4

Looking for a way to setup 2 ISPs in failover mode, for both incoming & outgoing traffic, for our small (<100 devices) network.

The leading contender for now seems to be the Peplink Balance 310. However, a reseller I spoke with said it's great for 100% outgoing connectivity, but didn't seem to be confident in its abilities to handle incoming traffic. This is important as we host our own web site, Exchange e-mail, and virtual desktops (RDP).

Do any Peplink owners use this for failover of incoming traffic?

Are there other devices I should be considering? We're currently using a Cisco 1800 series router & ASA 5500 series firewall, with Comcast & T-1 lines (the goal being to replace the T with DSL/FiOS {whenever that becomes availble}).

Price range: ~$1000 - $2500 USD.

Thanks.

Sean O
  • 277

9 Answers9

4

We use an old desktop PC with PFSesne and some dual-head NICs and some regular ADSL routers in Bridged mode, with Virtual IPs for connectivity to our ISP-supplied IPs. And it supports failover of the device as well, for even more redundancy.

Hardware costs were almost 0, but the time taken to configure and set up the device can be high - but that said, it's likely to be that way with whatever load balancer/failover device you get.

Mark Henderson
  • 69,480
2

Vyatta - cheap, fast and simple in configuration if you use Cisco before...

Slav
  • 310
2

I've been looking into solutions for this as well. We are in a similar situation and currently have a T1 and Comcast Business as our two links.

We currently use a Fortigate which supports multiple WAN links. The fail over as far as routing traffic out works great.

Dealing with the problem from the outside I believe is best done with BGP (Border Gateway Protocol) which is the dynamic routing protocol that the internet routers use. Basically this lets your router inform the internet how to route traffic to your subnet. From what I've gathered, hopefully someone will correct me here if I'm wrong, but your router and both your ISPs will have to support BGP. You then have to peer your router with your ISPs routers, called neighbors. Most business class ISP, including Comcast Business, support this but charge an extra monthly fee for this option.

3dinfluence
  • 12,539
2

Did your reseller make specific claims to support the concerns over Peplink's ability to handle Inbound Traffic? Peplink has a built-in authoritative DNS which takes care of the job of distributing incoming user requests. I don't see there is any issue with this approach.

keithchau
  • 43
1

We use an Ecessa Powerlink 60 for a 3 x ISP multi-wan for outbound traffic load balacing and 60Mbps of inbound link redundancy. It simply works and have had 0 down time since then. SNMP monitoring/traps keep us advised of link status. Presales will assist with building your configuration and support is US based and very knowledgeable. No call backs; just give them your serial and verify your account and you are talking with a network engineer.

The built-in authoritative DNS maintains host records with typical TTLs < 30s, for a relatively quick fail over scenario for inbound traffic when the records are changed due to a link failure. Easy and simple to setup. In my experience BGP convergence time typically exceeds 100s, and as previously mentioned, is a complex solution typically utilized by service providers.

The other solution we looked at seriously was Peplink. Old Sonicwall appliances, and new Fortigate, Astaro or the excellent free PfSense all fall down when considering inbound link resilience; only the Fortigate had Authoritative DNS designed with host record changes dependant on link status.

If you need a firewall too, Ecessa has a Shieldlink model with firewall basic functionality. It's nothing to write home about (PfSense is more feature rich and free); it adds $500 to the ~1800 cost of the PL-60.

Mike Pennington
  • 8,437
Cyber7
  • 11
1

I've used a Fatpipe WARP box in the past with its built in dynamic DNS settings, to ensure incoming stuff stays alive as well.

http://www.fatpipeinc.com/warp/index.html

DanBig
  • 11,445
1

I am using Peplink Balance 310 in my company. It handles inbound traffic flawlessly. I use it to route inbound web, email and SIP calls (to an Asterisk server). With its built-in DNS server, I can load balance and fail-over inbound web traffic over three Internet connections. With a short TTL with every DNS record, the failover time is pretty fast.

Considering its robustness and ease of use, I recommend Peplink.

Michael Chan
  • 188
0

Check out the Elfiq product if you have the chance. Simpler and more power. Smarter inbound balancing too - you can do QoS on inbound traffic.

0

We are using SonicWall TZ 170 for over 3 years at least, which supports dual connections for failover. It's cheap and pretty easy to set up. It only cost me $700CA, even back then.

Yes, it can be 100% failover for outgoing traffic. The end users won't even notice the switch between two lines. But it's a bit tricky for incoming. Here is what I did in my office.

For email, set 2 MX records for both IP address with different preference as 10 for main line and 20 for backup. This works extremely well. No email gets bounced back, as long as there is one line working.

For remote access, I provide two URLs to the end user and ask them try one at a time.

For web, we don't host website ourselves. but binding two IP addresses to WWW DNS doesn't seem to be good to me, it's more like for load-balance. I would recommend just hosting it elswhere, unless you have some specific application that runs on it.

Hope it helps.

kentchen
  • 754