It’s Email Archaeology…

I have been digging through my email sent items of 2014 doing a review of the projects I have been involved with last year and reminding myself as to all the great partners & companies I have been involved with in that time.

In amongst all of the solution design, network diagrams and sales presentations was an email I sent to a potential new reseller and SpeedFusion service provider for them to review before I met them to discuss working together on their customer projects. It outlined Peplink’s products and technologies for them so they had a sense as to what we bring to the table and what opportunities they could consider us for.

Thought I’d share it here in case anyone finds it useful, and for my own reference (copy and paste is king).. It’s from April 2014.

Our Technology


PepVPN is the underlying proprietary VPN protocol used by our devices. It is IPSec with a management and feature wrapper that makes it very easy to use.

  • Really easy to configure – Get a site to site VPN configured in a few clicks.
  • Secure – 256bit AES by default
  • Automatic Dynamic routing – devices advertise their routes to all other devices in the VPN network.
  • Can tunnel out from behind nearly all firewalls great for those situations where you want a secure connection to the office when you are on the move or temporarily on someone elses network (in a serviced office for example).

You can watch a PepVPN demo video here:

SpeedFusion Bonded VPN

SpeedFusion is our proprietary VPN bonding protocol. This is the technology that allows for packet level failover / WAN bonding  across multiple WAN links between any two of our devices. SpeedFusion uses PepVPN as the underlying VPN protocol and adds a bonding and hot failover feature wrapper across multiple links.

The key SpeedFusion features are:

  • Simplicity – SpeedFusion is easily configured in a couple of clicks no matter how many WANs you are bonding across (up to 13) or their type.
  • Diversity – We support any IP routable connection  on the WAN on any of our devices, so common fixed line services like DSL, Fiber, MPLS as well as Cellular and Satellite broadband can all be used in the bonded connection. We are provider agnostic, so any ISP can be used.
  • Hot-failover – As well as bonding, we can also provide hot-failover. In this configuration, the VPN tunnel is created using any number of WAN links but one or more are identified as higher priority. Only these high priority links will be used actively. If the high priporty WAN links fail then lower priority links are used immediately without the need to wait for a VPN connection to come up. This provides a seamless failover between WAN links so live sessions remain unaffected (a VoIP call in progress will be unaffected). Demo of VPN bonding for VoiP by a customer here
  • Dynamic WAN IPs fully supported – when setting up a SpeedFusion tunnel, one device will actively attempt to contact another to initiate the VPN connection. The device that is actively creating the connection only needs to know one of the IPs (or dynamic DNS names) of one of the WAN links at the remote end. The devices then do a handshake and advertise all of the available WAN links dynamically. This dramatically reduces the amount of configuration required to set up multi bonded WAN  VPN connections.
  • Secure – By default the SpeedFusion VPN connection is encrypted with 256bit AES

Link Load balancing

The core technology behind all of our devices is Link Load balancing. This is session based outbound and inbound load balancing across all available links

Key features:

  • Granular yet easy to configure Outbound load balancing rule sets with up to 7 algorithms
  • weighted, priority, overflow, persistence, least used, lowest latency enforced

More info here

FusionHub – Virtual SpeedFusion Appliance

Designed for ISPs/MSPs and large Enterprises, the Fusionhub SpeedFusion Appliance is a virtual machine that provides SpeedFusion termination in your data centre or cloud. Fusionhub is fully managed from within InControl 2 our cloud management platform (see below).

We have three main applications in mind for Fusionhub:

  1. Used by MSPs (one fusionhub per customer) to provide an MPLS + Shareband alternative for their customers.
  2. Used by ISPs – normally in pairs (for HA) across two POP/datacenters, with multiple customers connecting CPE devices to them for bonding.
  3. Used by individuals. Who can buy a single Peplink physical device and then host a FusionHub in a public cloud for ‘roll your own’ bandwidth bonding (a DIY shareband alternative)

Fusionhub is licensed to one of six levels with limitations on number of remote devices and SpeedFusion throughput varying between licenses:

  • 5 Peers / 50Mbps
  • 100 Peers / 100Mbps
  • 250 Peers/500Mbps
  • 500 Peers/ 1000Mbps
  • 1000 Peers / 2Gbps
  • 2000 Peers/ 4Gbps

It supports Vmware, Xenserver and Virtual Box as the hypervisor. You can also add Deep Packet Inspection as an option for more knowledge/reporting about how your bandwidth is being used.

InControl 2 – Cloud based device management and Monitoring

InControl 2 is a free of charge cloud based platform for device management (the devices just need to be in warranty). This has been designed for MSPs and ISPs, with multi tiered account/device management built in. As an ISP/MSP you can have visibility of all of your customer devices and sell managed services to them.

Overview video:

Key features:

  • Centralised Firmware deployment
  • Automatic SpeedFusion configuration and management
  • Bandwidth and WAN link reporting
  • Centralised Wifi configuration
  • Fleet management & GPS tracking for our GPS enabled routers

Our Own Hardware Development

We design, prototype and develop all of our own hardware designs for all of our devices and so have end to end ownership of all elements of our products from initial concept development through to end product.

There are a number of benefits to this:

  • Focused hardware development – multiwan routers and wifi Aps are all we make.
  • Rapid prototyping – We are continuously developing new hardware products for new markets and opportunities.
  • Support – we know our hardware platforms intimately making the resolution of any support issues straight forward.
  • Integration – We have a holistic approach to product integration. For example our balance routers act as Wifi Controllers for our Access Points and we have Access Points that include cellular modems with pepVPN capability too.
  • Consistency – we have a limited number of primary firmware types for all of our routers. Key builds are one for the Peplink balance routers (enterprise WAN link balancing and SpeedFusion) and the other for our Pepwave Cellular routers. This standardisation across all of our devices makes installing a brand new product for the first time a familiar process.

The real benefit of this is that we can provide a solution for any connectivity issue using the products in our catalogue. Not only typical deployments like enterprise, retail and educational networks but also more peculiar deployments like high speed Wifi AP handoff for high speed trains, cellular enabled APs for agriculture, IP67 rated cellular routers for the Oil and Gas industry & in wall APs for the hospitality industry.


Peplink Balance Routers
These are multi-WAN routers with models that start with 2 WAN ports and go right up to models with 13 WANs.

Full comparison table here: all Balance routers support a USB cellular dongle as an additional WAN (3G/4G/LTE). The Balance One up to the Balance 2500 all support SpeedFusion (apart from the 305 which requires an additional license).

We size the Balance routers for customer deployments based on SpeedFusion Throughput and the number of Peers generally.

The latest Balance One would likely be a good fit as your customer CPE for Dual bonded installations, you would then need to consider the 310, 380 or 580 for bonding 3,3, or 5 WAN links respectively (the 310 and 380 differ in the amount of SpeedFusion bandwidth they can support).


Pepwave MAX Cellular Routers

These are multi-WAN cellular routers, supporting either USB cellular dongles or they come with inbuilt cellular modems.

Full Comparison here

Although perhaps not a first choice for your ISP bonding role, they are well worth mentioning as they allow SpeedFusion bonded VPN anywhere – including locations with no fixed line connectivity. This is great for an emergency site installation / DR, or for in vehicle connectivity.

The MAX 700 / HD2 routers support Dual wired WAN and Wifi as WAN too – so you can pretty much consume any available internet connectivity at any location and create a secure bonded VPN tunnel back to your Head Office or datacentre.

Pepwave AP One Access Points

These are a family of enterprise access points designed to work closely with the Balance and MAX routers with the router in a Wifi controller mode (although they also work independently too of course).

They could be a nice value add to your customers as they can also be centrally managed (via the router – via InControl).

SpeedFusion Bonding as a service

Fusionhub is the intended product for service hosting. As a vm it can be hosted vmware in your own datacentre environment or you can take advantage of existing platform as a service providers. I have personally deployed Fusionhub on as a test and it worked very well.

There are a number of approaches here depending on the customer type and their technical requirements.

Single site / individual users

These can have a small dedicated instance hosted just about anywhere where there is reliable bandwidth. My suggestion would be to offer a managed service that would support them to host their own Fusionhub on something like Elastichosts with them paying a set fee for hosting and your management / support. If you become a white box reseller of elastichosts and another provider (for resilience if needed) like Stratogen then you would have a number of different ways to commercially slice and dice the service.

Larger enterprises – multi site using Peplink products at all their locations but without datacentre grade connectivity at any location.

(Imagine a 3-10 site business moving to the cloud for their apps bonding DSLs at all locations)

These could be hosted in your own datacentre or again on a third party service (like Rackspace,  elastichosts, Stratogen). These customers prefer to spend a little more on SLAs and guaranteed service availability hence the suggestion of a bigger branded (and more expensive) provider like rackspace. A value add would be to give them their own dedicated instance as normal but also provide them with a secondary VPN connection to your own instance as a failover (this failover instance could be shared amongst all of your commercial customers).

Complicated larger Enterprises – fully managed and ring-fenced service, integrating with – but not replacing existing WAN.

For a larger enterprise with an existing established WAN in an industry where you might want to provide a fully managed (temporary) multi site extension to their network, there are again two approaches. Host on your own infrastructure and manage the standard IPSEC vpn connectivity back into their core using your own hardware, or host it with a third party like rackspace.

My preference would be to again host with a pair of third party PaaS companies (for redundancy) and use virtualisation for both Fusionhub and the IPsec routing interconnects (with vyatta, cyberoam, gateprotect  or even pfsense) and have dedicated virtual FusionHub and VPN router appliances for each company/customer.

To learn more about the full Peplink product range visit our website or get in touch via