**WARNING** - Internet offline !!

[AutoFrank 372]

Morning...

I thought I'd try a catchy title to grab peoples attention  

 

My internet dropped out during the night and as a result my alarm clock (HC2 + sonos-api + pushover+weather) didn't go off this morning because of a corner case in my code relating to 'no internet being available'

It was one of the first things I wrote about 2 years ago and is a reasonable easy fix

 

.....but it prompted me to drop a post here.

 

Many of our systems now use a lot of cloud or internet based elements (alexa, tune-in radio, weather, messages, etc)  and it needs to be able to function, at least in part without crashing, when the internet and all associated services are unavailable.

It may be worth checking your code to see that it is resilient and functional when internet services are not available

 

That's all for now 

 

Edited September 26, 2017 by AutoFrank

[Sjekke 87]

On 9/26/2017 at 11:07 PM, akatar said:

youre current setup has 1 router,

 

please enlighting me how to use 2 routers.

 

2 routers meens 2 different gateway ip's on the same network, you can only put 1 gateway adres in the hc2

you can not use the dhcp server on both routers, there can be only one dhcp server on 1 network.

 

note: modem and routers are two different things

 

 

You can go for professional routers with HSRP (Cisco), VRRP, ... but I don't think this affordable in a "home" environment.

 

Personally I would go for a Ubiquiti EdgeRouter Lite ... You have 3 Ethernetports which you can configure how you want ...

 

In this case it would be ....

 

ETH0 = WAN1

ETH1 = WAN2

ETH3 = LAN

Edited September 28, 2017 by Sjekke

[akatar 208]

Same question remains, i own/use an edgerouter pro,

 

multiple modems with one router is no problem, multiple routers is  problem

[MaTi 29]

On 26-9-2017 at 4:31 PM, Sankotronic said:

 

Hi @MaTi,

 

I'm always interested in various solutions. At the moment I have one land line with VDSL 30/5 connection, but I'm thinking to get one over the GSM network that is even faster where I leave. Having this two available I like to know if I can used them in parallel and to have this fail over system in place.

 

So, I will appreciate your effort! Thank you!

Ok, Ill write something toe coming days

On 26-9-2017 at 11:01 PM, Sankotronic said:

Unfortunately I can't. My ISP provider checks MAC address of the router connected so it can't be replaced with another better one. Once I try to ask them to replace it, but they refused to do that so I'm stuck with theirs. Same is with all our ISP's. Some routers MAC address can be changed but then if they find out that I use router not apporved by them I could have more trouble so it is not worth it.

 

You can spoof your MAC address.. If that does not work, they might play around with dhcp options.. It might be tricky, but you can always clone your current device, without them telling.

Get yourself one of these:

Please login or register to see this link.

Then connect using your current ISP hardware, and listen with wireshark to see what happens. Then just clone what your ISP hardware is doing. Just present your own hardware identical as the original hardware is doing.. Provided your new hardware has these options ofcourse I am running pfsense and did this very same excersize to get get it to work for me.. Had to set my dhcp vendor class so it was idential to my isp hardware.. turned out they check on that..

[Sankotronic 2,370]

58 minutes ago, MaTi said:

You can spoof your MAC address.. If that does not work, they might play around with dhcp options.. It might be tricky, but you can always clone your current device, without them telling.

 

Hi @MaTi,

 

I can try, but as I wrote, if they find out I'm in big trouble and I don't have resources they have to fight on court.  

 

1 hour ago, MaTi said:

Get yourself one of these:

Please login or register to see this link.

Then connect using your current ISP hardware, and listen with wireshark to see what happens. Then just clone what your ISP hardware is doing. Just present your own hardware identical as the original hardware is doing.. Provided your new hardware has these options ofcourse I am running pfsense and did this very same excersize to get get it to work for me.. Had to set my dhcp vendor class so it was idential to my isp hardware.. turned out they check on that..

 

Sorry but I don't get it how can I use Throwingstar trap when my router is connected to telephone socket with copper wires? Ok, I can connect it between router and my network but that is other side of the router so I can't listen if there is anything that router sends to other side. Besides I have also internet TV set-top box connected to the router to the port that is programmed only for that and can't be used as normal network connection.

 

But I can try to find on "dark" internet if anyone did something similar. I remember in the past someone found key that set-top box was using to check connection validity and then it was possible to connect computer to receive TV programs even those locked ones, but that didn't last for long of course.

 

[MaTi 29]

The throwing star splits incoming traffic on both ends.. on the lowest level. So it forwards the communication without either side being able to tell it is there and you can hook up your laptop tot he other two sides to listen whats going through.

Your tvsetup is probably just a vlan

[Sjekke 87]

4 hours ago, akatar said:

Same question remains, i own/use an edgerouter pro,

 

multiple modems with one router is no problem, multiple routers is  problem

 

Define problem?

[akatar 208]

i think, i give up

[petergebruers 1,268]

48 minutes ago, akatar said:

i think, i give up

 

I think I understand what you are trying to say... You cannot have two default gateways on a LAN. That is very true. So 2 ordinary routers won't make a "failover network". But interestingly, adding a 3rd device between your 2 routers and your lan might work. Although... that might introduce double-nat issues...

 

To get failover I think there are only a few technologies that can work, but only with specialized devices... As @Sjekke mentioned:

• Cisco HSRP, or more recent and advanced implementations of that protocol. HSRP = "Hot Router Standby Protocol". I saw it once. Keep alive packets are sent between routers (and possibly Cisco switches) and if I remember well, after a relatively short timeout (10 seconds) 1 router takes the identity of the other if the link has failed (i.e. MAC address + other stuff). This kind of setup was not used for internet access, but for WAN links between companies. So you get a lot of control on both sides of the link.
• Load Balancers. I've once read the manual of a device used in a farm of balancers, but I cannot remember the name. It was about 1000 pages and sat in front of a farm of HTTP servers and it took a fair amount of tuning... It connected to a double set of switches and two multi-gigabit symmetrical internet feeds from different providers.
• Specialized routers with mobile network backup. I've never used one. Data over mobile is too expensive...
• Specialized firewalls, like some WatchGuard models. I setup a few redundant WG with redundant links. Last time I used it they had a 1 - 2 minute failover time so not good for some applications.
• DIY linux based firewall/router/load balancer. Never tried one.

I think the Ubuquiti EdgeRouter follows the load balancer principle, judging from this document:

 

Please login or register to see this link.

 

But, as @akatar mentioned, just using 2 routers from different providers, especially products that qualify as "home internet" and not professional internet might prove difficult or impossible t setup. If your internet provider forces you to use their router/modem and their configuration and especially NAT... you might be out of luck. 

 

I only followed the evolution of routing protocols until  about 2012, so maybe now more "open" solutions exists. But I somehow doubt that...

 

If someone could post a working solution, that can handle 2 routers that (both) enforce NAT, DHCP and VLANs (like Telenet Belgium, they have a 10.X.Y.Z subnet on a VLAN to connect to their set top boxes besides the usual 192 for LAN) - I am interested!

 

Edit: credit where credit due... @MaTi already mentioned VLANs!

Edited September 28, 2017 by petergebruers

[Sjekke 87]

7 hours ago, petergebruers said:

 

I think I understand what you are trying to say... You cannot have two default gateways on a LAN. That is very true. So 2 ordinary routers won't make a "failover network". But interestingly, adding a 3rd device between your 2 routers and your lan might work. Although... that might introduce double-nat issues...

 

To get failover I think there are only a few technologies that can work, but only with specialized devices... As @Sjekke mentioned:

• Cisco HSRP, or more recent and advanced implementations of that protocol. HSRP = "Hot Router Standby Protocol". I saw it once. Keep alive packets are sent between routers (and possibly Cisco switches) and if I remember well, after a relatively short timeout (10 seconds) 1 router takes the identity of the other if the link has failed (i.e. MAC address + other stuff). This kind of setup was not used for internet access, but for WAN links between companies. So you get a lot of control on both sides of the link.
• Load Balancers. I've once read the manual of a device used in a farm of balancers, but I cannot remember the name. It was about 1000 pages and sat in front of a farm of HTTP servers and it took a fair amount of tuning... It connected to a double set of switches and two multi-gigabit symmetrical internet feeds from different providers.
• Specialized routers with mobile network backup. I've never used one. Data over mobile is too expensive...
• Specialized firewalls, like some WatchGuard models. I setup a few redundant WG with redundant links. Last time I used it they had a 1 - 2 minute failover time so not good for some applications.
• DIY linux based firewall/router/load balancer. Never tried one.

I think the Ubuquiti EdgeRouter follows the load balancer principle, judging from this document:

 

Please login or register to see this link.

 

But, as @akatar mentioned, just using 2 routers from different providers, especially products that qualify as "home internet" and not professional internet might prove difficult or impossible t setup. If your internet provider forces you to use their router/modem and their configuration and especially NAT... you might be out of luck. 

 

I only followed the evolution of routing protocols until  about 2012, so maybe now more "open" solutions exists. But I somehow doubt that...

 

If someone could post a working solution, that can handle 2 routers that (both) enforce NAT, DHCP and VLANs (like Telenet Belgium, they have a 10.X.Y.Z subnet on a VLAN to connect to their set top boxes besides the usual 192 for LAN) - I am interested!

 

Edit: credit where credit due... @MaTi already mentioned VLANs!

 

@petergebruers Exactly!!! You understand me  What I'm trying to say, is that in my opinion all those special routers in an home environment is overkill. (The VLAN of Telenet (set-up box) doesn't make sense in an double Interconnection since it's Telenet related.) It also seems we can add our own router to our network which isn't the case for @Sankotronic and other members. This a a plus for us. For home routers you need a an extra device between your routers and your LAN like the Edgerouter as I mentioned. @akatar has a EdgeRouter Pro so he should be aware of the high potential of this device.

 

@MaTi Indeed you can work with VLANS and you can play around with Metrics, but you need an device/switch to do this ... = $$$

 

Finally, I see 3 options for Home usage

 

Option 1 : is the one I have. 1 router  + 2 ISP. This can be used by @Sankotronic but  you will have double NAT. @petergebruers my Telenet setup works also like a charm and my NAS is also connected with LACP. I don't want to invest more money in this.

Option 2 : 2 home routers + Edge Lite or equivalent. Double NAT can be an issue

Option 3 : @MaTi solution with Vlan's. But for me, as I understood it, it's the same as using a Edgerouter

 

Overall ... the question is how  much do you want to invest in this. How critical is your Internet. I'm happy with my solution and my internet works most of the time. If you're HC2 stops working ... you can have 5 Internetconnections, but @AutoFrank will still be asleep

 

 

[AutoFrank 372]

56 minutes ago, Sjekke said:

I'm happy with my solution and my internet works most of the time.

 

@Sjekke

 

As am I.. I have a very good 360mb fibre to the home connection that has around 4 nines uptime.

 

It is interesting to see different users approaches with some opting to engineer the greatest amount of redundancy which others opt for simplicity. I tend to be the latter. It reminds me of a story I heard once.

The USA spent many thousands of dollars developing a pen that would write in space during the 1960/70 space program, other countries just used a pencil ....

 

For me if the internet is down, I don't want another internet connection. I want the system to be able to perform the same end goal (in the case wake us up in the morning ) hence my simple solution posted above

 

great discussion btw

 

[MaTi 29]

42 minutes ago, Sjekke said:

Indeed you can work with VLANS and you can play around with Metrics, but you need an device/switch to do this ... = $$$

 

Finally, I see 3 options for Home usage

 

Option 1 : is the one I have. 1 router  + 2 ISP. This can be used by @Sankotronic but  you will have double NAT. @petergebruers my Telenet setup works also like a charm and my NAS is also connected with LACP. I don't want to invest more money in this.

Option 2 : 2 home routers + Edge Lite or equivalent. Double NAT can be an issue

Option 3 : @MaTi solution with Vlan's. But for me, as I understood it, it's the same as using a Edgerouter

 

Overall ... the question is how  much do you want to invest in this. How critical is your Internet. I'm happy with my solution and my internet works most of the time. If you're HC2 stops working ... you can have 5 Internetconnections, but @AutoFrank will still be asleep

 

 

 

Well, what shall I say.. A device capable of doing basic L2 stuff as vlans is not THAT expensive? We all here spend money on zwave actors/sensors, so I think for most the funds needed are not really the issue, albeit I ofcourse can only speak for myself.

 

Anyway, I will write a tuto, but in a nutshell:

 

Consumer routers look fancy nowadays. The bigger and the more antenna's, the better it must be! ..Right?

Well, not really. Inside of your router there's probably less cpu power than the average 1986 Texas Instruments calculator (okay, I am exaggerating a little ), which is fine as basic, simple routing does not need that much power. When you'd like to do the more fun stuff though, like load balancing/IPS(How I love Snort! !)/VPN/etc you will need something better, with specific CPU instuction sets (for example aes-ni support for serious vpn performance).

 

Although there are options, I normally advise people to look at pfsense (

Please login or register to see this link.

Thi is a free routing/firewall solution with all the fancy stuff you will probably ever need. Ofcourse there are alternatives like the edgerouter (pro) and mikrotik, but for these you will need to use CLI, which is too much for some people, as you need to be able to find your way around in OSes like routerOS and Vyatta etc. In pfsense you can work witht he webbrowser interface 99.9% of the time.

 

PFsense works on i386/AMD86/Netgate ADI architecture. This means you can run it on any ordinary PC you might still have laying around. Important is that it should have 2 of more network interfaces which are supported in BSD10. You can easily find/check this online. If we want to make a failover solution, we will ofcourse need 3 or more. Having this said, you could play around with it, using an old PC you still have in your attic, or even on a VM. Once you really start using it as your default router, it might be smarter to switch to something smaller and more energy efficient. For instance, this is what I use myself:

Please login or register to see this link.

Incl a case, SSD, power supply this would cost you around EUR200 I believe.

 

Please allow me to be lazy and share this Youtube link with you, which shows indepth what PFsense is and what it's capabilities are, as well how you get it working. Which really isn't that hard!

 

 

Then, once you are familiar with that, here's some details on pfsense's multiwan capabilities:

Please login or register to see this link.

or... Why not another video on the how to enable:

 

 

Well, that's it for now. Just wanted to point out that there are affordable solutions out there. Ofcourse there are alternatives, but most of them have a way steaper learning curve, with no additional functions one would need (afaik).

Feel free to comment or ask!

 

 

 

 

 

[Sankotronic 2,370]

Hi @petergebruers, @Sjekke, @MaTi,

 

I'm not that much to networking technology, but I though it will not be easy to have two routers work as one with cheap technology for homes. Because I lack knowledge and I'm not following development of this technology I'm always interested to learn from others that know more.

 

So, at the moment what I can have is two routers. One connected to land line I can't change except if I brake the contract with my ISP. Other router I still have to choose and that one will be over GSM. After installation I have two LAN cables coming out from routers and then what is the next step?

 

 

 

[MaTi 29]

Hi Sanko,

 

I need to run, but can you set your current HW into bridging mode that you know of?

I'll check you later

[petergebruers 1,268]

@Sankotronic are you sure you want an automatic failover to a mobile data network? Without fine tuning, a glitch could cause a lot of data to pass via mobile and wouldn't that cost an arm and a leg?

 

 

[Sankotronic 2,370]

21 minutes ago, petergebruers said:

@Sankotronic are you sure you want an automatic failover to a mobile data network? Without fine tuning, a glitch could cause a lot of data to pass via mobile and wouldn't that cost an arm and a leg?

 

 

 

Our ISP's offer some fixed rates so can't go over that and make additional costs. But I want to use that connection since I pay for it, so would be nicer to use them in parallel than just as failover if you know what I mean. For example for about 22€ I can get 4G router with max speed available (up to 100Mbit/s) and 1Tb traffic. After 1Tb speed is lowered down to 1Mbit/s (only during day) but no additional costs charged.

[petergebruers 1,268]

@Sankotronic I get it. In this case, what you need is a "load balancer setup". I do not have any practical experience with that setup since  2012 so unfortunately I cannot help you with this configuration. BTW @MaTi mentioned pfsense and that was the open-source firewall we used for a small number of our customers (the others usally bought WatchGuard, Small businesses, 4 - 50 pcs).  It seems to be alive an kicking so that is good news...

 

Please login or register to see this link.

 

@MaTi can you help him setup a loadbalancer with pfsense?

Edited September 29, 2017 by petergebruers

[mortesan 9]

I have a different approach to the LTE failover solutions. I am normally running on my main router, but when HC2 detects no internet connection for some time I switch OFF my main internet line and ON my LTE backup router, the LTE backup router runs DHCP with same default gateway and same address range as the main router, this results in HC2 having about 3 minutes downtime on remote access before it is up and running on LTE backup link and I get no problems with double NAT and DHCP. HC2 runs on static IP but with 8.8.8.8 as DNS so the DNS is working on both links. 

I have to manually switch back to main internet router, but this is not really a problem, the solution is mainly for when I am away from home and if the power cuts off. LTE, HC2 and Switch is running on UPS. 

 

 

Heres a simplyfied sketch:

Please login or register to see this attachment.

 

The solution described above is a little bit simplified as I am actually running main router also on UPS and there are some managed switches in between to handle different VLANs and the  wireless network. If the main internet connection comes back up after downtime everything else in the house will work ok but HC2 will be sort of isolated on the LTE router until I switch it back to the main link. 

Edited September 29, 2017 by mortesan

[Sjekke 87]

@Sankotronic Quick and dirty based on a ASUS AC88U router. (I'm at the office )

 

Please login or register to see this attachment.

[Sankotronic 2,370]

9 hours ago, MaTi said:

Hi Sanko,

 

I need to run, but can you set your current HW into bridging mode that you know of?

I'll check you later

 

Hi @MaTi,

 

I checked all settings on router but could not find anything for setting it to bridge mode. 

[Bodyart 231]

Hi @Sankotronic,

 

also check, if your provider can do it for you - to set it in bridge mode. I also couldn't do it myself because i couldn't reach thouse settings, but my provider did it. That coul'd also mean that your Wi-Fi will be disabled on the router from your provider.