See correction below
High-speed WAN links are becoming more common and less expensive, but not necessarily more reliable.
Enter the WAN link aggregators. The ability to link offices with a combination of leased lines and Internet connections makes WAN-link managers and aggregators a great solution for organizations moving from leased lines to Internet connections, or those that need to back up Internet connections. By aggregating multiple private or Internet WAN connections, these devices increase both WAN reliability and throughput.
Two new products, FatPipe Networks’ IPVPN and the FiberLogic OptiQroute 2100 series, enable secure multilink connections among central and branch offices as well as multiple routes to the Internet.
The IPVPN and OptiQroute can create virtual tunnels between sites using leased lines, direct connections, and Internet connections, including T1/E1, T3/E3, DSL, OC-3, ISDN, wireless, cable, and frame relay. Virtually any router can be used, even dialup PST routers.
FatPipe is the veteran of the two vendors, with several years and several products in this space. Each FatPipe product meets very specific needs. FatPipe Warp does WAN connection load balancing, the MPVPN handles multiple frame-relay links, and the IPVPN specializes in handling multiple frame-relay or Internet connections. The IPVPN is priced from $6,500 to $21,000, depending on the WAN link speeds supported and whether or not dual power supplies are included.
FiberLogic is relatively new on the scene. A Taiwanese company with no current U.S. presence, it expects to open a stateside sales office in September. This means support is limited — currently there is no sales or support infrastructure in the United States — but OptiQroute is packed with features that include Web-server load balancing, a firewall, and bandwidth-shaping, all at a very good price. OptiQroute starts at $1,800 for two WAN links, moving to $6,000 for the eight-port model I tested.
Testing focused on verifying functionality as I put the devices through their paces. Both support multiple WAN links, but their 10/100 WAN connections should have no trouble handling any usual WAN connection. The IPVPN is not intended to handle more than T-3 speeds, and is sold based on throughput capacity, which ranges from 2Mbps to 50Mbps.
I simulated WAN links using Shunra Storm, and used two of each device to create multiple links, beginning with two simulated frame-relay (leased-line) links, then one frame relay and one DSL to the Internet, then one frame relay, one DSL line, and one T1. In each case, both devices detected failed connections and rerouted traffic on the still-functioning links. Functionality proved solid, so the choice between IPVPN and OptiQroute came down to cost and feature sets.
The IPVPN is based on a 4U (7.5-inch) industrial chassis, which is normally configured with four 10/100 cards, three for WAN links and one for the internal LAN link. Additional options include GbE and additional links, and other features such as dual power supplies or redundant units.
The IPVPN uses a default IP address to enable initial Web configuration. This means that there’s no need to find a serial cable and use the command line, which makes it easier and faster to set up. The Java-based management console provides a clean, clear interface that is easy to maneuver through, which makes setting the necessary interface information straightforward. Administrators will appreciate the pager or e-mail alerts, traffic monitoring, and speed charting.
Load-balancing algorithms include round robin, quickest response time, policy routing, and “fastest route,” which chooses the fastest route to each client individually. You can also configure a fail-over mode, which uses the only fastest (or cheapest) route unless it fails, and the IPVPN can be configured with two units for automatic fail-over.
SmartDNS, which is necessary for the functionality of the box, selects the fastest line for inbound traffic and provides for inbound IP line fail-over without requiring BGP (Border Gateway Patrol) protocol. To do this, it requires that the ISP DNS server refer DNS queries to the FatPipe device; when queries are received, the appropriate IP address is returned, depending on which WAN connection the request came over.
IPVPN also allows policy routing, which speeds things by allowing outbound traffic to be sent over a specific WAN link, ensuring that traffic to Europe, for instance, is routed through a U.S. ISP rather than through Asia first. The pass-through feature allows incoming traffic sent to any of multiple IP addresses to be sent to a single, actual server; each WAN provider can supply a separate DNS entry for the company Web server, and all traffic will get through properly on the dedicated line.
Reverse mapping has a similar benefit, but works for networks rather than servers by mapping any traffic sent to any defined network to the actual internal network. This mapping simplifies DNS configuration and makes it easier for users to get to the servers they want. (FiberLogic provides similar functionality in the OptiQroute.)
On the security side, FatPipe has MPSec (Multi-Path Security). MPSec is not specifically encryption, but because data is divided across a number of WAN links, traffic interception is much more difficult — all the data is not available on any one link. IPVPN is also compatible with security protocols, including IPsec and SSL.
The IPVPN is an excellent choice for companies migrating from frame-relay to Internet-based WAN links. Because existing networks may already have firewalls, load shapers, and load balancers — or companies may wish to place those features in parts of the network other than the DMZ (demilitarized zone) where the IPVPN is located — its smaller feature set would not be a detriment.
FiberLogic packed functionality into the OptiQroute 2180, including link aggregation, dynamic DNS, Web-server load balancing, a firewall, a VPN server, QoS, bandwidth shaping, and a DHCP server. It supports the OSPF (Open Shortest Path First) protocol and IPsec, allowing incoming IPsec connections as well as encryption between sites. With this larger feature set, the OptiQroute adds many other functions that network managers may or may not want, and may or may not want combined with the WAN Link manager.
Initial configuration is via serial interface. FiberLogic sent three people from Taiwan to be available during configuration, not because the process was difficult (it wasn’t), but because they were determined that nothing untoward happen.
After the initial configuration is set through the serial console, the rest of the configuration can be done via the serial console, Telnet, or the Web server. Like the IPVPN, OptiQroute’s Web interface is well laid out and easy to navigate.
I tested the OptiQroute 2180, which provides algorithms for both inbound and outbound traffic, including static, round robin, weighted round robin, dynamic, fewest connections, fastest connection for a given client, predictive, dynamic ratio, and auto-learning modes.
Configuring the other services, such as the bandwidth shaping, VPN, and others, was reasonably straightforward, although the manual assumes an expert level of telecom and networking experience. On the security side, OptiQroute has MPSec — as does the IPVPN — but throws in additional encryption.
Overall, the OptiQroute family of devices combines a great assortment of features at a fantastic price. If FiberLogic can create a U.S. sales and support structure to match its product, it should be very successful.
Both the IPVPN and OptiQroute devices provide the basic ability to aggregate multiple leased-line or Internet connections among multiple offices at reasonable prices. OptiQroute’s extra features are offset by the lack of U.S. infrastructure, whereas the IPVPN is the latest in a series of proven appliances.
If you’re looking for classic WAN link aggregator and management capabilities, both IPVPN and OptiQroute fill the bill when migrating from leased lines to Internet connections or adding speed and redundancy with multiple connections.
In this review, some of the FatPipe Networks' product details were incorrect. The MPVPN product bonds connections and balances load over multiple VPN tunnels, and IPVPN is also available in a 155Mbps version.
Overall Score (100%)
|Fiber Logic OptiQroute 2180||9.0||8.0||7.0||9.0||8.0||8.0|
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Based on a technique created by a German blogger, here's how to stop wasting hours checking for Windows...
The Swift community offers a host of tools to help power Apple’s soaring programming language
It's all us techies' fault in creating robots and machine intelligence that can do a better job than...
Microsoft-Qualcomm deal puts Windows 10 and Win32 apps on ARM-based PCs, using several techniques