Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Automated internet failover?
Lias

5575 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

#223246 20-Sep-2017 16:35
Send private message

I know enough about networking to be dangerous (did my CCNA R&S a few years ago) but I'm kind of out of my depth on this one.

 

First scenario:

 

If I have two home internet connections, say UFB and Cable or UFB and Skinny 4g, each connected via a standard ISP supplied router. I want devices on the network to switch to the secondary connection when the primary connection is down? Assume that for <reasons> I can't remove or replace the existing routers. I could conceivably put additional hardware between the network and those two routers, if I did so, what if anything could I put in to automatically route traffic down the primary connection when it's up, detect when it can't reach the internet through that connection and failover to the secondary connection, and flip back when required all automatically.

 

Second scenario:

 

Two business grade UFB connections, each a UFB ONT connected to Cisco ASA, Fortigate, Sonicwall or similar device. Probably each going to a seperate ISP. How do I have fully automated failover like above? Brain says VRRP or similar between the devices, but because they are connected to the ONT via ethernet, I think that as long as that ethernet connection is up, the failover wouldn't kick in? I'm thinking that if we had our own AS and were running BGP we could achieve this, but not 100% sure if that would and would prefer a cheaper option than buying IP's and paying money to APNIC every year anyways :-) The ideal solution should allow for connection A to be the primary connection B for local subnet X and Connection B to the primary connection for local subnet Y, and allow failover either way.

 

Is any of this possible? If so, how :-) 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

Create new topic
chevrolux
4962 posts

Uber Geek
Inactive user


  #1869588 20-Sep-2017 17:21
Send private message

All comes down to routing.

 

Scenario One is kind of crappy and you would hope that you would change the routers. But if you can't you would give each router's LAN an IP address on the same subnet. Have it all connected to the same network. Obviously only one should do DHCP, and the DHCP can hand out what you want your default route to be. If they have come from an ISP then they will both be NAT'ing so that stays as it is. After that, you would just go to your PC and set a static route with a higher metric (for windows anyway, also see terms like distance, weight etc). Then when your default route falls over, the secondary will kick in as your device just follows it's routing table.
Issue with this is it's a pain in the ass to go and set routes manually over all devices. Plus does not help with any inbound traffic unless you did something with dynamic DNS. Outbound DNS could be the issue too (if connections were from different ISP's and those servers were assigned to the client they wouldn't work outside of each network) so maybe a requirement to use 8.8.8.8 across the network too.

 

Scenario Two. Dead simple. Terminate both your WAN's on the router. Set your default route to the preferred WAN's gateway, and then have a second default route with a higher distance/weight/metric pointing to the secondary WAN's gateway. So when WAN 1 goes unreachable, the router will just use the second default route, when WAN 1 comes back online it all goes back to normal. Then your network's DHCP server can just tell clients to use your router as their default route, and the router will figure it out from there. Again, not helpful with inbound connections, but Dyn DNS could help with this.

 

BGP would be the VERY proper way to do this, but as you already pointed out, need to get a ASN, IP space and then a connection and ISP that will support it (don't think it would be possible over standard bitstream 2 products anyway and would need BS3 or higher, not too sure though).

 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
sparkz25
750 posts

Ultimate Geek
Inactive user


  #1869627 20-Sep-2017 17:58
Send private message

check out sophos and set it up as a standby interface,i know you can run 2 sophos firewalls in conjunction with each other so if one dies the other will pick up and carry on, i have had a 2 degrees dongle working as a fail safe on a connection some time ago on sophos but that was a while ago

Jase2985
13410 posts

Uber Geek

ID Verified
Lifetime subscriber

  #1869670 20-Sep-2017 19:00
Send private message

we use a cisco router to do this at work (on a ship), cant remember the model. they arent internet connections but WAN connections  back to the rest of the network ashore.

 

we have fibre, wifi, 3g, low latency satellite, and higher latency satellite (more data) and each has a different cost rating, the router checks each connection and uses the active one with the lowest cost.

 

there is about a 3 minute delay in switching over so that it gives the connections a chance to get back online this stops its continually switching back and forth due to a small drop out.



lxsw20
3508 posts

Uber Geek

Subscriber

  #1869687 20-Sep-2017 19:17
Send private message

We use Cisco Meraki at work and have 2 MX100s in HA. The main firewall will ping various sites every few minutes to see if the connection is live. It's not the best solution out there as it takes a full 5 minutes (!!!) from primary internet failure to fail over to the backup connection. Usually if it fails I go and pull the ethernet from the internet side so it fails over quicker.

 

 

 

https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failover

 

 

 

 

nitrotech
1285 posts

Uber Geek


  #1869779 20-Sep-2017 20:39
Send private message

We use 2 UFB connections and have them on automatic failover using Mikrotik - routing marks on the packets decide which traffic goes out which connection and if one or other goes down it automatically switches to the other connection - I would imagine that MT would be the most cost effective solution for you.

hio77
'That VDSL Cat'
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks
Subscriber

  #1869795 20-Sep-2017 20:50
Send private message

I use pfsense with my two dsl connections.

 

 

 

sessions are marked to use the correct wan, failover for high utilization or port down (PPPoE sessions terminated on box so it knows exactly when PPP is lost)

 

Downtime with this is normally sub 20 seconds however rare to actually have drops in my case.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

vulcannz
436 posts

Ultimate Geek
Inactive user


  #1870092 21-Sep-2017 11:02
Send private message

The Sonicwall has WAN Failover/Load Balancing built in. You simply connect your two ISPs. For failover it can use link failure and/or logical probing (probes up to two upstream targets using either ICMP or TCP). Failover time depends on your failure setting (ie 3 failed probes at 5 second intervals = 15 second failover time).

Create new topic





News and reviews »

New Suunto Run Available in Australia and New Zealand
Posted 13-May-2025 21:00

Cricut Maker 4 Review
Posted 12-May-2025 15:18

Dynabook Launches Ultra-Light Portégé Z40L-N Copilot+PC with Self-Replaceable Battery
Posted 8-May-2025 14:08

Shopify Sidekick Gets a Major Reasoning Upgrade, Plus Free Image Generation
Posted 8-May-2025 14:03

Microsoft Introduces New Surface Copilot+ PCs
Posted 8-May-2025 13:56

D-Link A/NZ launches DWR-933M 4G+ LTE Cat6 Wi-Fi 6 Mobile Hotspot
Posted 8-May-2025 13:49

Synology Expands DiskStation Lineup with DS1825+ and DS1525+
Posted 8-May-2025 13:44

JBL Releases Next Generation Flip 7 and Charge 6
Posted 8-May-2025 13:41

Arlo Unveils All-New PoE Adapter With Enhanced Connectivity
Posted 8-May-2025 13:36

Fujifilm Instax Mini 41 Review
Posted 2-May-2025 10:12

Synology DS925+ Review
Posted 23-Apr-2025 15:00

Synology Announces DiskStation DS925+ and DX525 Expansion Unit
Posted 23-Apr-2025 10:34

JBL Tour Pro 3 Review
Posted 22-Apr-2025 16:56

Samsung 9100 Pro NVMe SSD Review
Posted 11-Apr-2025 13:11

Motorola Announces New Mid-tier Phones moto g05 and g15
Posted 4-Apr-2025 00:00








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac



RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright