Dual WAN router
I have had a similar question a few years ago and need this is for a different location and I know the hardware has changed since then so I thought I would check in again.
I have a small office with two ISP's. One is the main and the other is for when the main (Comcast) goes out which happens about 4 times a month.
When the main comcast internet goes down, I am just switching the source for the router from the Comcast modem to the secondary.
Attached to the router is a 24 port POE switch that powers 15 polycom VOIP phones, 10 computers and 5 AP's. (yes, that adds up to more than 24 because many of the computers connect to the phone for their internet connection).
So the other issue with this is when I manually change the Modem, I have to power off the POE switch in order to reboot all the phones at once. Wihtout rebooting the phones, they stop working. I am hoping that going to a duel wan router will allow a smoother transition for when the main ISP goes down.
I am looking for recommendations for a new router.
I have a small office with two ISP's. One is the main and the other is for when the main (Comcast) goes out which happens about 4 times a month.
When the main comcast internet goes down, I am just switching the source for the router from the Comcast modem to the secondary.
Attached to the router is a 24 port POE switch that powers 15 polycom VOIP phones, 10 computers and 5 AP's. (yes, that adds up to more than 24 because many of the computers connect to the phone for their internet connection).
So the other issue with this is when I manually change the Modem, I have to power off the POE switch in order to reboot all the phones at once. Wihtout rebooting the phones, they stop working. I am hoping that going to a duel wan router will allow a smoother transition for when the main ISP goes down.
I am looking for recommendations for a new router.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Something like this Cisco? https://www.cisco.com/c/en/us/products/routers/rv345-dual-gigabit-wan-vpn-router/index.html
I am not sure what you can get.
Zywall USG is usable if all interfaces are Ethernet. (Can be PPPoE through a bridging mode modem, if there is PPPoA behind the the modem).
And it should be capable to switch between WAN interfaces. using a dynamic default route and possible specific routes for specific services. (f.e. SMTP is often required from the IP address bound to an address belonging to a specific ISP.)
Cisco probably should be able to be used, i have no experience with those.
Zywall USG is usable if all interfaces are Ethernet. (Can be PPPoE through a bridging mode modem, if there is PPPoA behind the the modem).
And it should be capable to switch between WAN interfaces. using a dynamic default route and possible specific routes for specific services. (f.e. SMTP is often required from the IP address bound to an address belonging to a specific ISP.)
Cisco probably should be able to be used, i have no experience with those.
ASKER
This is only for the internet and VOIP where the VOIP is hosted and not on-premises.
Like i said i have no experience with RV3445 (or likewise routers) or with recent Cisco IOS. That said:
That is all IP traffic. Where VOIP is some specific most probably SIP (UDP and/or TCP) ports. + RTP UDP port range, and "internet" is a bundle of ports (80, 443, 53, and maybe some others like XMPP (Jabber, Whatsapp, ...)).
For the RTP ports a port forward may be configured, maybe specific for each phone. anyway.. It still is about a routing decision.
Packets Either leave on WAN1 or on WAN2 (depending on route, and connection state). Including the source NAT for the right interface.
Automatic failover requires changing the default route to go from a defective interface to a working interface. Routers cope with that al in a different way.
And if for some specific target address an explicit interface is need then that is easy just configure a static route for that one.
(that may require active support on adding/removing routes. or an OS that that takes interface state into the routing decision and setting priorities straight.
Even if THAT auto switches it may still prevent VOIP from working. just because the downed interface will not respond ==> not forward any packet to the phones.
ex. 1.2.3.4 is your PBX 2.3.4.5 is WAN1 6.7.8.9 is WAN2, LAN = 10.10.10.0/24 , the PBX should accept both addresses.
Packet: (10.10.10.1:50123 (ext=123)-> 1.2.3.4:5060) --> goes through WAN1 (2.3.4.5:30123 (ext=123) 1.2.3.4:5060) .... is not registered to 401 returned
Packet (10.10.10.1:50123 (ext=123)-> 1.2.3.4:5060 REGISTER) -- WAN1 -> (2.3.4.5:30123(ext=123) 1.2.3.4:5060 REGISTER) - Phone ext. 123 gets registered. (2.3.4.5, port 30123 get associated with the requested number)
If a DIAL-IN happens for the phone #123, the PBX will send an INVITE PACKET to port 2.3.4.5:30123..., that still needs to live. If WAN1 is up and the UDP nat is still present then to will be forwarded to (10.10.10.1 port 50123).
If WAN1 is down the packet just drops on the floor.
The only way be reachable is to register again. now through WAN2 then the PBX will know another IP address and port are for ext=123.
(UDP nat entries most often times out after a few minutes). So Most phones have support for Keepalive, mosly using an empty SIP packet.
SIP: https://en.wikipedia.org/wiki/Session_Initiation_Protocol
That is all IP traffic. Where VOIP is some specific most probably SIP (UDP and/or TCP) ports. + RTP UDP port range, and "internet" is a bundle of ports (80, 443, 53, and maybe some others like XMPP (Jabber, Whatsapp, ...)).
For the RTP ports a port forward may be configured, maybe specific for each phone. anyway.. It still is about a routing decision.
Packets Either leave on WAN1 or on WAN2 (depending on route, and connection state). Including the source NAT for the right interface.
Automatic failover requires changing the default route to go from a defective interface to a working interface. Routers cope with that al in a different way.
And if for some specific target address an explicit interface is need then that is easy just configure a static route for that one.
(that may require active support on adding/removing routes. or an OS that that takes interface state into the routing decision and setting priorities straight.
Even if THAT auto switches it may still prevent VOIP from working. just because the downed interface will not respond ==> not forward any packet to the phones.
ex. 1.2.3.4 is your PBX 2.3.4.5 is WAN1 6.7.8.9 is WAN2, LAN = 10.10.10.0/24 , the PBX should accept both addresses.
Packet: (10.10.10.1:50123 (ext=123)-> 1.2.3.4:5060) --> goes through WAN1 (2.3.4.5:30123 (ext=123) 1.2.3.4:5060) .... is not registered to 401 returned
Packet (10.10.10.1:50123 (ext=123)-> 1.2.3.4:5060 REGISTER) -- WAN1 -> (2.3.4.5:30123(ext=123) 1.2.3.4:5060 REGISTER) - Phone ext. 123 gets registered. (2.3.4.5, port 30123 get associated with the requested number)
If a DIAL-IN happens for the phone #123, the PBX will send an INVITE PACKET to port 2.3.4.5:30123..., that still needs to live. If WAN1 is up and the UDP nat is still present then to will be forwarded to (10.10.10.1 port 50123).
If WAN1 is down the packet just drops on the floor.
The only way be reachable is to register again. now through WAN2 then the PBX will know another IP address and port are for ext=123.
(UDP nat entries most often times out after a few minutes). So Most phones have support for Keepalive, mosly using an empty SIP packet.
SIP: https://en.wikipedia.org/wiki/Session_Initiation_Protocol
when youre not deep in to the configuration technick. take a sonicwall of fortigate series firewall
connect both wan interfaces. put both interfaces in the wan zone. put the first default route to a metric 10 and the second default route to a metric of 50.
and you will have a full auto failover setup.
dont start with the cisco rv series. there not cisco but linksys, and it was a same that cisco bought this product line.
connect both wan interfaces. put both interfaces in the wan zone. put the first default route to a metric 10 and the second default route to a metric of 50.
and you will have a full auto failover setup.
dont start with the cisco rv series. there not cisco but linksys, and it was a same that cisco bought this product line.
LinkSys was in the same street as Zywall, SonicWall, Fortigate, .. all linux kernel based routers, that was UNTIL they were bought by Cisco, it went downhill from there. (IMHO).
OpenWRT, DD-WRT are derived from the original LinkSys code, DD-WRT in spirit & technology, and maintains the lowest common denominator on all of their platforms.
Where OpenWRT extended it with new technologies while trying to have an as smal as possible core. OpenWRT has a "app-store" with all kinds of extensions including NAS like features, (Turris Omnia / Turris MOX come to mind for this path).
OpenWRT, DD-WRT are derived from the original LinkSys code, DD-WRT in spirit & technology, and maintains the lowest common denominator on all of their platforms.
Where OpenWRT extended it with new technologies while trying to have an as smal as possible core. OpenWRT has a "app-store" with all kinds of extensions including NAS like features, (Turris Omnia / Turris MOX come to mind for this path).
Noci,
precisly what i mean, it consumer stuff with building youre own kernel and things like this.
something youre not looking for in an company, that youre protection from the internet is customized and open source
online available.
nice to use at home, but not for bussines
precisly what i mean, it consumer stuff with building youre own kernel and things like this.
something youre not looking for in an company, that youre protection from the internet is customized and open source
online available.
nice to use at home, but not for bussines
Building your own kernel (and userland) not necessarily is a bad thing, depends on who builds it. Debian, Gentoo, RedHat, Oracle also build such a kernel.
Zywall USG != consumer stuff. Just like Fortigate. More like between the sheet and the napkin.
I have a far better impression of OpenSource like OpenWRT then i have on LinkSys based Cisco stuff. DD-WRT is stuck in the past.
IMHO it is a good thing to NOT depend on some opaque company providing opaque products. You "just have to trust".
Like NSA Enhanced Cisco routers. (impossible for bystanders to verify).
On a side note: many of the "appliances" for firewalls, load balancers, mail filters, PBX, etc. are based on open source software. Kernel, Userland and application. The big difference being that appliance provider also provides a web based management system.
Zywall USG != consumer stuff. Just like Fortigate. More like between the sheet and the napkin.
I have a far better impression of OpenSource like OpenWRT then i have on LinkSys based Cisco stuff. DD-WRT is stuck in the past.
IMHO it is a good thing to NOT depend on some opaque company providing opaque products. You "just have to trust".
Like NSA Enhanced Cisco routers. (impossible for bystanders to verify).
On a side note: many of the "appliances" for firewalls, load balancers, mail filters, PBX, etc. are based on open source software. Kernel, Userland and application. The big difference being that appliance provider also provides a web based management system.
ASKER
I would like to not have to get into building something from scratch, that is over my head. I don't fully understand what Benjamin is saying here, "...connect both wan interfaces. put both interfaces in the wan zone. put the first default route to a metric 10 and the second default route to a metric of 50. "
This is for a small office and getting by with a Nighthawk R7000 and Cisco 24 port POE switch.
I am hoping to find something in the $300ish range. Not scared of going a little higher up to $500. As of now, we don't have Gig speed available and I think the speed at the modem from the main ISP is 150Mbs and the fail over is 40Mbs. Hopefully in the future we can get access to gig speed but for now this works. Also, the users can't really tell the difference between the 150Mbs and 40Mbs speed.
This is for a small office and getting by with a Nighthawk R7000 and Cisco 24 port POE switch.
I am hoping to find something in the $300ish range. Not scared of going a little higher up to $500. As of now, we don't have Gig speed available and I think the speed at the modem from the main ISP is 150Mbs and the fail over is 40Mbs. Hopefully in the future we can get access to gig speed but for now this works. Also, the users can't really tell the difference between the 150Mbs and 40Mbs speed.
Like one of these: https://www.amazon.com/Firewall-Gigabit-Business-Hardware-USG60-NB/dp/B00KSLMP36 ?
Link to manuals: https://www.zyxel.com/nl/nl/DownloadLibraryFilter.shtml?c=nl&l=nl&mto=_G_Dongle_Document%2CAntenna_Specification_Matrix%2CApplication_Guide%2CApplication_note%2CBrochure%2CCertification%2CCLI_Reference_Guide%2CDatasheet%2CDeclaration%2CDeployment_Guide%2CDriver%2CFirmware%2CHandbook%2CHardware_Installation_Guide%2CMIB_File%2CProduct_Icon%2CQuick_Start_Guide%2CSoftware%2CSoftware_Release_Information%2CSolution_Guide%2CSuccess_Story%2CUser_s_Guide%2CWhite_Paper%2C&pname=USG60W&mtname=Material+Type&md=y&pid=20140508101026&tab=ALL&submit=Search
btw. maybe a model 20 or 40 is sufficient. (depending on CPU capacity & number of VPN tunnels etc.).
Link to manuals: https://www.zyxel.com/nl/nl/DownloadLibraryFilter.shtml?c=nl&l=nl&mto=_G_Dongle_Document%2CAntenna_Specification_Matrix%2CApplication_Guide%2CApplication_note%2CBrochure%2CCertification%2CCLI_Reference_Guide%2CDatasheet%2CDeclaration%2CDeployment_Guide%2CDriver%2CFirmware%2CHandbook%2CHardware_Installation_Guide%2CMIB_File%2CProduct_Icon%2CQuick_Start_Guide%2CSoftware%2CSoftware_Release_Information%2CSolution_Guide%2CSuccess_Story%2CUser_s_Guide%2CWhite_Paper%2C&pname=USG60W&mtname=Material+Type&md=y&pid=20140508101026&tab=ALL&submit=Search
btw. maybe a model 20 or 40 is sufficient. (depending on CPU capacity & number of VPN tunnels etc.).
you can use something like pfsense or opensense on an existing old computer fof free. this provides the same functionnality as any vendor appliance for free.
a small linux or bsd system with a 20 lines script performing a few ping checks that change the gateway when needed also works fine. i used to run dozens of bsd machines behind multiple routers with a similar script. this also works as long as the address plan is consistent.
a small linux or bsd system with a 20 lines script performing a few ping checks that change the gateway when needed also works fine. i used to run dozens of bsd machines behind multiple routers with a similar script. this also works as long as the address plan is consistent.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER