Multiple Internet Providers @ Home

V

VRT

Limp Gawd
Joined
Jul 15, 2016
Messages
460
How many people around here have multiple ISP's at their home around here?

I just changed my setup at home a few months ago, mainly for R&D purposes for guys that work with me that are having issues in other areas. I actually have four connections at my house, but for purposes of this test and question lets only talk about my three public connections.

1) 100/MBit - Cable company - (Cox in Las Vegas)
2) 50/MBit - Phone company - ADSL Connection - (Centurylink in Las Vegas)
3) LTE - Cellular Connection - (Currently swap between Sprint and AT&T)

What solutions do you use for load balancing and fail over? The LTE connection is solely in case of both of the others failing out. I haven't had this happen in Vegas, but did in Laguna Vista after some storms.

I have tried the following solutions, and here are my thoughts. What real world solutions have others tried?

Basic Linux Firewall/IPTables and manual configuration, this allows the most flexibility but takes the most configuration and expert at the wheel.

PFSense, this works very good but you still have to have a full PC and configure it etc.

Sonicwall, never got working properly.

Cisco Meraki, when using their switches and AP's I like it, I don't like that it is fully cloud, but the time to configure it, have it reliably switch between all three connections and it just works I like.

What have you used?
 
I currently have a 150/20 cable connection and a 6/1.5 VDSL connection for failover.

I have used Mikrotik RouterOS on both Routerboard devices and x86 for failover and load balancing when I had 2x 50mbit connections. Overall I was unhappy with load balancing because there were no sticky connections. Failover was fine.

I currently use pfSense on a j1900 box with 4nics. The entire setup is less than $200 and something like 19W at full load. I also used pfSense for load balancing previously and had no issues. Right now I just use failover based on packet loss and it works just fine.

I've never really looked at anything else too seriously for home use. It's all too expensive or 100% command line setup. pfSense is easy, handles all my VPN needs (client-server & site-to-site) and just works.
 
bds1904 said:
I have used Mikrotik RouterOS on both Routerboard devices and x86 for failover and load balancing when I had 2x 50mbit connections. Overall I was unhappy with load balancing because there were no sticky connections. Failover was fine.
Click to expand...

I have also used Mikrotik in the past, but not seriously in a few years, I hadn't thought about using one of these.
 
It depends on your budget and what features you're looking for. If you're just looking to test policy based routing then you don't get much horsepower and you can get by with an edge max or edgerouter (erlite?).

Once you answer the budget / needs question, I think it'll be easier to tell you.
 
swiftwind said:
It depends on your budget and what features you're looking for. If you're just looking to test policy based routing then you don't get much horsepower and you can get by with an edge max or edgerouter (erlite?).

Once you answer the budget / needs question, I think it'll be easier to tell you.
Click to expand...

I am just looking at what people have used and what they like. For us this is a corporate thing and we are usually around the $1500 point per home office this includes UPS/Switching/AP's/Firewall.
 
Also we usually set the systems up so that here are three separate networks.

1) VPN/Secure wired only
2) Corporate Wifi - This has access to our corporate network and only authorized devices in the house hold, can VPN into network 1
3) House Wifi - This is for the spouse/kids etc no access to networks 1 or 2
 
I currently have 1GB/40MB cable via Comcrap and cellular through Sprint (company pays for it).

If Comcrap goes out, I can tether my phone to my laptop and use it for Internet. The only thing I can't really do with it is use my IP phone. I could probably soft-phone into our phone system. But I'd rather not, as our current phone system's generic SIP implementation is NEARLY as secure as taping your password to your monitor...
 
If you're running Cisco gear at HQ is
VRT said:
I am just looking at what people have used and what they like. For us this is a corporate thing and we are usually around the $1500 point per home office this includes UPS/Switching/AP's/Firewall.
Click to expand...

What's the VPN hub look like?
Are you a Cisco shop? A juniper shop? Fortinet?
If Cisco, you might want to consider DMVPN on a Cisco with split tunneling and either Cisco APs with LWAP assuming you have a wireless controller or an all in one Cisco (8xx series?).

You could also take the Meraki route but I'm not familiar with their gateways.

Another option is ubiquiti gateway (SG?) With ubiquiti APs if you don't want to spend too much time configuring it.
 
[QUOTE="swiftwind, post: 1042910869, member: 94758"
If Cisco, you might want to consider DMVPN on a Cisco with split tunneling and either Cisco APs with LWAP assuming you have a wireless controller or an all in one Cisco (8xx series?).

You could also take the Meraki route but I'm not familiar with their gateways.

Another option is ubiquiti gateway (SG?) With ubiquiti APs if you don't want to spend too much time configuring it.[/QUOTE]

We have a Cisco WLC in the office, but we run pretty much everything, I am just looking for something that our sales/admin people can use, it isn't a big deal, most of our SE's and FE's have their own roll your own solution, hell one has a Cisco Nexus Core at his house with 40GB ports in it. Most of the others have something more reasonable from Ubiquiti(Which I hate) to Cisco, to Mikrotik, just what ever their preference is and it is reliable.

Right now I am leaning to the Meraki solution, even though I don't like the cloud part of it, it just works, and if they have a dark spot int heir house ship an AP and send a contractor our to wire into the switch and it is done.
 
Pfsense is my first choice. They make small form factor machines that use very little power so you don't have to use a full PC. If you don't want to spend a lot of money, you could get their small one with just the two NICs and as long as you have a network managed switch capable of vlans, you could vlan the different WANS but still use the same physical interface. Just a thought. :)
 
I disagree with pfSense or any DIY solution. From my understanding, the OP is looking for a good solution for his work-from-home employees.

If that is correct, then I would suggest something nice and easy to setup with good features like a Fortigate. They have a built-in wireless edition as well, they are called FortiWiFi. I would suggest pricing out the FortiWiFi 50E, which comes with 2x WAN interfaces. These run about $1000 w/ 3 year 8x5 (non-enterprise) support and licensing for the security suites. Here is a PDF with their different support options: https://www.fortinet.com/content/dam/fortinet/assets/brochures/FortiCare-Services.pdf

Product information - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_FortiWiFi_50E_Series.pdf
Recommended - https://www.corporatearmor.com/product_info.php?cPath=213_406_605_1679&products_id=13215
Ballpark Pricing on FortiWiFi 50E - https://www.corporatearmor.com/index.php?cPath=213_406_605_1679

Since these are being handed to your employees, you may want to consider a 1 year license subscription, depending on turnover, etc... Just a thought.
 
Last edited:
Good grief, after reading what I posted I honestly sound like a shill. I honestly don't work for them, I just think they make a great product for the price.
 
Last edited:
Cmustang87 said:
I disagree with pfSense or any DIY solution. From my understanding, the OP is looking for a good solution for his work-from-home employees.

If that is correct, then I would suggest something nice and easy to setup with good features like a Fortigate. They have a built-in wireless edition as well, they are called FortiWiFi. I would suggest pricing out the FortiWiFi 50E, which comes with 2x WAN interfaces. These run about $1000 w/ 3 year 8x5 (non-enterprise) support and licensing for the security suites. Here is a PDF with their different support options: https://www.fortinet.com/content/dam/fortinet/assets/brochures/FortiCare-Services.pdf

Product information - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_FortiWiFi_50E_Series.pdf
Recommended - https://www.corporatearmor.com/product_info.php?cPath=213_406_605_1679&products_id=13215
Ballpark Pricing on FortiWiFi 50E - https://www.corporatearmor.com/index.php?cPath=213_406_605_1679

Since these are being handed to your employees, you may want to consider a 1 year license subscription, depending on turnover, etc... Just a thought.
Click to expand...

I am going to see how they work when compared to the Meraki's I should have a test setup next week.

I have used PFSense for engineering staff etc in the past, but for something plug and play that the help desk can handle with outhaving to have a full pc, or send someone out just won't work. Also what if you don't want to load a VPN client onto the PC, and would like for someone to have access while they are on the road, or at a clients site? I don't have a large staff, but about 30% of my staff is on the road 4 days a week or so.

Cmustang87 said:
Good grief, after reading what I posted I honestly sound like a shill. I honestly don't work for them, I just think they make a great product for the price.
Click to expand...

No, I am the same way at times LOL
 
VRT said:
I have used PFSense for engineering staff etc in the past, but for something plug and play that the help desk can handle with outhaving to have a full pc, or send someone out just won't work. Also what if you don't want to load a VPN client onto the PC, and would like for someone to have access while they are on the road, or at a clients site? I don't have a large staff, but about 30% of my staff is on the road 4 days a week or so.
Click to expand...

It depends on what they are accessing on the road. Without a client can be done on the Fortinet by accessing the VPN through a browser session. Instructions for these setups are here: http://cookbook.fortinet.com/ssl-vpn-using-web-and-tunnel-mode-54/
 
You must log in or register to reply here.
Back
Top