Forgot your password?
typodupeerror
Networking The Internet Technology

Ask Slashdot: Best Connect Scheme For a 2-ISP Household? 206

Posted by timothy
from the cut-the-blue-wire-no-the-red-wire-hmmm dept.
c_petras writes "I just had DSL installed (a 19,000 ft run — Woo Hoo!) to act as a backup to my regional WiFi connection. How should I configure my home network so I don't have to swap the cable from one ISP's router to the other to maintain a good connection? Is it as simple as getting another router and plugging the two ISPs in? Is there a more elegant solution that would not require the use of three separate boxes and associated wall warts?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Best Connect Scheme For a 2-ISP Household?

Comments Filter:
  • This is the job of a good router/firewall, but without knowing what you're running there's no way to answer the question.
    • by Anonymous Coward on Thursday July 14, 2011 @02:29PM (#36766766)

      http://lmgtfy.com/?q=dual+wan+router

      • Get a CradlePoint router. I manage 20+ of them remotely, and they'll load balance/failover to any number of connections based on how many ethernet ports the device has. We're using the MBR1400, which has 5 USB ports for multiple cellular/wimax adapters, but also has 5 ethernet ports, which can be configured in any number of lan/wan interfaces. It also does ping tests across the devices you're using so you really know when the connection is down (instead of relying on local link status). Failover, load balan

      • by LodCrappo (705968)

        wish i had mod points, this is the correct answer to the question.

        • by jc42 (318812)

          wish i had mod points, this is the correct answer to the question.

          Nah; probably not. First, the question wasn't "How do I use my dual WAN router?" The question was "I have two (independent) WAN connections; how do I best use them?"

          And "Get a dual-WAN router" isn't a very good answer, especially when the person said explicitly that part of their motivation for the second collection was as a backup to the first. This implies that they want two independent routers, so if one dies, they can still use the other while the dead one gets fixed or replaced. If you have just

          • by LodCrappo (705968)

            I think you are being intentionally thick when you suggest he is worried about the router as a single point of failure. He obviously is trying to failover the internet connections, not the router. This is a home network. He doesn't need five 9s, he needs 1 or 2, which a cheap dual wan router provides with great ease. A few minutes setup time and he is no longer down if one internet connection fails. Done. No need to make it more complicated than that.

    • by blair1q (305137)

      He's not going to find that on his typical home router, which comes with one upstream port and one downstream subnet.

      Albeit some have hidden capabilities: mine has the hardwired downstream subnet, the hardwired upstream port, and one wireless subnet that can mimic two (the secure wireless and the guest wireless). This is probably pretty typical for wireless routers right now.

      But still, the second WAN port is not going to be there unless you shop around. Ala kazam:

      http://www.google.com/search?q=google+sho [google.com]

      • by blair1q (305137)

        wtf. that link as posted does not behave as it did when i pasted it in my browser.

        try this one:

        http://www.google.com/search?q=router+dual+wan&tbm=shop [google.com]

        yeh. mosh bedda.

      • by ryanov (193048) on Thursday July 14, 2011 @02:39PM (#36766962)

        The one that my church uses has a 2 WAN option:

        http://www.cisco.com/en/US/products/ps9926/index.html [cisco.com]

        Not a home class one, but only $260.

        • by Amouth (879122)

          i didn't think cisco made anything that cheaply priced - hell copper gbic's cost more than 260$

          • That's likely because the RV series came out of their Linksys purchase - I've deployed Linksys RV042 routers in the past; they were reasonably priced and didn't give me any maintenance issues.

            They were rather lackluster from a configuration and firmware perspective - they were capable of basic VPNs and had 2 WAN ports, but that's about all for features over a home class router.

            • by Amouth (879122)

              when you say "firmware" you are leading me to believe they are not IOS supported devices.. and if that is so then they are from the linksys side and not what i consider actual "cisco" hardware.

              while i like/liked linksys and i like cisco - and i'm fine with the buyout.. some of their decisions have muddied the waters and made it a little more difficult to find the right solution.

              • when you say "firmware" you are leading me to believe they are not IOS supported devices.. and if that is so then they are from the linksys side and not what i consider actual "cisco" hardware.

                Yes, they're definitely of Linksys origin - pre-Cisco buyout by quite some time. They're significantly more reliable than the standard Linksys home router, but I suspect the fact that I always made sure to supply them with a nice clean 60 Hz sine wave at 120V had a lot to do with it.

                while i like/liked linksys and i like cisco - and i'm fine with the buyout.. some of their decisions have muddied the waters and made it a little more difficult to find the right solution.

                I agree - Cisco putting their name on Linksys hardware in the consumer sector is easy to see past, but knowing whether you're looking at something that descended from Linksys or IOS heritage is difficult at the bottom end of the

        • by JayAEU (33022)

          I've been using and deploying these Linksys/Cisco RV0xx models for quite a few years now. Good feature set, great reliability, no problems. I hope they never stop making them!

      • by Kenja (541830)
        Well its not a typical requirement. I use a Netscreen 25 which has four ports, each configurable as its own security zone (so you can have any mix of trusted and untrusted ports). Can get one for under 100 dollars via ebay.

        The point was, we dont know what hardware he's running. If he's looking for hardware recommendations, that would be one thing. But its hard to tell from the article.
        • by blair1q (305137)

          He's got two bridges (one DSL and one for his regional WiFi) and some computers. The bridges presumably each have an ethernet port on his side of the box. He doesn't know how to connect the computers to the bridges so the thing just routes. Any dual-wan router will fit in that hole in his system. It's not so complicated that we need to know more.

        • Online prices for that Cisco router (RV042 Dual WAN VPN) are from $150 - 160USD + shipping (and, in some cases, sales tax). Slightly more than my $40 home (single WAN/ 4 port) Wifi router. Probably best categorized as a SMB budget router.
          • by Tacvek (948259)

            On the other hand, the average Linksys box actually uses a switch that supports multiple VLANs. The Wan port is actually on the same switch as the 4 LAN ports, but just on a separate VLAN. 6th port (to the router proper) is the only one configured by default to be in multiple VLANs and to see tagged frames.

            As you might be able to guess, it is relatively straightforward to merge all ports onto a single VLAN, or to sacrifice one of the LAN ports to create a second WAN port. Obviously the default firmware for

  • What I did. (Score:5, Informative)

    by grub (11606) <slashdot@grub.net> on Thursday July 14, 2011 @02:25PM (#36766676) Homepage Journal

    I did this a couple of years ago with DSL and cable. My choice was to use OpenBSD's Equal-Cost Multipath Routing [openbsd.org]. I've seen other hardware devices that accept two broadband connections but the OpenBSD option was much more elegant and allowed some good granularity in traffic control (ie.: traffic to my cable ISP's billing page may as well go through the cable connection)

    I had a couple of lines in pf.conf as so:

    table <route_cable> persist file "/etc/route_cable"
    table <route_dsl> persist file "/etc/route_dsl"

    then would force the network ranges/IPs contained through the appropriate interface.

    I dumped the DSL about a year ago but this worked very well for me. YMMV. Mail me if you'd like more info/tips.

    • by grub (11606)
      Oh I should note that this was pretty basic load sharing (I won't grace it with the term "load balancing") not failover.
      A script would ping out through each interface and if one went down all traffic was rerouted out the other so failure of one link didn't botch things up.
    • Re:What I did. (Score:5, Informative)

      by Bastardchyld (889185) on Thursday July 14, 2011 @02:40PM (#36766990) Homepage Journal
      I recommend pfSense 2.0 RC3 to be specific. It has a new ability to use Multiple WANs, you can even weight them based on which has a better connectivity and balance traffic over both. Giving you load balancing and failover between both connections.
      • by grub (11606)
        Ohh that sounds sweet (just did teh googlez on it) I don't think it had those features when I looked back when.
      • Echoing this. I started with pfSense because I wanted a multi-WAN router, but still use it to this day even on single-WAN environments because it's trivial to get going on any spare PC hardware, can be easily built in to an "appliance" with a number of available embedded x86 boards, and does pretty much everything. Of course it's not as fast as hardware built for the purpose, but if you have hardware encryption available I haven't yet seen a reason to choose a PIX/ASA over it on performance grounds. Obvi

    • I did this a couple of years ago with DSL and cable.

      I don't mean just to be nosy, but: why? I'm kind of honestly baffled that somebody would need more than one ISP at home (though I can see the reasoning in a business context, of course). What am I missing?

      • Re:What I did. (Score:4, Informative)

        by pz (113803) on Thursday July 14, 2011 @02:56PM (#36767306) Journal

        I'm not the highly informative poster above, but can readily speculate justifications nevertheless: (1) reliability, reliability, reliability, (2) cost differential between the two services during different times of the day or days of the week, (3) to maximize available bandwidth if one or the other connection bogs down from one's neighbor, (4) to be able to tell one or the other service to frell off on a moment's notice, (5) to be able to load down one ISP's connection, say with a large file transfer, and have the local network still remain responsive by automatically switching everything else to the other ISP, etc.

        I've implemented a related, but certainly not identical, system in my home with two wireless APs running two independent networks feeding a single cable connection. Robustness was the primary motivation.

      • by v1 (525388)

        I'm kind of honestly baffled that somebody would need more than one ISP at home

        I run a variety of small services at my home, have done so for 15 yrs. Mail and web for example. I have DSL and cable. My DSL just recently upgraded to 1up/7down from 1up/1.5down (umm thanks for the DOWNstream bump... not), and the cable is now at 2up/25down. Obviously cable is the better performer, but it's also less reliable/consistent and doesn't offer static IP addresses. And my cable speeds can really dip badly during

      • Shitty service.

        A few years ago I lived in a town called Wellington, Ohio. The LEC in the area was Verizon (now Frontier) who offered a DSL service that was officially supposed to be around 3m/768k but usually barely beat 2m/512k and would go entirely down (signal loss at the modem or no PPPoE response) for hours at a time multiple times per month. My roommate and I tried multiple modems including the Verizon-provided Westell, a Cisco 675, a few Motorolas, and an Edgemarc 200AW with no change, nor did inst

        • Sounds like you are in what used to be Northern Ohio Telephone Co territory. NOTC was bought by GTE in 1968, the phone portion of GTE merged with Bell Atlantic to form Verizon in 1999, then Verizon spinning off a bunch of their business the last few years.
          • I think you're on the nose. I knew the area as "GTE North" and yea, they sold it off to Frontier a few years ago after teasing us with a test-market of FiOS in a few small towns. I'm glad to have moved to a larger town where the LEC is still Frontier, but the cable options aren't shit (50/5 truly unlimited with no complaints from the ISP when I use 2TB in a month for $129) so their offerings are pretty much irrelevant. The cable company has a nice cheap tier, so no one gets DSL unless they don't know any

  • by Anonymous Coward

    1. Setup a pfSense router/firewall
    2. Configure Failover
    3. ??
    4. PROFIT!

    • by yakatz (1176317)
      I was about to write pfSense when I saw the parent post, so I will just second it.
      I use it at home and at several of my clients, and one of those has dual WANs.

      (Full disclosure: I have contributed (code, not money) to pfSense.)
  • by Anonymous Coward

    PFsense (www.pfsense.org) is a great open source multi-wan router. I currently run 3 separate incoming connections to my network with it flawlessly. Combine this with great VPN,load balancing, round robin connection, traffic shaping, and bandwidth monitoring and it is a fantastic easy to use tool.

    • Note that with this setup you still have to manually reconnect persistent connections if one ISP goes down. If you need transparent fail-over, then things get a lot more complicated (and expensive!) because you'll need the same IP address (range) from both ISPs.
    • I second this choice. I used pfSense in a multi-WAN corporate solution. I had fast & cheap cable for common users which failed over to a 3xT1, which was normally reserved for server traffic. Before the cable, we had DSL that was about the same speed as the T1 and toyed with round robin load balancing. Eventually, I convinced my brother to switch to this solution for his home network. He manually switched between 2 providers that both had 5 GB limits each month. This worked flawlessly until he upgr
  • You can set up an old computer as a home server doing the balancing of the two connections, and you can even add some more functions to it (file server, vpn, etc).

    A good distro for it is Zentyal, which is based on ubuntu and will let you config the whole thing over a web browser, just like one of those d-link routers.

  • My recommendation: pfSense.

    Or ClearOS.

    pfSense is FreeBSD based. ClearOS is linux-based.

  • If your router supports dd-wrt, it has this option built in. You may need more than one router for this. I've never tried it, but there's info about it here: http://www.dd-wrt.com/wiki/index.php/Mesh_Networking_with_OLSR [dd-wrt.com]

    • Re:dd-wrt (Score:4, Informative)

      by Anonymous Coward on Thursday July 14, 2011 @02:41PM (#36767010)

      DD-WRT was my first thought for something that could do this with out costing a fortune but Mesh Networking isn't even close to what the OP is asking about.

      http://www.dd-wrt.com/wiki/index.php/Dual-WAN_for_simple_round-robin_load_equalization

      or

      http://www.dd-wrt.com/wiki/index.php/Dual_WAN_with_one_as_standby_backup

    • by skids (119237)

      Most WRT-capable boxes will have one upstream port an a LAN port connected to a built-in switch. It should be possible to VLAN the switch in such a way as to peel off a single port to act as a second WAN port. However, a good amount of this hardware will boot up with the switch running open, and will not apply the VLANs until the bootloader initializes the switch. So it's not suitable if that moment of open bridging causes problems with the provider or you have high security

      Also that would mean you'd be

  • There are companies that make routers with 2 WAN links. Health checks are run periodically (pinging a public DNS server or some other reliable IP through the link), and traffic is routed across your preferred link if it is up, or the backup if the preferred link is down. The one I'm familiar with is made by FortiNet and costs $500+ http://www.fortinet.com/products/fortiwifi/50B.html [fortinet.com]
    • Wow, that's expensive. Something like a PC-Engines ALIX board with three LAN ports running pfSense provides the same functionality (complete with pointy-clicky web interface) at a quarter of the price. Installing pfSense is just a matter of writing the .img file to a CF card, so there's not even the argument that there's a cost saving in terms of time - it takes a lot longer to configure either system than it will take to install.
    • by ryanov (193048)

      Linksys RV082 is a cheaper alternative. I'm not 100% sure how the routing works, but it seems to me it accounted for downed links.

  • What you might consider is a dual-wan router. It can replace your regular router and provide more connectivity options.
    Unfortunately, for the low-end ones that I looked at, the options were limited:
    1) fail-over mode. Normally use WAN-A until it dies, then use WAN-B.
    2) dual-WAN mode. Client 1 goes to WAN-A, client 2 goes to WAN-B, client 3 goes to WAN-A, etc.

    What you probably really want is a truly load-balanced mode, which requires either going higher-end, or rolling something yourself with a PC.

    There ar

  • by Isarian (929683) on Thursday July 14, 2011 @02:36PM (#36766902)

    The "Cisco" RV042 (http://www.newegg.com/Product/Product.aspx?Item=N82E16833124160&Tpk=RV042) supports this, by having two WAN Ethernet ports. Plug them both in and go. Relatively inexpensive at $180, sometimes you can find deals online for them. I say "Cisco" because I think the hardware is just rebranded "Linksys" gear from before the merger.

    • by Mr.Ziggy (536666)

      I thought the RV042 was going to be the godsend product: relatively cheap for dual-wan support in small offices. Turns out it just sucks.

      My *personal* suspicion is it is part of the constant Cisco screwups of everything Linksys, but that's a different conversation.

      RV042's run HOT, break, don't auto-switch or auto-detect a network outage like they are supposed to. Installed a bunch in some offices and had to replace all of them.

      DO NOT buy the RV042.

      Peplink makes a good but expensive dual-wan router which

  • When I google 'multi wan router' (I assume you didn't get that far), Peplink [peplink.com] is the first result. They seem pretty legit, but I don't have any of their products. They even have one that can connect to wifi networks and ethernet for internet connectivity, which seems right up your alley.

    As far as I know, just linking to routers together will not work. Your computer can only have 1 gateway (where it looks for the real internet). Maybe there's custom firmware that allows load-balancing with another router,

    • I've used PEPlink and they are good.... Recommend them, service was good, though they did bring me one which had a hardware problem.

      They have some pretty good load balancing policies, but there was some wacky idea I had which it wouldn't do.

        If someone is looking for clever inbound traffic balancing without BGP google that in week or so... actually it is something similar to my DNS racing... (sorry my blog is currently down).

  • I used a Netgear Dual-WAN for years. It allows you to specify (via the web-interface) which traffic goes over which network.

    • I've been using a Syswan Octolinks for years with no problems, because at one point I had 3 connections to manage.

      I also have a Barracuda Link Balancer that I'm rather underwhelmed with. The DHCP server on the unit seems to crash every few months, and Barracuda support was no help, so the solution was simply to use something else to provide DHCP services.

  • Some inexpensive small office firewall appliances support multiple external network connections, and can automatically move traffic to the secondary connection if the primary goes bye-bye. I believe one such device was a Multi-Tech SOHO firewall. There are like a lot of them out there.
  • If you can spare/build/whatever a machcine (and really it could probably be anything from the last decade), download pfsense [pfsense.com], the installer pretty much works, the how-to's are very detailed. It's a mature stable product. It'll let you load balance your outbound connections as well as do everything a modern firewall does (you might, for instance, find being able to setup VPN on the box highly useful).

    If you don't know anything about networking it might be a bit daunting, but probably still within the realm
  • While there are products that do this (dual WAN firewalls, etc) none of them are particularly great. If it were me, I'd repurpose an old PC, or a dedicated board such as a Soekris 4501 (http://soekris.com/net4501.html) and roll your own. It should be pretty simple to do it with iptables and a few bash scripts. Off the top of my head, I'd do something like ping a device a few hops upstream on each providers network every 60 seconds or so, if the device isn't responding, then failover and use another scrip
    • by hawguy (1600213)

      While there are products that do this (dual WAN firewalls, etc) none of them are particularly great. If it were me, I'd repurpose an old PC, or a dedicated board such as a Soekris 4501

      Before you repurpose a PC for something that can be done by a lightweight appliance, keep in mind the power costs.

      A PC that uses 100 watts will cost around $130/year in power (in California @ $.15/KWh). Use that Soekris board (at 10W w/o disk) and you save $117/year, so it will pay for itself in less than 2 years.

  • by Ortle (1555195)
    Check out Vyatta.. they have an appliance or it can be run on a computer/VM. They have a commercial version and a community version.
  • Use what the grown-ups use.

    Go buy yourself a Juniper SSG 20 [juniper.net] with the optional xDSL module, and let the firewall take care of the failover for you.

    ~dlb

  • I found myself in this same position a number of years ago, I've settled on using ubuntu linux, iproute2, and iptables, it's not easy to get working right, especially when you have DSL instead of a nice normal IP based connection (I will forever hate PPPoE)

    The mental gymnastics of tracking ip connections across two separate routing tables in the same box will give you a few headaches, especially when a packet which comes in through the DSL heads back out the WiFi interface for no apparent reason... it's de

  • by BenEnglishAtHome (449670) on Thursday July 14, 2011 @03:14PM (#36767632)

    At home, I have both cable and DSL. I use a Vigor2930N from DrayTek. [draytek.us]

    Works like a charm. [tomsguide.com]

    There have been other mentions of a Cisco/Linksys product (the 104, I believe) but I went with the Draytek because I wanted integrated wireless, too.

    • Correction - The Cisco/Linksys model that was mentioned by another poster was the RV042. I owned and had less-than-good experiences with the RV082.

  • I did a blog post on this very topic last year.

    http://johnsokol.blogspot.com/2010/11/increasing-internet-reliablity-dual-wan.html [blogspot.com]

    Use a cable modem and DSL at the same time.
    Xincom XC-DPG502
    TP-Link TL-R480T+

  • Those Linux-based routers do very well. I have an Asus RT-N16 and this should be able to route both WiFi and up to 5 Ethernet links (each port is separately addressable). There are also specific dual-wan routers but the hardware and software is identical, the configuration changes. There is an example on the DD-WRT wiki on how to set up iptables so any Linux distro would work just as well. If you run out of resources on those ARM devices (Linksys hardware is particularly underpowered for anything beyond 10M

  • http://routerboard.com/RB750 [routerboard.com]

    Small, cheap, highly configurable.
    It has 5 ports that you can configure as wans or link them together as lans. There is also a gigabit version available.

    You can do everything on this as you would on a homebrewed freebsd solution, but with a nice gui or an optimized cli.
  • I did a website for a client who sells and configure devices like this for schools and libraries under the federal e-rate program. I don't have personal experience with the device, but he says it works quite well. Here's a link (disclaimer: like I mentioned, I developed the web site for this, but I'm not affiliated with the product) http://e-rateforschools.com/services/e-rate-internet-availability-link-balancers/ [e-rateforschools.com]

    -Clay

  • by EriktheGreen (660160) on Thursday July 14, 2011 @03:45PM (#36768092) Journal

    If what you're looking for is A) Fail-over, so if one ISP or line is down you use the other or B) The ability to reach selected IP addresses via one ISP or the other, a dual WAN setup will work for you using one of the dual WAN setups people have mentioned. They're basically hacks that masquerade your desktop behind a public IP address from whichever provider you happen to be using at any moment. They don't allow asymmetric traffic (can't send packets out one ISP and receive via the other ISP) and they'll possibly screw up any security protocol or site that expects to see packets coming from a single IP and port address. This is handy, but only slightly more convenient than moving the cable yourself and re-issuing a DHCP request. Forget about aggregating bandwidth, you won't get that.

    If you're thinking that hooking up both ISPs to a router will let you use whichever one is faster for any site when you click on it, you can't do that without a ton of work (and for the most part without being an ISP). The problem is that although a routing protocol exists on the global internet that would let your router figure out which path is best to each network prefix, to use it you have to have your own routing block (an aggregate of multiple network addresses) to announce to the world (which you can't get) and you have to have a router capable of holding and processing the global BGP table in real time... you don't have this.

    If only all our home routers could speak a multi path routing protocol with low overhead, every single packet we sent would take the best path to its destination, all our computers would automatically fail over to other connections, we could add bandwidth by plugging in another wire, we could add and remove bandwidth in real time as needed, and we could migrate between internet providers without re-numbering our IP addresses. Things like mobile apps would be much easier to write.. no need to use a central server to pass data to a mobile, just send the packets to its IP and the routing protocol would send them on to wherever it's connected in the net.

    I look forward to the day when the Internets evolve to permit multiple pathing for data in real time. Too bad technological development of Internet protocols seems to have slowed and become heavily political.

    Erik

    • It's probably cost prohibitive for some SOHO setup, but I think some of the mid-tier firewall and link balancer products will support sticky connections and/or policy routing specific IPs and URLs.

      I've installed a half-dozen or so Ecessa PowerLinks and have not had any problems with users being unable to get to or work with specific sites, even though it works as you generally suggest (although they use a dummy LAN between the PowerLink and your internal firewall).

      The same is true for Watchguard Firebox fir

  • I setup a dual homed network system in about 5 minutes with arno iptables in ubuntu. Super simple and very reliable and easy to setup.

  • Many decent motherboards these days have dual network chips. But you can take any old computer and shove three network cards into it. I presume your favourite operating system can share it's internet access.

    So that's what I'd do -- in part because I'm not a networking kind of guy, and in part because I know it'll work. One computer, in the basement, with both ISPs going into the computer, running windows -- vista or 7. One network cable out of that computer to my home router. That's it.

    It's also really

  • Simple, build a routing computer, use it to switch when wireless connectivity isn't meeting your demands.

    Anyone else suggesting anything else is just shilling for some company or another.

  • A while back our house had both dsl and cable, one dedicated to my wife's business, and one for my convenience. Both were run into dedicated old boxes running openbsd firewalls. Each box used the same intranet prefix (192.168.5.x), but one box was two and the other ten on our intranet. Under normal circumstances my network and my wife's were not wired together. Benefits were:

    .
    1) My major uploads/downloads would not slow down her business and vice versa.

    2) My investigation of NSFW websites would nev

"In the face of entropy and nothingness, you kind of have to pretend it's not there if you want to keep writing good code." -- Karl Lehenbauer

Working...