Tag: SD-WAN

A Guide to Planning Your SD-WAN Setup

Traditional wide-area networks (WANs) have long relied on connectivity methods such as multiprotocol label switching (MPLS) to facilitate data movement across networks. However, these methods are often costly and may not deliver the desired performance. The rise of cloud computing has spurred interest in software-defined wide-area networks (SD-WAN), offering enterprises a more flexible and efficient solution. In this article, we’ll explore the key considerations and steps involved in planning for an effective SD-WAN setup.

Understanding Network Requirements

Before diving into SD-WAN deployment, enterprises must thoroughly plan and design their network architecture. Key considerations include:

  • Network Topology: The physical and logical arrangement of nodes and connections significantly impacts network utility. Properly understanding how traffic flows through the network is essential for efficient placement of SD-WAN gateways.
  • Bandwidth: Determine the required bandwidth based on your business needs. Scalability is crucial – ensure that your SD-WAN solution is appropriately sized to accommodate network traffic.
  • Application Traffic Patterns: Recognize that different applications have varying requirements for latency, bandwidth, and security. Tailor your SD-WAN architecture to meet these specific needs. Consider features such as Load Balancing or Bonding and QoS.

Security Measures

Security is paramount in any network infrastructure. Ensure the confidentiality, integrity, and availability of your business network by thoroughly evaluating the security features of your chosen SD-WAN solution. Note that some solutions offer additional security with add-on licenses. 

Utilize the advanced firewall capabilities that fall in line with your business’s security policies and industry best practices. Seamless integration with existing security infrastructure is important to maintain a consistent level of security across the network. If you need to keep using an existing firewall while implementing new hardware for SD-WAN capabilities, consider using a feature called Drop-In Mode. This is available with Digi and Peplink hardware and would allow you to make use of Failover and Bonding features. 

Deployment Models

Consider how your SD-WAN will be deployed based on your business needs.

  • On-Premises Deployment: Ideal for enterprises with multiple physical locations like branch offices, allowing for in-house management of on-site equipment.
  • Cloud-Based Deployment: Suited for organizations with remote employees, eliminating the need for on-premises equipment and providing secure access for remote users.
  • Hybrid SD-WAN: An optimal solution for businesses supporting both branches and remote employees, combining physical devices at office locations with cloud-based access for remote users.

Feature Implementation

Implement QoS policies to prioritize critical network traffic and ensure a seamless user experience. You can prioritize certain devices, and even applications, as needed by controlling how much bandwidth is provided to each. Additionally, utilize Load Balancing to split LAN connections across different WAN services, which can help alleviate the load on one connection at a time. Or, combine WAN services via Bonding for better performance and uptime.

Testing and Validation

Before implementing SD-WAN in a production environment, run thorough testing and simulations. Conducting real-world testing to simulate network conditions ensures the solution can handle peak traffic loads and diverse application and user types. Testing failover and redundancy mechanisms help maintain network connectivity in case of device or link failures. Some products provide tools for testing network performance, which is typically available via the webUI or a cloud management service. 

Continuous Monitoring and Optimization

Admins can ensure optimal network performance by regularly monitoring network efficiency and making informed decisions for improvement. Cloud managers can assist by supporting automated alerts for critical performance thresholds. This allows admins to act quickly as issues arise. Start by establishing performance baselines to benchmark network performance, which can help identify deviations that require attention. Overall, ensure that you have visibility into all parts of the network, including WAN, LAN, and cloud deployments.

Looking for a SD-WAN Solution? Contact 5Gstore.com!

5Gstore.com has solutions available for any use case. From your home office, to a large enterprise, look no further. We have solutions available from Cradlepoint, Digi, Inseego, Peplink, and Sierra Wireless. Our team of experts are available to assist you Monday thru Friday 9am to 6pm CT at 833-547-8673. You may also reach out to sales@5gstore.com and we will follow up with you ASAP. 

By 5G , , , , ,

Widespread Cellular Outages and the Benefits of Failover

In a surprising turn of events, major cellular carriers AT&T, T-Mobile, and Verizon experienced widespread outages across the United States on Thursday morning. The disruptions left thousands of customers without cellular service and internet connectivity, sparking concerns, especially regarding emergency services. Details sourced from NBC News reveal the extent of the outages and the subsequent responses from the affected companies.

AT&T Takes the Brunt of Outages

AT&T faced the most severe impact, with over 32,000 outages reported at around 4 a.m. ET on Thursday. The number skyrocketed to more than 71,000 just before 8 a.m. ET. Downdetector indicated that major cities such as Houston, Chicago, Dallas, Los Angeles, and Atlanta were the epicenters of the reported issues. The exact cause of the service disruption remains unclear.

T-Mobile and Verizon Experience Lesser Outages

While T-Mobile and Verizon also experienced outages, their scale appeared less widespread compared to AT&T. Around 1,100 T-Mobile outages and approximately 3,000 Verizon outages were reported as of 7 a.m. Thursday. Both companies addressed the situation promptly, assuring customers that their networks were operating normally, and the reported outages may have been a result of customers attempting to connect to other affected carriers.

Company Responses

AT&T acknowledged the issue Thursday morning, stating, “Some of our customers are experiencing wireless service interruptions this morning.” The company assured customers that they were working urgently to restore service and recommended the use of Wi-Fi calling until normal service was resumed. Similarly, Verizon clarified that the outages were not directly impacting their network but were affecting customers trying to reach other carriers experiencing issues. T-Mobile echoed these sentiments, emphasizing that their network was operational.

Emergency Concerns

One of the most alarming aspects of these outages is the potential impact on emergency services. Reports indicate that some customers, particularly those using AT&T, were unable to make or receive phone calls, including emergency calls to 911. The San Francisco Fire Department and various police departments across the country issued warnings, urging affected customers to seek alternative means to contact emergency services.

City Responses

Officials from various cities affected by the outages expressed concern and worked to mitigate the impact on emergency services. Atlanta Mayor Andre Dickens assured the public that Atlanta’s e-911 was operational, but acknowledged that AT&T customers were facing difficulties. Similar statements were issued by emergency management offices in Chicago, Virginia’s Prince William County, and North Carolina’s Charlotte-Mecklenburg.

The Importance of Failover

Problems like this make it apparent that having a backup in place is important. Network diversity via SD-WAN capable routers allow users to have more than one WAN connection available. While this is mainly used for failover purposes, it can also allow for smoother VoIP calls and video meetings, and faster uploads.

Unbreakable VPN and VoIP, faster speeds and smoother calls are possible via a feature typically known as Bonding or WAN Bonding, which combines multiple WAN connections together for one, more reliable connection. So whether you utilize more than one cellular connection, or one cellular and one wired connection (Cable, Satellite, DSL, etc), simple failover or Bonding may be what you need to keep your business running 24/7.

By 5G , , , , , , ,

SASE: Revolutionizing Network Security for the Modern Era

The digital landscape is rapidly changing. The traditional approach to network security is facing new challenges because of this. With the proliferation of cloud services, mobile devices, and the Internet of Things (IoT), enterprises are grappling with the complexities of securing their networks while ensuring seamless connectivity and performance. This is where SASE comes in, but what exactly is this? How does SASE work and why is it important? 

What is SASE?

SASE (pronounced “sass-E”), which stands for Secure Access Service Edge, is an architectural framework that combines network security and wide-area networking (WAN) capabilities into a single, cloud-native solution. This concept was coined by Gartner in 2019 to address the evolving needs of modern digital enterprises. SASE integrates the functions of secure web gateways (SWG), secure sockets layer (SSL) inspection, firewall as a service (FWaaS), cloud access security broker (CASB), and software-defined WAN (SD-WAN) under one umbrella.

At its core, SASE aims to provide secure and optimized access to applications, data, and services regardless of the user’s location, device, or network. It is an identity-driven approach to network security that follows users and devices rather than forcing them to access traditional data centers.

How Does SASE Work? 

Let’s take a closer look at SASE in more simple terms. Imagine you and your friends are planning a big trip to a theme park. You need to get there from your homes, and you also need to have fun once you arrive. In this scenario, think of your journey to the theme park as data traveling from different devices (like phones or computers) to a central server, and having fun at the theme park as accessing different services or resources on the internet.

In the traditional way, when you access the internet or online services, your data takes a long journey, just like having to drive a long distance to the theme park. It goes from your device to your home’s internet router, then through various networks (like your internet provider, other service providers, and the website’s server) before reaching the final destination.

Now, imagine if you had a magical shortcut that instantly teleports you and your friends directly inside the theme park, without going through all the traffic and stops. That’s what SASE does for your data. Instead of following the traditional long route, it takes a super-fast and secure shortcut, so your data can reach its destination (the internet or specific services) quicker and safer.

Key Components of SASE

  • Cloud-Native Architecture: SASE operates as a cloud-native service, taking advantage of the scalability, flexibility, and global reach of cloud infrastructure. This allows for rapid deployment, easy updates, and efficient management.
  • Security as a Service: SASE combines multiple security services, such as secure web gateways, firewalls, and threat detection, into a unified, cloud-delivered model. This approach ensures that all network traffic is inspected and secured, regardless of the user’s location.
  • Software-Defined Networking: SD-WAN is a critical component of SASE, enabling intelligent routing and dynamic traffic management across the network. This ensures that data takes the most efficient and secure path to its destination.
  • Zero Trust Model: SASE adopts the zero-trust security model, assuming that no user or device should be inherently trusted. Instead, every user and device must continuously verify their identity and comply with security policies before accessing resources.
  • Identity-Centric Security: User identity becomes a central element of SASE’s security framework. It allows for granular access controls, based on user context and behavior, ensuring that access is granted only to authorized individuals and devices.

Benefits of SASE

  • Enhanced Security: By consolidating various security functions into a single cloud-delivered service, SASE minimizes security gaps and provides consistent protection across the entire network.
  • Improved Performance: SASE’s intelligent routing capabilities and SD-WAN technology optimize network traffic, leading to improved application performance and reduced latency.
  • Simplified Management: With a cloud-native architecture, organizations can easily deploy and manage SASE, streamlining administrative tasks and reducing operational complexity.
  • Scalability and Flexibility: SASE’s cloud-based nature allows for effortless scaling to accommodate the changing needs of an organization, whether it’s expanding globally or handling varying workloads.
  • Cost-Effective: By eliminating the need for on-premises security hardware and appliances, SASE can potentially reduce infrastructure costs, making it an attractive option for organizations of all sizes.

Challenges and Considerations

While SASE offers numerous benefits, there are some challenges and considerations to be aware of. Firstly, SASE relies heavily on consistent and secure internet connectivity. Organizations must prioritize establishing and maintaining reliable connections to ensure uninterrupted service delivery. Additionally, integrating SASE with existing legacy systems or reshaping current security strategies to align with the zero-trust model can present significant hurdles in terms of both technical implementation and organizational adaptation. With the increasing routing of data through cloud services, organizations must meticulously address concerns surrounding data privacy, compliance with regulations, and adherence to data residency requirements in different regions. 

Another pivotal aspect involves vendor selection; making the right choice among SASE vendors is of paramount importance. Organizations must thoroughly assess potential vendors based on their security capabilities, global presence, and their capacity to effectively fulfill specific and unique business prerequisites. In navigating these challenges and considerations, organizations can harness the true potential of SASE while proactively managing its complexities.

Last Thoughts

SASE represents a paradigm shift in network security and connectivity, offering a comprehensive, cloud-native solution to meet the demands of the modern digital era. As enterprises continue to embrace cloud services and distributed workforces, SASE can provide the necessary tools to secure and optimize access to applications and data, thereby enabling organizations to thrive in an increasingly interconnected world. However, successful implementation requires careful planning, vendor selection, and an in-depth understanding of an organization’s specific needs and goals.

By 5G , , , , , , , , ,

How Can Peplink SpeedFusion Connect VPN Help Me?

As Peplink experts, 5Gstore receives questions everyday about SpeedFusion. What is it? How does it work? How can it help my business? We’ve put this information all in one place to answer some of the most commonly asked questions about this exciting technology. Do you need to know more or want to discuss if a SpeedFusion deployment is right for you? Contact the experts at 5Gstore and we’ll come up with a solution for your business’s unique needs.

What is SpeedFusion?

SpeedFusion is Peplink’s patented technology that powers enterprise grade VPNs. By tapping into the bandwidth of any WAN link – cable, DSL, cellular, etc – SpeedFusion turns your multiple connections into a single bonded connection.

What can SpeedFusion be used for?

SpeedFusion has three technologies designed to address specific problems.

SpeedFusion Hot Failover

In the event of a WAN disconnection, Hot failover will transfer your traffic to another connection while maintaining session persistence. For example, if a WAN connection breaks during a video conference, the video conference can still continue without having to hang up or call again.

5Gstore utilizes SpeedFusion Hot Failover in our day to day operations at our warehouse. Our primary internet connection is a wired Comcast connection, and we use Verizon LTE as our backup connection. We’ve created a SpeedFusion Hot Failover connection and run all of our traffic through that connection. All of our data flows over the wired connection first so we don’t use any unnecessary cellular data, but the instant that the wired connection fails, Hot Failover seamlessly switches all of our traffic to the LTE connection.

A traditional failover or load balancing router would lose all of the network traffic on the internet connection that fails dropping calls with our customers, interfering with our ability to ship products, and preventing us from running our business. Thanks to SpeedFusion Hot Failover, if an internet connection fails, no customer or employee is even aware there was an outage. 5Gstore holds quarterly ‘fire drills’ where we’ll purposely disconnect our primary connection to ensure our systems all function in the event of a real outage.

SpeedFusion WAN Smoothing

WAN Smoothing utilizes intelligent algorithms to fill in connectivity gaps, trading bandwidth for greater connection resiliency. WAN Smoothing minimizes latency and reduces the impact of packet loss. This is useful for times when you need connection reliability and responsiveness more than speed.

WAN Smoothing uses two or more internet connections simultaneously for the purpose of increasing reliability and consistency of a connection. If you can’t afford dropped packets or need minimal latency for applications such as live streaming audio/video, WAN Smoothing makes that possible.

SpeedFusion Bandwidth Bonding

Bandwidth bonding combines data at the packet level, enabling you to combine the speed of more than 18 connections (dependent upon which router model you’re using). This is useful for situations where bandwidth is scarce, such as at a remote site or in a moving vehicle. This technology also enables branch offices to connect to the head office at greater connection speeds.

If you are opening a branch office in a location where internet connectivity is slow or unreliable, Bandwidth Bonding can save the day. By bonding the speeds of multiple DSL lines, offices can experience increased reliability by utilizing multiple connections at once, and aggregate the bandwidth of multiple connections into one faster pipe.

What makes SpeedFusion different from Load Balancing?

Load balancing allows a single router to have multiple active internet connections, however load balancing has its limitations. First, load balancing doesn’t allow a single user to take advantage of the speeds of multiple connections. If you have three 10Mbps DSL lines, all a single user would ever see is 10Mbps. If the internet connection that user is being balanced to drops, that user would lose connectivity completely while the router fails them over to another available connection. VoIP phones would be disconnected, web sessions would sign out, and any downloads in progress would be dropped. Load balancing provides more bandwidth across an entire network, but does NOT combine the speeds of multiple connections or allow for session persistent unbreakable internet connectivity. Only SpeedFusion can provide this!

For some users session persistence is not required and failover between multiple links of a load balancing router is enough. Peplink provides 7 incredibly powerful load balancing algorithms and customizable rules that put you in complete control of network data priorities. Just set your traffic priorities, including VoIP and custom application traffic with a few clicks and let Peplink take care of the load-balancing and optimization details. Peplink load balancing routers support PepVPN instead of SpeedFusion. PepVPN allows a simple VPN connection to other Peplink routers, although without the benefits of SpeedFusion. Branch offices that don’t require SpeedFusion performance can still connect up to a SpeedFusion capable router at the headquarters and still participate in the larger mesh network for remote connectivity.

What is required to create SpeedFusion Connections?

In order to create a SpeedFusion connection you’ll need a minimum of two pieces of Peplink technology with SpeedFusion capabilities. This typically consists of a primary unit, installed at a headquarters or data center location with access to a high speed internet connection, and a second unit that is mobile (in the case of cellular bonding) or installed at a remote or branch office. A SpeedFusion VPN tunnel is created between the two locations, and using the powerful outbound policy settings on the Peplink router, all or specific traffic is routed over the bonded connection.

Let’s use the diagram above to show how SpeedFusion can make VoIP calls unbreakable for a business. The headquarters location has a Balance 710 router installed. Each branch office for the business located across the country gets a Balance router with SpeedFusion capability, spec’d based on the office size and throughput requirements. The remote office routers are easily set up to route all VoIP traffic over the SpeedFusion connection to the main headquarters router. Because each remote office has at least two internet connections, if one connection were to fail, VoIP traffic would seamlessly continue on the second internet connection uninterrupted!

This sounds great, but is SpeedFusion easy to set up?

Yes! SpeedFusion setup takes minutes, compared to the time and effort it takes to configure a typical VPN between multiple sites. Just check out our setup videos here. The Peplink user interface is graphical with easy to understand options. Helpful icons provide more information where it is needed without making deployment a burden.

SpeedFusion deployments are even easier when leveraging InControl 2, Peplink’s cloud based management tool. InControl 2 can automate SpeedFusion deployments for hundreds of sites simultaneously in just a few minutes meaning you don’t have to configure each router individually! InControl 2 is free for the first year with every Peplink router, included with the extended warranty, or a low yearly cost per device.

SpeedFusion and InControl 2 are part of a larger concept called SD-WAN (Software-Defined Wide Area Network), a revolutionary way to approach the simplification of branch office networking and assure optimal application performance by using centrally controlled and managed WAN virtualization. SD-WAN is WAN virtualization, which allows for intelligent, secure, and centrally managed and monitored connectivity. Read more about SD-WAN here.

VPN Feature Comparison

What if I want to take advantage of SpeedFusion but don’t have a second location for a second router?

Simply Bonding

5Gstore has created SimplyBonding for exactly those situations. SimplyBonding uses Speedfusion technology to bond multiple 3G, 4G, DSL, or cable connections into one fast/reliable/unbreakable connection. Utilizing Speedfusion typically requires a Peplink router on both ends of the connection – one at the location where you need the bonded connection, and another at another location with a high-speed internet connection to bond the connections and send the data back to the primary location via VPN. SimplyBonding eliminates the need for this dual-router setup. SimplyBonding requires just ONE router, which will be configured to connect to our hosted service – WE handle the bonding and VPN for you!

SpeedFusion Connect – SpeedFusion Cloud

SpeedFusion Cloud is Peplink’s infrastructure that provides access to a global network of SpeedFusion endpoints and technology without requiring additional hardware. Leverage the global reach of public clouds to ensure that you get the fastest response time and the most reliable connection. Enjoy Bandwidth Bonding, WAN Smoothing, and unbreakable connectivity from any compatible router. There’s no need to invest in core hardware, setting up, or even maintenance. 

FusionHub

Peplink’s FusionHub virtual appliance is much like a virtual router. It is used as an alternative to running SpeedFusion on router hardware. It’s also an alternative to Peplink’s SpeedFusion Cloud service. It’s important to note that unlike a hardware only SpeedFusion connection, a public IP address is not needed. This is because a public IP address can be supplied from the cloud service running the FusionHub appliance. Of the supported cloud services, Amazon Web Services seems to be the most popular, but Peplink supports multiple services.

SpeedFusion Considerations

SpeedFusion Bonding does have limitations that are important to understand before considering a deployment. First, you must have enough bandwidth at the headquarters site, to support the total bandwidth of the remote site(s).

Consider The Speeds On Both Sides of Your SpeedFusion Connection

Example: You have a headquarters location with 50Mbps download, and 10Mbps upload speed. Your remote site has three 10/5 connections. 5 + 5 + 5 = 15 Mbps – 19% = 12.15 Mbps maximum upload speed. The headquarters only has 10 Mbps of upload speed available, so that is your upload capacity for the remote site if you are sending traffic to the internet. You still have the benefits of bonding for reliability, session persistence, and speed, you just can’t use the full capacity of the remote site links due to the bottleneck on the headquarters router connection.

Cellular users should note that bonded cellular connections suffer from “flow control” of TCP traffic at the carrier level, and 5Gstore cannot guarantee that bonding multiple cellular connections will result in faster speeds (however, the other benefits of SpeedFusion bonding remain, such as unbreakable VPN, session persistence, and 100% uptime as long as you have 1 healthy WAN). Cellular users must also consider tower capacity if bonding multiple connections from a single carrier. For the best results, we recommend bonding no more than two of the same carrier’s connections together, favoring bonding multiple networks together instead to ensure the highest availability of bandwidth.

What if I need support or have more questions?

5Gstore provides one year of technical support by phone on every purchase. We also have an extensive online support portal which includes manufacturer user manuals and documentation, along with 5Gstore created tip-sheets that go over specific features and troubleshooting. We have multiple Peplink Certified Engineers on staff who can help you with every step of your SpeedFusion solution from concept to deployment, and assist with any questions you may have before and after the sale. Contact 5Gstore for more information – give us a call, send an email, or reach out on our chat!

By 5G , , , , , , , , ,

SD-WAN Branch Solutions by Peplink

5G is in our scope! Internet technologies are advancing. Security risks are increasing, along with the number of local and remote connections to manage. Many companies find themselves in a state of urgency to find the best solution, but run into confusion trying to understand what they need and how it will work for them. Not to mention having the adequate support when required. Together with Peplink, 5Gstore can assist your team at every level.

First, familiarize yourself with the terminology. For example…

  • SD-WAN means Software Defined Wide Area Network. This is a virtual Internet connection rather than a physical one coming from the cable or phone company. When you hear about Peplink’s SpeedFusion technology, this would be considered an SD-WAN. SpeedFusion creates one connection from many by establishing a VPN link between 2 or more sites – whether those be physical sites using a Peplink or Pepwave router, or a virtual site like Peplink’s FusionHub or SpeedFusion Cloud service.
  • SaaS stands for Software as a Service. If you’ve used our Remote Power IP Switches, or a security camera such as those from Nest or Amazon, think of the mobile application you use on your phone to access the Switch or Camera. In other words, this is a cloud based application rather than an application you might download onto your computer.
  • Bandwidth Bonding is part of Peplink’s SpeedFusion VPN technology. This can take any WAN connection (Wired, Cellular, or WiFi) and combine the bandwidth speeds, LESS a 19% overhead. For comparison, that’s only about 5% more than the commonly used IPSec VPN. Still, it’s important to note that high latency differences between connections can also affect the overall bonded speeds. Working with our Peplink certified sales and support engineers, we can help provide insight on factors to consider and configurations that could help combat the issues individual WAN connections may be experiencing.
  • Load Balancing, in comparison to bonding, still can utilize all your WAN connections simultaneously. However, it does not combine them together. Instead, it allows devices and types of applications/ traffic to be sent over a specific WAN connection or multiple. If your individual WAN connections are fast and stable enough for certain connections, this could save on cost.
  • Failover and the different types of failover is a good transition here as with load balancing, you do not have session persistence like you would with SpeedFusion Hot Failover. This feature can be used alongside bonding since it’s essentially the base for the other SpeedFusion features (i.e. WAN Smoothing and Bonding).

With all this in mind, even if your company only has a few users, it’s possible your bandwidth and/ or network availability needs will continue to grow with the industry. If you don’t grow with it, your legacy setup could compromise business. This doesn’t have quite as much to do with bandwidth (LTE is still more than enough for some), but more so with security, as hackers continue to find new ways into our devices.

We’ve listed some popular branch solutions as example hardware solutions for your reference below. When needed, contact the experts at 5Gstore and we’ll help guide you through the rest of the process!

Balance SDX

  • Deploy at headquarter or datacenter
  • SpeedFusion VPN provides reliable and fast access to the network resources
  • Modular design offers flexible choices of interchangeable connection interfaces, upgradeable to 5G

MAX HD4 MBX

  • Wireless SD-WAN router with up to 4 bonded LTE connections ensures high performance and 100% uptime in remote branches
  • Access corporate network resources with SpeedFusion VPN in minutes, rather than weeks with wired line

MAX HD2

  • Wireless SD-WAN router with 2 bonded LTE connections for smaller mobile branches
  • Access corporate network resources with SpeedFusion VPN in minutes

MAX Transit Duo

  • Lightweight wireless SD-WAN router with 2 LTE slots for unbreakable connectivity to HQ resources
  • Great for pop-up site or “office in a box” type setup
  • Affordable, easily scalable and manage
By 5G , , , , , , , , , , , ,