Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Peplink_Balance_Technical_Presentation_2012
Document related concepts
Dynamic Host Configuration Protocol wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Airborne Networking wikipedia , lookup
Net neutrality law wikipedia , lookup
Computer network wikipedia , lookup
Wireless security wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
Deep packet inspection wikipedia , lookup
Wake-on-LAN wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Quality of service wikipedia , lookup
Transcript
Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. © 2012 Peplink © Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited Presentation Agenda • About Peplink Balance • Internet Link Aggregation & Failover • LAN/WAN Interface • Understanding & Setting up Drop-in mode • Peplink Complete VPN Solution & Site-to-Site VPN • Outbound Policy and Inbound Access • Inbound Load Balancing / DNS Settings • NAT Mappings / NAT Pool / QoS / WLAN Controller • Hardware High Availability and LAN Bypass • Bandwidth Usage Monitoring • Additional Capabilities • Questions and Answers © 2012 Peplink About Peplink Balance © 2012 Peplink Balance Series Specifications Model Balance 20/30 Balance 210/310 Balance 380/580 Balance 710/1350 Target User Power User/ Home Office Small Business Mid-Size Business Large Enterprise 1-25 25-150 100-1000 500-5000+ Throughput 100Mbps 100Mbps 200Mbps 400Mbps 800Mbps 1500Mbps WAN Ports 2/3 2/3 3/5 7/13 1 1 1 1 Yes Yes Yes Coming Soon 50 100 250 500 Recommended Users USB WAN Support Peplink VPN Bonding AP Controller Support © 2012 Peplink Coming Soon 4 Usage of Peplink Balance • Internet Link Load Balancing & Failover • Session based for Inbound and Outbound © 2012 Peplink Proprietary and Confidential Usage of Peplink Balance • WAN Bonding • Packet based load balancing • Single TCP/IP session can utilize all WAN links • Using Peplink Site-to-Site VPN technology © 2012 Peplink Proprietary and Confidential Idea of Peplink Balance • Outbound • Access a server on Internet (WAN) side from LAN, and the server returns the web data back to LAN • Inbound • A computer from Internet (WAN) access a web server on LAN. The web server returns the data back to Internet client © 2012 Peplink Idea of Peplink Balance • Outbound Load Balancing & Failover • Controlled by Outbound Policy • Peplink will distribute the outbound sessions to different WAN links automatically • Inbound Load Balancing & Failover • By using build-in authoritative DNS • The resolution of DNS hostname contains IP addresses of all WAN links © 2012 Peplink Internet Link Aggregation & Failover © 2012 Peplink Internet Link Aggregation & Failover • Scenario: • A Peplink Balance unit • Three 1 Mbps Internet Links • All links are operational Local Area Network • Combined bandwidth: 3 Mbps = ISP A + ISP B + ISP C = 1 Mbps + 1 Mbps + 1 Mbps © 2012 Peplink Internet Link Aggregation & Failover • Scenario: • A Peplink Balance unit • Three 1 Mbps Internet Links • One link down: ISP A Local Area Network • Peplink Balance re-directs traffic over ISP B and ISP C as failover. © 2012 Peplink WAN/LAN Interface © 2012 Peplink WAN • DHCP, PPPoE and Static IP Address • 1 x USB Mobile Connection © 2012 Peplink WAN • WAN link Health Check • Determine whether the ISP link is routable to Internet. • Methods: Ping / DNS Lookup / SmartCheck • Ping – issue ICMP PING packets to test connectivity • DNS Lookup – DNS lookups will be issued to test connectivity with target DNS servers. • SmartCheck – applies only to USB mobile connection. It is optimized for mobile networks with high traffic latency © 2012 Peplink WAN • Bandwidth Allowance Monitor • Designed for non-unlimited link (eg: Satellite, 3G) • Alert user when usage hits 75%/95% via Email • Disconnect when hits 100% allowance • Selectable billing cycle date © 2012 Peplink Proprietary and Confidential LAN • DHCP server • DHCP reservation • DHCP Option • LAN static route • Local DNS Proxy • WINS server © 2012 Peplink Drop-in mode © 2012 Peplink Drop-in Mode • Before the installation of Peplink Balance: • The network is connected to the ISP via a Router outside of the Firewall. © 2012 Peplink Drop-in Mode • Installation Phase 2: • Additional Internet links are installed. • Peplink Balance intelligently performs load balance and failover among the multiple links. © 2012 Peplink Non-disruptive Installation • Real-world considerations when installing network devices: • Re-configuration of components • Risk isolation • Back-out strategy • “Drop-in Mode” - an installation method designed to minimize disruption to the existing network. © 2012 Peplink Drop-in Mode • Requirement • An additional IP address is required for Drop-in Mode Peplink Such as: 210.10.10.3 210.10.10.2/24 192.168.1.0/24 © 2012 Peplink Proprietary and Confidential 210.10.10.1/24 Drop-in Mode • Network > Interfaces > LAN © 2012 Peplink Drop-in Mode • Installation Phase 1: • Pre-configured Peplink Balance is “dropped in” between the Firewall and ISP Router. • The LAN clients, Firewall, and ISP Router maintain the same configurations. 210.10.10.1/24 210.10.10.3/24 210.10.10.2/24 192.168.1.0/24 © 2012 Peplink Drop-in Mode • Installation Phase 1: • LAN and WAN1 of Peplink uses 210.10.10.3 210.10.10.1/24 210.10.10.3/24 210.10.10.2/24 192.168.1.0/24 © 2012 Peplink Drop-in Mode • Installation Phase 2: • Configure WAN2 and WAN3 210.10.10.1/24 210.10.10.3/24 210.10.10.2/24 22.2.2.2/28 22.2.2.1/28 33.3.3.2/30 33.3.3.1/30 192.168.1.0/24 © 2012 Peplink Difference between Drop-in and NAT • NAT Mode • All WAN links are in NAT mode • Traffic goes over a NAT’ed WAN, its source IP will be translated to the IP of corresponding WAN link • Drop-in Mode: • Peplink will bridge one of the WAN link and LAN segments • For other WAN links, they will act as NAT © 2012 Peplink Peplink Complete VPN Solution • Build-in PPTP Server • Proprietary Site-to-Site VPN • Bonding • Failover • Network-to-Network IPsec VPN © 2012 Peplink Peplink Site-to-Site VPN • Key Features • VPN Bonding • VPN Failover • Built-in Automatic Routing Protocol • 256-bit AES Encryption • Easy configuration via Web Admin © 2012 Peplink Peplink Site-to-Site VPN • Allows VPN traffic to load balance across multiple connections (Balance 210/310/380/580/710/1350) • Two Suggested connection scenarios Mesh Scenario © 2012 Peplink Star Scenario Peplink Site-to-Site VPN Bonding • Aggregate all WAN connections’ bandwidth • Traffic load balanced at packet level • Automatic failover during WAN link failure © 2012 Peplink Peplink Site-to-Site VPN Bonding Configuration of Branch A 1824-ABCD-1234 Configuration of Branch B 1824-1234-ABCD Subnet A Subnet B 192.168.50.1 10.10.10.1 Subnet should be different between two locations © 2012 Peplink PPTP Server • Allows Windows / Mac connect on public Internet to internal LAN natively © 2012 Peplink Proprietary and Confidential PPTP Server • Authenticate PPTP user via • Local User Account (Stored in Peplink itself) • External LDAP Server • External Radius Server © 2012 Peplink Proprietary and Confidential Outbound Policy © 2012 Peplink Outbound Policy • 3 different Outbound Policies • Rule Based Custom Rules • Seven load balancing algorithms Click •Click to add/edit custom rules •Drag and Drop to re-order the priority of rules © 2012 Peplink to delete a custom rule Outbound Policy • Weighted Balance • Distribute the traffic across different WAN links based on the weight. • 10:5:1 means • 10 Sessions (10/16) will be across WAN1 • 5 Sessions (5/16) will be across WAN2 • 1 Session (1/16) will be across WAN3 © 2012 Peplink Outbound Policy • Persistence • Make the specified types of traffic to always be routed through a particular WAN link based on source or destination IP address(es). • Example usage: • Secure login session such as HTTPS. © 2012 Peplink Outbound Policy • Enforced • Route the specified traffic through a single WAN connection/VPN Profile only, regardless of WAN link up/down status. • Example usage: • Restricting outbound SMTP traffic to one specific WAN link. © 2012 Peplink Outbound Policy • Priority • Distribute the traffic in the specified order. • Highest-priority available WAN link/VPN profile will be used first. • Lower-priority WAN links will be used when higher-priority WAN links become unavailable. © 2012 Peplink Outbound Policy • Overflow • Route the traffic to a lower priority link when the highest priority link has been congested. • Least Used • Route the traffic to the most available WAN link according to download usage. • Lowest Latency • Route the traffic to the lowest latency WAN link • Periodic latency checking will be performed to determine the latency © 2012 Peplink Outbound Policy • VPN Connection can be selected as Outbound Connection • Selected traffic will be routed across VPN Connection with Priority and Enforced Algorithms © 2012 Peplink Inbound Access © 2012 Peplink Inbound Access • Also known as: Inbound port forwarding / Inbound port address translation © 2012 Peplink Inbound Access • A web server located on LAN with physical private IP 192.168.1.100 • Existing firewall is doing Inbound NAT for 210.10.10.100 to forward to 192.168.10.100 Web Server LAN IP: 192.168.1.100 Public IP: 210.10.10.100 © 2012 Peplink Inbound Access • To allow access the web server via WAN2 and WAN3, the Inbound Access rules are required. Web Server LAN IP: 192.168.1.100 Public IP: 210.10.10.100 © 2012 Peplink Inbound Access • Network > Inbound Access > Servers • Network > Inbound Access > Services © 2012 Peplink Inbound Load Balance • Inbound Load Balancing distributes inbound traffic across multiple WAN links by using buildin DNS server. • Balance DNS server is required to be an authoritative DNS of the domain. • Eg: foobar.com © 2012 Peplink Inbound Load Balance • The DNS query result of www.foobar.com will be • Name: www.foobar.com • Addresses: 210.10.10.100, 22.2.2.2, 33.3.3.2 • If ISP2 goes down, the DNS query result will be • Name: www.foobar.com • Address: 210.10.10.100, 33.3.3.2 210.10.10.100 22.2.2.2 33.3.3.2 © 2012 Peplink Inbound Load Balance • To configure Peplink Balance as Authoritative DNS of the domain. It is required to point the NS record to Peplink in the Domain Registrar (eg: Godaddy.com) © 2012 Peplink DNS Settings • Enable DNS listener • Create “Default SOA/NS” © 2012 Peplink DNS Settings • Define “Default SOA/NS Records” IP of NS should be same as the IP selected in DNS listeners © 2012 Peplink DNS Settings • Create domain name “foobar.com” © 2012 Peplink DNS Settings • Create A Record Click to Create a new A Record Enter the host “www” Select the IP address on multiple WAN links for “www” © 2012 Peplink One-to-One NAT Mappings • Allow the IP address mapping of all inbound and outbound NAT’ed traffic to and from an internal client IP address. Click to delete a NAT rules Click to add/edit NAT rules © 2012 Peplink NAT Pool • A range of LAN IP address or a LAN subnet can be mapped to multiple IP public IP address as source IP for their outbound traffic. © 2012 Peplink QoS © 2012 Peplink QoS • User Group Based Classification • Manager • Staff • Guest • Add/Edit User Group by • IP address or Subnet IP © 2012 Peplink QoS • Control Group Reserved Bandwidth • Reserve minimum bandwidth for user groups • Control Per-user Bandwidth Limit • Define maximum bandwidth for each user of the groups © 2012 Peplink QoS • Traffic Prioritization for default and custom applications • 3 Priority levels: ↑High, ━ Normal, and ↓Low • Support different kinds of applications liked Email, VoIP • Based on TCP/UDP/IP/DSCP © 2012 Peplink WLAN Controller • Manage up to 500 AP One within Peplink Balance • Software Add-on • Access Point Auto Discovery • Configuration, Firmware Management • Seamless Roaming of Wi-Fi Device • Multiple SSIDs Model Max. Number of AP support © 2012 Peplink 380 580 710 1350 50 100 250 500 WLAN Controller • Four steps to setup the WLAN Controller 1. Enable “AP Management” 2. Define “SSID(s)” 3. Create “AP Profile” 4. Assign “AP Profile” to one or multiple AP One devices © 2012 Peplink Proprietary and Confidential WLAN Controller • Enable the Access Point Management feature at Network > AP Management. © 2012 Peplink WLAN Controller • Define the SSID in Wireless Network Settings. © 2012 Peplink WLAN Controller • Add a “New AP Profile” © 2012 Peplink WLAN Controller • Enter the AP Profile Name • Select the Wireless Networks (SSID) which defined in the previous step. • Please note that you can enable a maximum of four wireless networks. © 2012 Peplink WLAN Controller • Connect your AP One devices to the network containing the Peplink Balance. • Go back to the Dashboard and click the Change AP Profile button. © 2012 Peplink WLAN Controller • Select the connected/detected AP One devices to which you would like to assign the AP profile. Then select the desired AP profile from the drop-down list. © 2012 Peplink WLAN Controller • Click the Yes button to confirm the change. The selected AP profile will apply to the listed AP One devices immediately. © 2012 Peplink Hardware High Availability © 2012 Peplink Hardware High Availability • Peplink Balance 210/310/380/580/710/1350 support High Availability via VRRP, Virtual Router Redundancy Protocol: • A pair of Peplink Balance units work together. • One unit is Active. • The other unit is on Stand-by. © 2012 Peplink Hardware High Availability • In the event of Active unit fails: • The Stand-by unit becomes Active. • New Active unit re-establishes Internet connections. • Outage is minimized. © 2012 Peplink Hardware High Availability • Each unit has their own LAN IP address and use a same Virtual IP. • For non-drop-in mode, the VIP will be the default gateway of LAN hosts • For Drop-in mode, WAN1’s default gateway will be the default gateway of LAN hosts 192.168.1.3 Configuring HA for Slave unit 192.168.1.2 © 2012 Peplink LAN Bypass LAN1 WAN1 © 2012 Peplink LAN Bypass • Available in Peplink Balance 580/710/1350 • LAN Bypass is a fault-tolerance feature that protects you in the event of power outage. • When used with Drop-in Mode, such failure would be completely transparent to the network. • In the following example, WAN1 and LAN1 ports are bridged together when the power runs out. © 2012 Peplink Bandwidth Usage Monitoring © 2012 Peplink Bandwidth Usage Monitoring • Show the bandwidth usage statistics • Three periods of statistics: Real-Time, Daily, Monthly • Usage will not be shown at the time when device had been switched OFF • Real-Time • Click Show Details to view the usage of different WAN or type of traffic © 2012 Peplink Bandwidth Usage Monitoring • Daily • Detailed usage statistics of ALL WAN with IP Address can be shown by clicking corresponding Date • A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled © 2012 Peplink Bandwidth Usage Monitoring • Monthly • Detailed usage statistics of ALL WAN with IP Address can be shown by clicking the first two Month rows • A selected WAN usage can be shown in billing cycle when the bandwidth allowance monitor of that WAN is enabled © 2012 Peplink Additional Capabilities © 2012 Peplink Additional Capabilities • E-mail notification: • Send email to user for any WAN up/down event, Site-to-Site VPN, HA status. © 2012 Peplink Additional Capabilities • Rule-based stateful Firewall: • Support for an unlimited number of rules. • Drag and drop user interface © 2012 Peplink Additional Capabilities • Reporting Service © 2012 Peplink Contact Support • Detail description of the issue • Network Diagram with detail IP address scheme • Troubleshooting steps that you performed • Diagnostic Report of related units (eg: S2S VPN) • Remote Assistance of related units (eg: S2S VPN) • Send email to “[email protected]” © 2012 Peplink Proprietary and Confidential Diagnostic Report • Obtain Diagnostic Report via “Status > Device” © 2012 Peplink Proprietary and Confidential Additional Support Information • Support Information Page contains • LAN/WAN Ethernet details • Remote Assistance • Network Capture • Realtime information of WAN Health Check • To access Support Information page, from the Brower URL, change the link • http://<Peplink’s IP>/cgi-bin/MANGA/index.cgi © 2012 Peplink Proprietary and Confidential Additional Support Information • Support Information Page contains • LAN/WAN Ethernet details • Remote Assistance • Network Capture • Realtime information of WAN Health Check • To access Support Information page, from the Brower URL, change the link • http://<Peplink’s IP>/cgi-bin/MANGA/support.cgi © 2012 Peplink Proprietary and Confidential Questions and Answers © 2012 Peplink Contact Us • Peplink United States Office • 800 West El Camino Real Mountain View, CA 94040 United States Tel: Fax: • Tel: +27 12 665 5829 Peplink Hong Kong Office Tel: Fax: +852 2990 7600 +852 3007 0588 Peplink Italy Office Via Sismondi 50/3 20133 Milan Italy Tel: • Unit 24, Cambridge Office Park, 5 Bauhinia Street, Highveld, Centurion, South Africa +1 (866) 463 0129 +1 (866) 625 4664 17/F, Park Building 476 Castle Peak Road Cheung Sha Wan Hong Kong • Peplink South Africa Office +39 02 8986 6852 Peplink Saudi Arabia Office Queen’s Tower 24th Floor, Jeddah Saudi Arabia Tel: © 2012 Peplink +966 504336952 • Sales: http://www.peplink.com/contact/sales/ • Support: http://www.peplink.com/contact/support/
