I am struggling to find a programmable device that can switch among a few RJ45 sockets for failover functions.
The problem:
I have a LAN where connected devices are connected to the gateway, for the sake of the question, the gateway is 192.168.1.1.
For some reasons the devices connected to the LAN have static IP addresses and the gateway is also "fixed" to 192.168.1.1.
For some other reasons the actual DSL router(s) have all their IP address set as 192.168.1.1.
From time to time[1] the "main" DSL router connection may fail (due to the router itself, its power adapter, ISP, cable, whatever) and I have a "backup" DSL router/modem connected to a separate DSL line and a third one with a (slower, but good enough) 4G SIM.
My current (caveman) manual method is to keep the two backup routers not connected to the network and in case of failure of the main one simply disconnect the RJ45 cable from it and insert it in one of the two backup routers.
There are manual switchboxes that allow switching among 2 or 4 network sockets, example:
http://www.cablesonline.com/abrjswitbox3.html
Using one of them would simplify switching when there is a failure when I am not physically present, as the instructions on the phone would amount to "Rotate the selector to B, if you still have no internet rotate it to C." (as opposed to "Disconnect the yellow cable from the white router and insert it in the back of the blue one, if you still have no internet, disconnect the yellow cable from the blue router and insert it in the back of the smaller white one") .
I know I could use a small router such as the Microtik hEX (RB750gr3):
https://mikrotik.com/product/RB750Gr3
But that would imply that the router gets the 192.168.1.1 and that the three DSL routers get addresses in another range, let's say 192.168.2.1, 192.168.2.2 and 192.168.2.3 (and this change needs to be done on at least one of the routers by the ISP) and, if - for whatever reasons - the Microtik router itself fails I cannot bypass it without changing the gateway on all connected devices (doable, but complex and taking a lot of time) or changing the IP address of the (working) DSL router (which is anyway complex and at least in one case not possible).
The "ideal" solution (in my perverted mind) would be something like the manual switchbox (that knows nothing about IP addresses but simply connects the IN port to the chosen OUT one), but capable of having some sort of failover function and automatically switching to the next RJ45 in case of missing internet connection AND somehow notifying that the main router/modem/connection is down and the router/modem/connection in use is the first or second backup one.
Maybe something like this does actually exist but I cannot find one?
Or there are other possible solutions that you can suggest?
Part two: what you asked for exists. Look for bypass NICs. There's a couple different flavors, but the commonly available pattern is a dual-port NIC, which you run a utility to switch from bypass mode (the two ports are connected via relays, the NICs are disconnected) to regular mode (each port serves one NIC).
If addressing is compatible, you could have three bypass nics, plug one end of each to your switch, the other end to a modem. The selected modem would be in bypass mode, and unselected modems would be in regular mode. (You could also do this with software bridging, only bridge the selected modem). I've had success with silicom bypass NICs, for older models like PEG4BPI, the -SD model is going to be easier to use PEG4BPI-SD has PCI ids set so that standard OS nic drivers will load automatically for the nics, but PEG4BPI has PCI ids set up differently and drivers won't start unless you modify them or can force them. You can actually modify the eeprom and turn a regular into a -SD, with just one bit flip, but that's an ordeal.
A port physical state watch script tends to be better. I don't know what lower end gear has it though, some may even support that as a mode of their "WAN monitoring" instead of actively sending probes. Worst case I know Ubiquiti Edgerouters let you run your own scripts on the Linux base and it'd be a matter of running "primary port up ? remove vlan from backup port and add vlan to primary port : remove vlan from primary port and add vlan to backup port" in a loop every second (there may even be a native feature for it though so check that first).
Linux only has one routing table, so I had to use ebtables, and ipchains (I think?) to mark packets as they came in, and route them back out correctly. It worked well, but I was worried about the long term stability of it.
Then I found out that SonicWall made a box that did failover automatically, and never looked back.
I strongly suspect there is an open source project which does this these days.
Not the case for 20 years+. see "TABLE" in `ip route help` and `ip ro ls table all` to see all the route tables you currently have active... you might not have seen the 'local' routes before
Its good to see you don't have to mark those packets manually any more.
If you want something plug and play, look at Firewalla. I haven’t used it but I heard that it’s so easy “even your parents can set it up”.
First place my mind went for a recommendation - and then discarded for someone w/ their exp level.
I would guess they could set up a pfSense box. Netgate has pretty good online docs. But even after deploying pfSense for 15 years, I still approach CARP (WAN failover) with some trepidation. It doesn't always just go (or stay going).
> look at Firewalla. ... it’s so easy even your parents can set it up"
New to me too. It sounds promising.
Setting all that up with a couple Linux machines would require some networking knowledge, but there are tutorials out there for all the pieces you'd need to put together.
[0] https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Prot... [1] https://www.keepalived.org/
This was a pretty long time ago and these days I'd consider an existing tool like: https://lstein.github.io/Net-ISP-Balance/
I understand (a little) the way multi-WAN routing works, but due to the exposed limitations that cannot work.
The whole problem revolves around the fact that the (hypothetical) device (if it is a sort of router) has an own address of 192.168.1.1 and that it should be able to route/switch to one of the three DSL/4G router/modems each one having the same 192.168.1.1 address.
I am now thinking of a ethernet relay like the ones used in home automation, similar to this one (example):
https://relaypros.com/Relay/Relay/ETHERNET_RELAY_CONTROLLERS
but I read somewhere that it is not a good idea to use the relay contacts on the actual ethernet cable, so I could use one of them to control the power of the three routers/modems, but this would introduce a (bearable, still ...) delay as the routers take some time (tens of seconds, one is particularly slow and takes over a minute) to boot and establish connection.
This handles failover between connections and also aggregates them using MultiPath TCP to maximize bandwidth & overall reliability at the expense of increased data usage and the cost of running a machine somewhere with a decent connection, even a cheap VPS.
I'm using it to aggregate ADSL, Starlink and 4G, resulting in a stable 250mbps/50mbps connection.
We have a pfSense router made by netgate that we can tell our preferences for how to use the WAN connections. We plug them both in and we can tell it to use one as a backup, or use both equally, or with whatever affinity we like.
pfSense can also be installed on any old hardware - I just wanted a tiny silent one with some support because my day job of testing packets for other people seems to be over and the desire has faded to know how it works. (My first router had a cold solder joint and failed ... it was some work to get an RMA through because the Texas power grid, where the company is, was offline for a week when I issued it, but that's life)
Alternatively, you can keep all router links up, NAT their 192.168.1.1 to unique IPs and then have the script change the default route. This setup will allow for checking if previously failed higher priority router regained its connectivity and switching back to it if it did.
As you detailed, the way of working of this hypothetical device is simple enough (maybe too simple) and I thought that something like that existed and I was simply unable to find it.
You'll definitely need to get the one WAN device re-numbered off of 192.168.1.1 and probably all of them should be on unique subnets.
From what I know of Mikrotik, I think it'd be much easier to configure on a Ubiquiti EdgeRouter product (not UniFi or UISP). There are also routers from TP-Link, Peplink, and others that specifically market themselves for multi-WAN and may be easier still to understand/configure.
You can get an edge router X and set up the wan on three of the ports, and set the last port to your gateway. ER-X can do failover WAN automatically.
You can also get rid of the gateway and connect your LAN devices (via a switch) to port 4 of the ERX. Just set its IP to 192.168.1.1. The ERX NAT is pretty fast, but you're on DSL so that probably doesn't matter.
Do you need the gateway box at all?
By "gateway" I meant the IP address set in the various LAN devices for "default gateway" that (for the sake of the question) is set to 192.168.1.1.
Imagine that there is only one device (a PC) on the LAN and one DSL router/modem.
The router/modem (the actual "box") has an address of 192.168.1.1 and the only PC has set as gateway 192.168.1.1.
Now, let's say that there are instead several devices on the lan (all set with default gateway 192.168.1.1) and three DSL routers (that all have address 192.168.1.1 and that cannot be changed) of which only one is connected to the LAN at any given time by physically connecting/disconnecting from the main LAN switch their RJ45 cable (this is the current situation).
Instead of connecting/disconnecting manually the cables, I could put a "switch box" that would allow switching among the three routers cables, that would be something that anyone can be told to do over the phone in case of need.
I was asking if there was something ( a simple device) like that but that could be operated remotely or programmatically.
I presume that almost any router or managed switch (as it has been suggested, probably much better) can put a port in "up" or "down" state, but in the case of a router there would be some IP conflicts.
I could change the IP subnet and default gateway on all devices of LAN to (say) 192.168.0.x and have the "added" router be the default gateway at 192.168.0.1, routing all traffic to 192.168.1.1 (the fixed IP address of the DSL routers) but doing this, in case of failure of the "added" router I would have to change the default gateway on all the connected to LAN devices.
The "managed switch" sounds much better, though still if there was a simpler device it would be preferrable.
I would expect something in the thousands of dollars range, not exactly affordable.
If you’re specifically looking to fail over between router devices… I think the only thing I ever did on that was have multiple exactly the same routers with exactly the same config - one hot and others as spare cold devices on site lying in wait. Not sure I ever used it.
1) "main" router connected to a FTTC line
2) "secondary" router connected to an older (and slower) DSL line
3) "tertiary" router connected via 4G SIM
What I do now is simply take the cable out of the "main" router and connect it to the "secondary" one, and if also this one has no connection (cut cable, it happened three or four times in the last couple of years) connect it to the "tertiary" one.
As said, the issue is only if for whatever reasons I am not there, the A/B/C/D rotary selector box would be a simple solution that anyone present could be instructed to use, while connecting and disconnecting cables can be more difficult to explain over the phone.
The hypothetical device I was looking for would be an automated version of that.
How about plugging all four cables into a managed Ethernet switch, and then tell it to disable the ports you don't want? That'll avoid any IP-layer shenanigans. You will need to have a box somewhere to run the script that pings things and then reconfigures the switch when it decides it's time to failover.
Essentially what I was looking for would be an easily programmable managed switch capable of pinging and switching ports on and off, i.e. a self-contained one.
Maybe something like that can be done with an Arduino or a RaspberryPi or similar small boards, but I was hoping there was something similar already made.
It seems like Mikrotik routerOS (probably also other routers/OS's but I didn't find any evidence about that) through some "magic" tinkering with prerouting/mangle/connection marks:
https://forum.mikrotik.com/viewtopic.php?t=187178
allows addressing from a same router more than one device with the same IP address.
So with two routers in cascade it would be possible (maybe) to use the first as the failover engine (recursive) routing from itself (192.168.1.1) to three different IP addresses (on a different subnet, let's say 172.16.0.0) that are managed by the second router that "routes" 172.16.0.10, 172.16.0.20, 172.16.0.30 to the 192.168.1.1 on ports ether2, ether3 and ether4.
If this works, the two routers can be (in case any of the two fails) by-passed by manually reconnecting cables (to only one of the DSL/4G routers, as it is now) without changing any configuration on the network clients.
Best one to buy for your situation IMO is a Pepwave Balance 20x [1], they are rock solid and specialize in multi-wan with a bunch of options from simple fail over to bonding them all together with vpn tech.
With the Pepwave you could put the 4g sim directly in its modem then get 2 wan licenses and plug the two DSL modems into them and set priorities as needed. Ideally the DSL modems would be in passthrough so you don't double nat but should work either way.
I use one of their routers in my RV and it seamlessly and reliably switches between Starlink via ethernet, 5g cellular and WiFi WAN.
Right now, I've three Internet (kinda bonded) with failover using a TP-Link ER606[2]. Here is a simplified picture[3] that I did on a Saturday night.
My eventual upgrade that is likely to happen is to overhaul the network and move to Ubiquiti[4] and use one of their Edgerouters[5] or at the Dream Machine/Router[6][7] level (if it has the option).
The WAN router is the DHCP provider and all other wi-fi extensions / access points, picks up and distributes the Internet. So, your internets from the ISP supplies to the WAN Router.
1. https://www.mushroomnetworks.com
2. https://www.tp-link.com/us/business-networking/omada-sdn-rou...
3. https://www.instagram.com/p/CUWeopdPVOp/
5. https://store.ui.com/us/en/products/er-x
6. https://store.ui.com/us/en/pro/category/all-unifi-gateway-co...
7. https://store.ui.com/us/en/pro/category/all-unifi-gateway-co...
Honestly, as massive a pain as it might be, manually going through all the sites to make the internal and external network contexts decoupled (I.e. clients not pointing directly at the IP of a single carrier) is going to be a lot more reliable than whatever hacked together solution sounds like a good idea now. Doubly so if you're looking to make that solution itself redundant.
There's a primary network that's connected via ethernet and I can set up a secondary network (in my case, iPhone hotspot) as a backup. https://techcrunch.com/2022/09/28/amazon-expands-eero-line-a...
The advantage of it is that it's quite simple and plug-n-play.
Would that work?
But... you could also set up an OpenWRT router and if you can't configure IPs in non-conflicting way, you could turn particular network interfaces on and off as it's basically a Linux box. Note that most consumer routers compatible with OpenWRT usually have only two network interfaces, even if they have multiple ports for one of them.
Not really affordable, 290 US$:
https://www.vpi.us/network-devices/gigabit-ethernet-switch-1...
