22.2.2.2

33.3.3.2

210.10.10.100

© 2012 Peplink

•To configure Peplink Balance as Authoritative DNS of the domain. It is required to point the NS record to Peplink in the Domain Registrar (eg: Godaddy.com)


© 2012 Peplink

•Enable DNS listener

•Create “Default SOA/NS”

DNS Settings

© 2012 Peplink

DNS Settings

•Define “Default SOA/NS Records”

IP of NS should be same as the IP selected in DNS listeners

© 2012 Peplink

•Create domain name “foobar.com”

DNS Settings

© 2012 Peplink

DNS Settings

•Create A Record

Click to Create a new A Record

Enter the host “www”

Select the IP address on multiple WAN links for “www”

© 2012 Peplink

• Allow the IP address mapping of all inbound and outbound NAT’ed traffic to and from an internal client IP address.

One-to-One NAT Mappings

Click to add/edit NAT rules

Click to delete a NAT rules

© 2012 Peplink

NAT Pool• A range of LAN IP address or a LAN subnet can

be mapped to multiple IP public IP address as source IP for their outbound traffic.

© 2012 Peplink

QoS

© 2012 Peplink

•User Group Based Classification

• Manager

• Staff

• Guest

•Add/Edit User Group by

• IP address or Subnet IP

QoS

© 2012 Peplink

• Control Group Reserved Bandwidth• Reserve minimum bandwidth for user groups

• Control Per-user Bandwidth Limit• Define maximum bandwidth for each user of

the groups

QoS

© 2012 Peplink

• Traffic Prioritization for default and custom applications

• 3 Priority levels: ↑High, ━ Normal, and ↓Low

• Support different kinds of applications liked Email, VoIP

• Based on TCP/UDP/IP/DSCP

QoS

© 2012 Peplink

• Manage up to 500 AP One within Peplink Balance• Software Add-on

• Access Point Auto Discovery• Configuration, Firmware Management

• Seamless Roaming of Wi-Fi Device

• Multiple SSIDs

WLAN Controller

Model 380 580 710 1350

Max. Number of AP support 50 100 250 500

© 2012 Peplink

•Four steps to setup the WLAN Controller

1. Enable “AP Management”

2. Define “SSID(s)”

3. Create “AP Profile”

4. Assign “AP Profile” to one or multiple AP One devices

WLAN Controller


© 2012 Peplink

• Enable the Access Point Management feature at Network > AP Management.

WLAN Controller

© 2012 Peplink

• Define the SSID in Wireless Network Settings.

WLAN Controller

© 2012 Peplink

• Add a “New AP Profile”

WLAN Controller

© 2012 Peplink

• Enter the AP Profile Name

• Select the Wireless Networks (SSID) which defined in the previous step.

• Please note that you can enable a maximum of four wireless networks.

WLAN Controller

© 2012 Peplink

• Connect your AP One devices to the network containing the Peplink Balance.

• Go back to the Dashboard and click the Change AP Profile button.

WLAN Controller

© 2012 Peplink

• Select the connected/detected AP One devices to which you would like to assign the AP profile. Then select the desired AP profile from the drop-down list.

WLAN Controller

© 2012 Peplink

• Click the Yes button to confirm the change. The selected AP profile will apply to the listed AP One devices immediately.

WLAN Controller

© 2012 Peplink

Hardware High Availability

© 2012 Peplink

• Peplink Balance 210/310/380/580/710/1350 support High Availability via VRRP, Virtual Router Redundancy Protocol:

• A pair of Peplink Balance units work together.

• One unit is Active.

• The other unit is on Stand-by.


© 2012 Peplink

• In the event of Active unit fails:• The Stand-by unit becomes Active.

• New Active unit re-establishesInternet connections.

• Outage is minimized.


© 2012 Peplink

• Each unit has their own LAN IP address and use a same Virtual IP.

• For non-drop-in mode, the VIP will be the default gateway of LAN hosts

• For Drop-in mode, WAN1’s default gateway will be the default gateway of LAN hosts


192.168.1.2

192.168.1.3

VIP:192.168.1.1

Configuring HA for Slave unit

© 2012 Peplink

LAN Bypass

WAN1

LAN1

© 2012 Peplink

• Available in Peplink Balance 580/710/1350

• LAN Bypass is a fault-tolerance feature that protects you in the event of power outage.

• When used with Drop-in Mode, such failure would be completely transparent to the network.

• In the following example, WAN1 and LAN1 ports are bridged together when the power runs out.

LAN Bypass

© 2012 Peplink

Bandwidth Usage Monitoring

© 2012 Peplink

• Show the bandwidth usage statistics

• Three periods of statistics: Real-Time, Daily, Monthly

• Usage will not be shownat the time when devicehad been switched OFF

• Real-Time• Click Show Details to

view the usage of different WAN or typeof traffic


© 2012 Peplink

• Daily• Detailed usage statistics of

ALL WAN with IP Address can be shown by clicking corresponding Date

• A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled


© 2012 Peplink

• Monthly• Detailed usage statistics of

ALL WAN with IP Address can be shown by clicking the first two Month rows

• A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled


© 2012 Peplink

Additional Capabilities

© 2012 Peplink

• E-mail notification:• Send email to user for any WAN up/down event, Site-

to-Site VPN, HA status.


© 2012 Peplink

• Rule-based stateful Firewall:• Support for an unlimited

number of rules.

• Drag and drop user interface


© 2012 Peplink

• Reporting Service


© 2012 Peplink

• Detail description of the issue

• Network Diagram with detail IP address scheme

• Troubleshooting steps that you performed

• Diagnostic Report of related units (eg: S2S VPN)

• Remote Assistance of related units (eg: S2S VPN)

• Send email to “[email protected]”

Contact Support


© 2012 Peplink

•Obtain Diagnostic Report via “Status > Device”

Diagnostic Report


© 2012 Peplink

• Support Information Page contains • LAN/WAN Ethernet details

• Remote Assistance

• Network Capture

• Realtime information of WAN Health Check

• To access Support Information page,from the Brower URL, change the link• http://<Peplink’s IP>/cgi-bin/MANGA/index.cgi

Additional Support Information


© 2012 Peplink

• Support Information Page contains • LAN/WAN Ethernet details

• Remote Assistance

• Network Capture

• Realtime information of WAN Health Check

• To access Support Information page,from the Brower URL, change the link• http://<Peplink’s

IP>/cgi-bin/MANGA/support.cgi

Additional Support Information


© 2012 Peplink

Questions and Answers

© 2012 Peplink

Contact Us• Peplink United States Office

800 West El Camino RealMountain View, CA 94040United States

Tel: +1 (866) 463 0129Fax:+1 (866) 625 4664

• Peplink Hong Kong Office

17/F, Park Building476 Castle Peak RoadCheung Sha Wan Hong Kong

Tel: +852 2990 7600 Fax:+852 3007 0588

• Peplink Italy Office

Via Sismondi 50/320133 MilanItaly

Tel: +39 02 8986 6852

• Peplink Saudi Arabia Office

Queen’s Tower 24th Floor, JeddahSaudi Arabia

Tel: +966 504336952

• Peplink South Africa Office

Unit 24, Cambridge Office Park,5 Bauhinia Street,Highveld, Centurion,South Africa

Tel: +27 12 665 5829

• Sales:

http://www.peplink.com/contact/sales/

• Support:

http://www.peplink.com/contact/support/

Documents

© 2012 Peplink Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. © Peplink. All Rights Reserved. Unauthorized Reproduction