1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Networks Effectively managing Dual-WAN

Discussion in 'Hardware' started by Mister_Tad, 24 Mar 2017.

  1. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    I have fairly ropey ADSL and have been exploring different options over the last couple years, and particularly very recently.

    I was delighted yesterday when I discovered that EE offer a 100GB/month 4G home broadband tariff, way up from last time I was looking and the highest was 25GB. I'm then thinking that this was enough, or almost enough, for my normal usage. Turns out my usage for the last 6 months has ranged between 180GB and 220GB... much of which is streaming, so having more speed will lead to a fair bit more consumption - figure 300GB to be safe assuming no change in how the house uses it (which probably isn't a fair assumption).

    So I'm pondering two options now:

    Lazy: Bend over with ball gag in mouth and just deal with it, topping up in £15/10GB increments for usage over 100GB and hope that they introduce a higher tariff or larger top-ups. It's still cheaper than a leased line, but the next option puts me off the lazy route.

    A bit more clever: Keep the fixed line ADSL as "slow and steady" for where it's not an issue, with the 4G for "interactive" use where I'm going to notice.

    What's got me a little bit stumped, is figuring out a way to do this that's not a total PITA to manage sensibly.

    My first thought was to have a separate wireless-only network for the slow/uncapped line and have certain devices use that, where I know that a now-uncongested 3Mbit isn't going to be an issue, and also switch certain devices over to it to download known large files (and just leave overnight) or system updates and such.

    The problem I keep hitting with this approach is that it needs two disparate networks, and there will be devices on one that require access to devices on another. Example: Assigning a Fire stick on an occasional telly to the "tortoise" network would be fine for Netflix/Amazon, but presents a problem when I want to use local media via Plex, and the server is on the other network.

    The other problem is that if the network was wireless only, it only covers half of my house. There's one set of cables running through the house and doubling up really isn't an option (queue massive regret for not doubling up on installation in the first place). My switches can do VLAN stuff which may help, but calling it "VLAN Stuff" should give you an indication as to my prowess in such things.

    I know doing this more sensibly must be possible, but my network knowledge covers only what I need to know and nothing more, and I've not needed to know this before.

    My current kit is: A couple of Asus AC68Us (one main router, one standalone AP), Netgear managed(ish) switches (GS724T, GS108T, GS110TP) fairly evenly distributed throughout the house, a Sky ADSL modem/router (bridge mode) and what would be a Huawei 4G modem/router. I don't mind investing in some new kit in places though.

    There has to be a way to manage things without it being too much effort, surely, I'm just not sure where to start.

    Other: I'll always appreciate suggestions of alternative options, but FTTC, Cable, fixed wireless, satellite and EFM are all non-starters, sadly. Leased line is the only option that comes without caveats, but install costs, monthly costs and the commit period make this a really big pill to swallow.

    There's of course Option 3: Lump it and do my best to carry on as-is. I'd be more comfortable in this if I actually had any sort of indication of when cable or FTTC will be available though - it could be never. If I would have known 4 years ago that it would still be this way now, I would have done something by now
     
    Last edited: 24 Mar 2017
  2. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    14,627
    Likes Received:
    3,458
    What you need to look at is setting default routes on your network, which say "if you're going to Netflix go through the ADSL, if you're going to Tad's Favourite Pr0n Site then go through the 4G line" - which is an entirely solvable problem. The difficult way would be to set things up per-device; the easier way would be to have a central dual-WAN gateway (either off-the-shelf or a low-power PC running the software of your choice) which knows what should go where.

    Then it's just a question of choosing how you want things to work. Your default route could go over the 4G and you could manually specify connections (by destination and/or by port or protocol) that should get bumped down to the slow lane; alternatively, your default route could go over the ADSL and you could manually specify connections that should get bumped up to the fast lane. The latter'll give you more control over how much of your 100GB allowance you're burning through.

    Setting things up via port or protocol will help, too: you could have everything go over ADSL by default but bump all Port 80 and Port 443 traffic to 4G in order to speed up your browsing without knowing exactly *where* you'll be browsing.
     
  3. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    Oh yeah, other quirk I forgot to mention is that the ADSL and the 4G would be coming in to literally opposite corners of the house - but I wonder, in the case of a dual-wan router, if I could carve off a VLAN for the link between router WAN port 1 up to the loft for the 4G?

    All the words and the theory make sense to me... in practice where/how to I actually configure this - in the router or the network?
    I guess that configuring it at device level would mean one WAN or the other, but this isn't entirely an issue - so long as the device has access to local things as well.

    Would it be feasible to set policies based on both source and destination of which WAN to use?

    E.g.
    - Use fast WAN for netflix for Device 1, but slow WAN for netflix for Devices 2, 3, 4.
    - On Device X, use fast WAN for everything except for update.windows.com (or whatever)

    I'm guessing there's a risk with this approach that something changes and I find my bandwidth decimated because a rule didn't catch it, but perhaps a default of slow WAN and explicit rule for fast WAN?

    Head spinning.
     
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    14,627
    Likes Received:
    3,458
    Don't need to mess around with VLANs: just run a nice long Ethernet cable and you're sorted!
    Either at the router/gateway level or on each device individually. The former is very much recommended.
    No, it wouldn't - or it shouldn't. Windows, macOS, and Linux all quite happily support manually-assigned routes. You could even specify the routes through DHCP, so every device automatically knows about which routes to use - though I'd argue doing the decision-making at the gateway is cleaner.
    Absolutely. "If the destination is Netflix, use WAN_A; if the source is IP_Address_Belonging_to_Tad's_Tablet use WAN_B." Naturally, the routes will be read in a particular order: if Tad's Tablet is trying to go to Netflix, it'll go over WAN_A regardless of what the other rule says.
    That's the way I'd do it, especially if I were paying per megabyte!
     
  5. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    You, sir, are a gentleman and a scholar.

    With regards to the running of a cable to the 4G modem - seems a shame to go through all that effort since there's already one there (and sweet jesus, was it a lot of effort for that one), but it's not beyond the realms of possibility. It may transpire that the difference between the bandwidth in the two locations is negligible anyway, so will stick a pin in that one.

    It seems that the rest will be significantly simpler than I initially expected - nice when it works out that way. I've just now had one of the most competitive quotes yet through for a leased line, but whilst the monthly costs aren't too bad, the installation is still the killer - probably would have four years ago if I would have known what I know today, but I'm liking the tortoise/hare option alot better at this point, as I'm pretty sure this setup can give 90% of the benefit in practice if set up properly

    Only one question remains (for now): make or buy?

    I have a spare-ish server that could take on router duties, but my linux know-how is fairly limited. For something that I'm relying on for all internet connectivity, I think I'd lean towards buy, so long as that would give me sufficient flexibility - any suggestions of what to start looking for? Draytek springs to mind as a contender, and Cisco is always up there - I'm guessing there will be models which are suitable for failover setups only though, as opposed to what I need.
     
  6. dinoscothern

    dinoscothern Minimodder

    Joined:
    16 Aug 2010
    Posts:
    132
    Likes Received:
    0
    With Linux you can use something called 'Policy Routing' Its more flexible than assigning different default routes and allows things like port 80 to one router and 443 to another (if you ever wanted something like that). The main downside is that its quite complex and the documentation is weak, so a fair bit of experimentation is required. I used it at work with some multi-homed proxies we had.

    You are probably better going with the previous suggestion: its a lot more straightforward.
     
  7. Margo Baggins

    Margo Baggins I'm good at Soldering Super Moderator

    Joined:
    28 May 2010
    Posts:
    5,650
    Likes Received:
    268
    Any of the dratek's pretty much in the 28 series can do it as they have an ADSL wan and an ethernet wan, and then you can also do all the routing with it.

    they are alright as home routers, throughput on them sucks a bit but it will be beyond the speed of your connections.

    Can use them for fun things too like vpn server and wake on lan.
     
  8. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    How about the 2925? All seems well with Policy based routing... from the screengrabs of the GUI I may even be able to set it up all my myself :lol:

    I'd prefer a dual-ethernet router as opposed to having ASDL onboard, simply so it can remain relevant into the future at such a point when perhaps I no longer need ASDL. I don't mind moving up a tier if it does more for me today and remains relevant into the future.

    WAN throughput on paper is 300Mbit, but in practice seems like it's closer to 150Mbit. Not an issue for the here and now, but if Virgin eventually turn up, it becomes the limiting factor. It seems to be the same with the step-up 2960 as well, any other options you can recommend which might have a bit more sticking power?
     
    Last edited: 24 Mar 2017
  9. Margo Baggins

    Margo Baggins I'm good at Soldering Super Moderator

    Joined:
    28 May 2010
    Posts:
    5,650
    Likes Received:
    268
    yeah they 2925 or 2960 would be fine, and like you say they are dual ethernet. But it does mean you need somethign to dial your pppoa - whatever router your adsl came with might have a modem mode, otherwise it's easy enough to set it up with double NAT. I'm sure you can get cheap modems, Draytek do have one called the 130 which also works with FTTC if that ever happens in your area.

    I had to stop using drayteks at home as my virgin is faster than the throughput of any of the ones I have here. mine are all 28 series. But they are alright and will do what you want.
     
  10. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    What did you switch out to?

    In an ideal world, it would be nice to have something that could handle ~500 real-world Mbit of WAN throughput... not sure how realistic that is. I must say I like the appeal of keeping dual-wan even when some decent fixed-line internet comes my way, to use as a backup.

    But then again if it's the difference between £180 and silly money, it makes a lot more sense to go with the here and now and worry about dealing with >150Mbit if and when. It's a problem I would love to have :(
     
  11. Zoon

    Zoon Hunting Wabbits since the 80s

    Joined:
    12 Mar 2001
    Posts:
    5,417
    Likes Received:
    587
    Consider getting yourself a Meraki MX64. Meraki includes an application layer firewall and QoS policy dynamic routing engine for dual WAN (it is based on Cisco iWAN).

    Instead of having to manually search for IP addresses and stuff, it will instead recognise Netflix, Youtube, or even just "streaming video" as a pre defined network service and you can direct it out of a different WAN port, on a Per user or per IP basis even.

    Plus it has a sparkly web GUI which just works without any need to hack it all together in config files. Less hassle = less effort to support = more of your life back in your hands.
     
  12. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    Whilst that sort of setup is rather appealing, it looks to have the same constraint with WAN throughput as the Draytek - but based on my shopping, reaching future-proof WAN throughput levels isn't going to happen on the right side of a grand anyway, so not really worth it for something that may never come to fruition.

    And am I correct in thinking with Meraki kit, that ~£400 would get me the tin only, with me looking at the same again to actually use it for the next three years?

    Shopping for routers has got me looking at some quad-WAN options as well, since it leaves the option, if I find 100GB is a bit restrictive, of adding another (and another). 3x 100GB 4G packages gets me to 300GB much more cheaply than topping up a single 100GB, with more theoretical speed along the way. I could even mix and match providers with that approach - smash one of three's "all you can eat" packages until they throttle it, then switch over to the EE.

    I feel that properly managing the 100GB will probably do the job... but then I thought my all-in total usage was probably hovering around 100GB to start with... on the fence as to whether it's worth it, or just to go for the minimum that will do the job on the basis that it will be a hell of a lot better than how things are now. Must ponder.

    Speaking of quad-WAN... what's the catch - fundamentally different in some way to Drayteks et al, something that's the same in theory but generally pants, or something that's a genuine bargain?
     
    Last edited: 25 Mar 2017
  13. Zoon

    Zoon Hunting Wabbits since the 80s

    Joined:
    12 Mar 2001
    Posts:
    5,417
    Likes Received:
    587
    Yeah although the license isn't that expensive I think. I dunno what you mean by throughput constrained I have deployed these for 50 person offices with no issues.
     
  14. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    WAN throughput is stated at 250Mbit, so no issue handling ~40/50 of 4G (and 3/0.6 of ADSL :rolleyes: ), but if Virgin ever turns up (we're "in the pipeline", but "on hold"), it's a constraint.

    For something that's £700 for three years, I'd like it to have a bit more sticking power, especially comparing it to a £180 Draytek that will, on the surface of it anyway, do the exact same job, if with a bit more faff.

    I've looked at Meraki stuff before and really liked it, but it's the ongoing licensing that put me off, which for home use, just didn't make sense for me.
     
    Last edited: 25 Mar 2017
  15. Margo Baggins

    Margo Baggins I'm good at Soldering Super Moderator

    Joined:
    28 May 2010
    Posts:
    5,650
    Likes Received:
    268
    I like the meraki kit, but, I don't like the licensing, I think it's OTT for home stuff, unless you are crazy :D

    have you looked at the ubiquiti stuff? http://www.broadbandbuyer.co.uk/products/24895-ubiquiti-usg-pro-4/#content similar in spirit to meraki but no licensing and a lot cheaper.

    annoyingly I can't find realy throughput numbers for the usg p 4 - however, stuff like this is hopeful:

    "Just wanted to post an experience. I switched ISP to AT&T Gigapower 1000MB/S and was getting about 900 MB/S on Speedtest at the AT&T Modem. But when my network was configured with the standard USG as my router, my max speed in my home network downstream of the router was around 500MB/s. When I switched to the USG4 PRO, my home network speed jumped up to 900MB/s. A huge speed jump with the switch to the PRO version."

    Or sonicwall, but to get the throughput you're going to have to spend a fair whack, and again there is subscription licensing for the fancy bits. I have a TZ300 wifi at home at the moment becuase I got it free for doing a training course - but the training course cost money so it wasn't purely free :)
     
    Last edited: 25 Mar 2017
  16. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    Ubitquiti... I've looked at their cameras and APs before, but never this. Will check it out thanks, looks like a good alternative. Rackmount is handy too, I'm out of shelves.

    I may have also pinged a few contacts at Cisco to inquire as to the availability of an... eval license... but I'm assuming they're capped at 30-90 days. I'd certainly never issue a perpetual eval license for my stuff. They deal in the likes of Nexus and UCS et al anyway though, so probably a non-starter.

    More homework for later... must run some errands.
     
  17. Margo Baggins

    Margo Baggins I'm good at Soldering Super Moderator

    Joined:
    28 May 2010
    Posts:
    5,650
    Likes Received:
    268
    You can sometimes blag stuff from meraki, I've had a 3 year NFR license from them before, they used to and might still do the free ap webinar which again comes with a 3 year NFR license. The thing is as everything is tied to your account and cloud managed without a license it's a useless device.
     
  18. Zoon

    Zoon Hunting Wabbits since the 80s

    Joined:
    12 Mar 2001
    Posts:
    5,417
    Likes Received:
    587
    You can add another admin to your account and then simply not use yours anymore though, so it's kinda possible to release them.

    The webinar free kit only works against a work email address, and it's a limit of one per org. Tad works for a fairly big company so it may be a little unlikely that the free one hasn't already gone to someone else :(
     
  19. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    Large and long time BFFs with Cisco no less - so that blag definitely won't work.

    A chap at Cisco just pinged me back saying he tried doing Meraki in his own home with blags and mates rates and didn't get too far, so suggested I look at Ubiquiti :lol:
     
  20. Mister_Tad

    Mister_Tad Will work for nuts Super Moderator

    Joined:
    27 Dec 2002
    Posts:
    13,197
    Likes Received:
    1,448
    I've been doing a bit more homework on and off today, looks like the USG-Pro doesn't have GUI management for policy based routing yet, but it is on their roadmap for H1. The more I read about it, the more it seems like a beta product - they prettied up the ER Pro and put a barebones GUI on top of the CLI, and are building as they go... This isn't a deal breaker, just a bit unfortunate.

    MX64s regularly go on ebay new with 3 year license (i.e. people punting the eval units) for just shy of £400, which may tempt me, but at the same time I begrudge the ones that got an eval for free just to flog it. It turning into a paperweight after three years unless I feed it another £400 is unfortunate too, clearly.

    Sonicwall ongoing licensing isn't as bad as Meraki, but then the hardware seems a bit more spendy, like for like.
     

Share This Page