Dual WAN Failover Asus?

nate12 · Mar 11, 2016

Hi guys,

I need to create dual wan connection for my home. My main provider will be through cable, 250mb/s. It is very stable and reliable connection but because of my work i need to have a backup so in case it fails i will have the backup. I know that it can take a little bit to switch but i hope it will be possible to achieve 10-20 seconds, so that i wont be disconnected from the servers i am on. Mostly operated through web browsers or from citrix.

I have Netgear WNDR 3700 v2 at home. It doesnt support anything i need but i read that it could be possible to install Open WRT/DD-WRT/Gargoyle on it and create Dual WAN. So here are my options

1. I can give it to someone to install and set this firmware on Netgear and with buying LTE subscription i can get D-Link DWR 116 with Huawaei e3372 modem/ Huawaei b315 router or ZTE MF283 + LTE for free.

I undersand that with this option i get LTE modem on one of the routers, i have dual wan on Netgear where i set my cable as main source and 2nd Wan as the backup. Can it work like this? How will it look with failover time?

2.I can buy router ASUS 4g-ac55u, wich have sim for 4g, so i can set primary and backup connection on its software. Question is, do i really have to buy this model if i'll use lte backup only few times a year probably. Think i pay for built lte modem here and i completely dont need it. Also what failover time is here? does anyone test it? It would cost 250 USD

3.I can buy different router from ASUS like RT-AC3200/ RT-AC87U or RT-AC56U. All i think have support for 4g modems, but the question is will it be compatible with Huawaei e3372 that i can get from my lte provider.

Also, and mainly all this routers have Dual WAN, so i can get it and get for free one of the D-Link Dwr 116/Huawaej B315 routers where LTE will be installed and connect it by ethernet to 2nd WAN in Asus router.

How would it look with failover time in this setup?

Wich option can be the best and what would you do. I spoke about it in many places but still have a lot of questions and i have no idea what to do really. I am reading about it from many days and still cant find failover times for any option. I wanted to go for Asus 4g-ac55u, but then Asus support told me that it could take few seconds but also its possible that it could take few minutes wich would be unacceptable for me.

Also is there any difference is failover is done on such Asus 4g-Ac55u where both cable and lte are connected in same place vs routers with dual wan where they switch between WAN ports(one would come from router that have LTE modem connected but it would be on/Not on standby like in 4g-ac55u

Big Thx in advance.

nate12 · Mar 11, 2016

I have to add that for configuring Netgear i would have to pay to someome who knows how to do it, so basically there will be costs too. At this point i am closest to picking RT-68U model for example wich is 100$ cheapier than 4g one and probably has better specs and also has Dual wan so that i can connect that lte modem or use 2nd WAN from other router. But would it work same than if i buy 4g-ac55u? Is 68u way better than 55u?

nigelivey · Mar 11, 2016

God forbid you have a power cut!!!!!!

nate12 · Mar 11, 2016

nigelivey :

I buy Cyberpower 1500 UPS battery so i am saved in that case for 15-20 minutes

bill001g · Mar 11, 2016

Ok let pretend you are the router...how do you know that the connection went down. Obviously if the port goes down but that will never happen when the modem is likely is in the same room and as long as it has power the port will be up.

Even if you were to have some kind of script that will ping something what do you ping. Many times you can get to somethings but not all on internet failures.

Commercial connections accomplish this with a routing protocol....that is the whole reason routing protocols exist. Still if we pretend that you could get ISP to run a routing protocol with you the one that is used on the internet is BGP and that can take up to 3 minutes to fail over. This is done to prevent it from flapping back and forth between connections.

Still lets assume you have solved this somehow. You will still lose your connections because the IP address you are using changes when you change ISP. This will immediately close any open sessions or vpn tunnels. Again this is why a routing protocol is used the ip you are using can be moved between connections. But in this case you must have a registered block of ip address which is close to impossible even for fairly large businesses.

So if you really want learn lots of things and have good IT guys at your company it is technically possible to do this. We have set this up for executives at our company that work from home all the time.

What you need to do is create 2 VPN tunnels one over each connection. These need to be both active all the time. You then run a faster routing protocol like OSPF between the routers over the vpn tunnels. Since OSPF is constantly sending messages over each tunnel it knows very quickly when it goes down. You can set it to fail over in less than 1 second if you really want to....but it is a bad idea again because you run the risk of flapping.

I would strongly recommend you use a commercial router on both ends, the dd-wrt things are too unstable when you are running routing protocols on them.

nate12 · Mar 11, 2016

Thank you very much for your explanation

Its just for home business. I am moving with my work to office to home and i am working on trading platfroms like forex for example and mainly use Citrix that provide access to some company apps. I already understand that the failover will take some time but i think its possible to get the connection back in that 20-30 seconds time?

Its not for big business so no need to create some special expensive network. I honestly thought this will be easier, but basically i am done to those 3 solutions i gave above and honesly i am more into those two that needs buying Asus router. THink this can work for my needs, but at the same time i dont think i need to pay for 4g-ac55u mode as i wont use LTE nearly at all. Problem is there are no test nearly and i dont know if buying for example RT-68u model is way better choice

My friend use broadband connected to Draytek router(it has 2 wlan). Then he also have Dovado 4G Pro router with LTE modem connected to it. Now to the Draytek as said, broadband is connected by one Wlan and ethernet cable from Dovado router to the 2nd Wlan. And in Draytek he sets in setup that Broadband is primary and Lte secondary provider and he says it takes about 20-30 seconds for a switch wich is what i am looking for, but think it can be achieved easier with one of those Asus routers.

bill001g · Mar 11, 2016

It almost is easier for you the person to act as the failover. You tend to know quickly anyway. You are going to have to reauthenticate will all your servers anyway. When your ip address changes when you change ISP all the sessions will close. This likely will take more time that any failover would.

nate12 · Mar 11, 2016

Ok. spoke with my friend who use that Draytek Vigor+Dovado configuration and he told me that switch is instant 2-3 seconds when main connection fails, and 5-10 to put it back to the primary when its back. And he IS NOT disconnected from the same things that i will use.

When he tried to switch cables manual he told that he was disconnected from everything.

So i would prefer to take that option if it works for him. But will ASUS routers 68u or that 4g model works similar to the Draytek Vigor one? Draytek is also expensive and basically i would have to connect to it another LTE router that i would actually get for free and think this Asus routers are a little bit better(but maybe failover doesnt work that good)

I know it might not work the best, but i have to pick one solution. Can you share your opinion on those options?

nigelivey · Mar 11, 2016

nate12 :

Firstly the UPS will just about give you time to cleanly close down your system.

You could use a Pfsense firewall router with two WAN ports, this is designed for aggregation and failover, it's also relatively inexpensive.

bill001g · Mar 11, 2016

How can it possibly be 2-3 seconds unless he is testing by unplugging the lan cable which is not a realistic test. Even if the router used a ping command it will not fail over on a single ping loss and the time out on a ping it 2 seconds by default.

None of them fail over quickly in real world situations. You always get some random packet loss here and there so you can't assume that is a outage.

You are likely best off with a dd-wrt solution then because you can write your own scripts to detect outages.

Still this does not solve the problem of the IP address changing. This will cause much more outage time even if router fails over instantly. The remote servers take some time to drop the old sessions and when the new session come in with a different IP its hard to say how quickly the server will sort that mess out.

nigelivey · Mar 11, 2016

Do you have a static IP from your ISP?
When you say "Mostly operated through web browsers" what do you mean exactly as this could effect how important your session is and therefore what impact a change of IP will have.
Pfsense has failover built in and you can determine the threshold of failover, it monitors the quality of the connection automatically and then switches connection when the threshold is reached.

nigelivey · Mar 11, 2016

Citrix isn't really effected by the change in IP from your ISP. Sorry forgot to mention!!

nate12 · Mar 11, 2016

From what i just heared from my friend its basically CITRIX thats important and if its not effected than its great. Thats why it probably works...

I dont see this pfsense routers in my country at all unfortunately and i'm not sure about Static ip from ISP. If its something extra i dont think so. Its cable connection and basically thats where my knowledge ends on this topic

as for the failover times do you know if there is any difference when this option starts on such 4g-ac55u router vs this Rt-68U for example + other router with connected LTE modem?

Difference is that in this 4g one, backup connection from LTE is on a standby mode i think and from what i understand it can take a little bit more time to move from standby to active when primary cable net drops connection.

In Rt-68u router+ other router with modem in it i think that this LTE connection is always on but simply not used. It would be connected by ethernet cable to 2nd WAN in RT-68U router so in case main cable provider lose connection it would only switch sources. There wouldnt be any time loss on starting up connection from standby

Do i understand it right? What you think about such thing. Good thing is also that if Asus software doesnt work like i want i heared i can try to install other firmware on it to set up better failover things. Like RMerlin, DD-WRT or Tomato, so i would have some other options with it too.

nigelivey · Mar 12, 2016

nate12 :

Sorry I'm not familiar with the exact model of routers you are considering. Pfsense is an opensource distro, you can turn an old pc into a router by loading Pf as an OS. You can also purchase pre-configured systems from companies like pcengines, something like this, you would need one in an enclosure http://www.pcengines.ch/apu1d4.htm.

nate12 · Mar 13, 2016

Yea that is a little bit too complicated for me

I will go for this Asus rt68u https://www.asus.com/us/Networking/RTAC68U/

And will connect Huawei b315 lte router with built modem. Then asus will have set main line as primary and the one on WAN2 from this Huawej as the backup

I read that it will switch faster than in the 4g-ac55u for example because Lte backup is on standby mode there and it has to move first from standby to active and then reconnect. In my configuration LTE is active all the time in huawei router, but simply not used until main connection fails

Makes sense?

RealBeast · Mar 13, 2016

Just to throw in my 2¢.

Totally agree with everything Bill001g posted, mostly because he is correct, but also because he is IMO the most knowledgeable networking poster on the forums.

nate12 · Mar 13, 2016

Yes i know he is right, but i cant use the solution he posted in the first topic and i cant remove cables manual

As i saidm it works for my friend, more or less good, but he is not disconnected from Citrix if main provider fail and draytek router switch to WAN2 very quickly. So its possible. In my situation instead of Dovado with LTE+ Draytek Dual Wan i will use Huawei b315 LTE + Asus rt-68u with DUal WAN.

Thats how i see it and i hope this will work. If it works in that situation it should here in same configuration but with diferent routers.

I would be grateful if Bill001g can share opinion about what i wrote above, but i believe this can work and it will be better solution than buying router 4g-ac55u

bill001g · Mar 13, 2016

This is one of those things that very few people do so its hard to say how well it works on any particular device. I know the issues we had trying to get this to work using consumer routers a couple years ago and went with expensive commercial routers we could 100% guarantee the performance.

It is still the problem of what does "down" mean and how does the router determine that. Does losing 50% of the data cause it to switch, most people feel that a connection with 50% data loss is not usable, but can the router detect that.

Will what you propose work. Likely most the time but I will bet you will run into those strange failures now and then that it does not. This is one of those how much risk of outage can you tolerate.

nate12 · Mar 13, 2016

Its the matter of using traidng platforms from the Company through Citrix for example. So when i have forex apps while doing trading i need to get the connection back quickly when main line drops. If it can work with as you say some data loss this shouldnt be an issue. But i cant go disconnected for a longer period as i may leave markets open that should have been closed in the time i am out of connection, so it cant be a minute for example as people can get edge on it.

bill001g · Mar 13, 2016

All you can do is try what you propose and hope you get lucky. You will never achieve a guaranteed 1 min fail over without something more advanced. You just have to weigh the costs to build a system that can't fail over paying the costs when it does.

nate12 · Mar 13, 2016

i will test for a week or two when i get it and will send it back if it doesnt work like i want

From curiosity, what would be the minimum cost of the more prof system that would guarantee quick failover?

bill001g · Mar 13, 2016

You need equipment on both ends of the connection. Optimally 4 routers to tolerate failure of hardware. If you did not need huge bandwidth and could use pre owned equipment likely under $1000. There are a bunch of small firewalls from many companies that will do this also I have not used them. My back ground is cisco and juniper and when we did it pretty much we were told the cost is secondary. I know they actually spent more on travel costs to go to some of these executives houses and set it up than we did on the actual equipment.

Your problem is you do not see failures often. It may take weeks before you get one and simulating a failure is very tricky, like I said almost all these work great when you test by unplugging the cables.

Dual WAN Failover Asus?

Honorable

Honorable

Splendid

Honorable

Titan

Honorable

Titan

Honorable

Splendid

Titan

Splendid

Splendid

Honorable

Splendid

Honorable

Titan

Honorable

Titan

Honorable

Titan

Honorable

Titan

Share this page