Redundant internet connections using DD-WRT

Discussion in 'DD-WRT Firmware' started by foq99, Apr 15, 2006.

  1. foq99

    foq99 Network Guru Member

    I dont' know a whole lot about redundant internet links, different types of routing, spanning-tree protocol, etc. but I figured it would be super cool to have a backup internet connection at my house. I have asked the Network Architect at work about it, but every time I do, he says a bunch of things, but doesn't say how to do it. I don't think he really knows how to do it without several thousand dollars worth of high-end hardware. So I'd be able to impress the shit out of him that I could do for <$200 what he needs a ton of cash for -- I'm not even sure that he has it at his house.

    So here's what I'm figuring is the best thing to do:

    Sorry for the shitty drawing, I'm using gimp on a laptop -- not the best combo. What the illustration shows is that my two routers are connected to separate internet pipes. Then they connect to each other (the blue line), and they connect to clients. If one internet pipe dies, the traffic should get routed through the alternate pipe.

    I know that this is possible with the Spanning-Tree Protocol. I also know that the Linksys devices make STP traffic (I've seen it in Ethereal). So does anybody know if they also take advantage of the STP traffic to reconfigure for a down internet connection? If so, does anybody have something like this running? How do you have it configured?

    Does anybody have a wireless access point around them and a couple of WRTs they want to try this out with? I don't have any wireless access points around me or I'd try it with my cable modem and the AP. This sounds like too cool of an idea to NOT try out!
  2. cgondo

    cgondo Network Guru Member

    i dont think STP takes care of redundant WAN links. STP is a layer 2 protocol for switches. To set up redundant WAN link you will need router not switches.
  3. 505Assassin

    505Assassin Guest

    Dont know enough to address the technical aspects you are presenting, but as far as sharing two pipes, why not get a device that has this capability already built in and then just have a single AP behind it?

    Check out the Linksys RV042.
    About $150 on eBay.
    Here's a details snip:
    But the unique dual Internet ports on the 10/100 4-Port VPN Router let you connect a second Internet line as a backup to insure that you're never disconnected. Or, use both Internet ports at the same time, and let the router balance your office's requirements between them for maximum bandwidth efficiency.

    Just an idea.
  4. vincentfox

    vincentfox Network Guru Member

    Networking is quite complicated. What you want to do is not so simple as it sounds. You can buy devices that will do this semi-automatically, for a lot more money. Or you can dedicate yourself to studying networking and do it your yourself. But, you are not going to be able to do this in 5 minutes study and 10 lines of script off the web.
  5. foq99

    foq99 Network Guru Member

    Wow, I didn't know cheap devices like this existed! Newegg has them for ~$150, so I'm going to grab one and get Speakeasy over here :) Thanks 505Assassin!
  6. vincentfox

    vincentfox Network Guru Member

    For redundancy, you need to be able to pull the plug on either network attachment and watch it "just work".

    Most of these cheap dual-WAN devices work well as long as both internet are up. They just split traffic. Few have any failure-mode handling.

    Be interesting to see your report after getting it.
  7. tlj

    tlj Network Guru Member

    redundant internet links

    If you want redundant internet links, you may want to work with your ISP so that everything works.

    Here are your basic options for redundant internet links.

    #1 - El-cheapo - something you make which is not really supported by your ISP. But hey - if it works then great :)

    #2 - Spanning Tree using two parallel connections. Only one active connection at a time. The fall-back connection remains in a blocked state. If the primary link goes down, then the secondary link starts working.

    #3 - Spanning Tree with vlan load shareing - split/combine your traffic across two links for greater speed. If a link fails, then you auto-fall back to a single link.

    #4 - OSPF or EGIRP to your ISP through two connections to your ISP.

    #5 - Get your own Class C network and two different feeds to the Internet and run BGP.
  8. foq99

    foq99 Network Guru Member

    Linksys RV042 Review

    Alright, I got my RV042 in and set up. If you are wanting something to have 2 ISPs for load balancing, this is a piece of shit. If you want a VPN server, this is a piece of shit. I haven't tested it for doing failover, so I can't say that it is a piece of shit for doing that. Problems....where to start:

    1) DDNS support -- Officially, 3 are supported. However, DynDNS doesn't work due to a several years old config change. The second "supported" one is all in an Asian language, so I have no idea if it works. The third seems to be out of existance.

    2) VPN connections -- I can get PPTP to work without a problem, but since it's about as secure as a screen door, it doesn't make sense to use this. DD-WRT supports this, as well. As far as IPSEC VPN, I couldn't get it to work, even with the included VPN client. I'm not terribly new to VPNs, but I'm not too experienced, either. Maybe if I knew exactly what to do, it'd be better, but the documentation is terrible. Once, I actually got it to connect, but I couldn't ping anything on the remote side of the network, so I'm not sure it was really working. The logs are OK, but they don't point to a source of the problem, google searches don't reveal anything, and the documentation says nothing. That is for the PC client, I can't speak for the client-gateway or gateway-gateway.

    3) Static routing -- When using load balancing mode, it is possible to assign certain connections to certain WAN ports. You can do it by specifying a port range, a local IP range, and a remote IP range. But don't expect to be able to set one PC to always use a certain WAN connection. In fact, in my testing I wasn't able to set it up to have SSH to a remote site over a certain WAN port. Piece of shit.

    4) Firewall -- When connecting to websites, it will drop all inbound packets, so don't expect to see any data coming in. You can do GETs all day long, but you won't receive the page. WTF? Turning off "Block WAN Requests" fixed this.

    5) DNS Server -- Feature does not exist. Sucks.

    6) NTP Client -- It doesn't seem to work. The router thinks it is January 1, 2003 and I know that the time server I'm using is up.

    7)Load Balancing -- I'm not sure how it determines when to switch from one WAN to the other. It just asks for the max bandwidth of each, but doesn't let you specify when to failover. This is just a mystery, and I'm not entirely sure it works right. I've been downloading torrents (to hopefully engage the balancing) and using to try to get a reading, but it always tells me I'm on my WAN1 connection.

    This router sucks. Considering the firmware is from Dec '05, you'd think many of these things would be fixed, or at least addressed. This was well after Cisco bought the company, and I don't see a good reason for letting these flaws stay in there. It's not like somebody is going to go buy a $2k piece of hardware from Cisco to replace this, they'll go get a $200 piece of equipment from another vendor. That's what I'm going to do.

    UPDATE: I've got some more detailed info on the firewall blocking connections. It doesn't block all inbound packets, just the ones it doesn't know about. Yes, I realize that this is what a SPI firewall should do. However, it never "knows" about CVS connections going out, only blocks their inbound. I'm not sure how it can remember the state of port 80 and port 22 connections, but "forgets" the state of port 3999 connections. This is not the only time it loses the state of the connection, but it is one that is easily reproducable.
  9. randomjoe1

    randomjoe1 Guest

    redundant internet links

    stp won't cut it. STP does this:
    switch a to switch b and c
    switch b to switch a and c
    switch c to switch a and b

    a triangle, right? well without STP you would have a loop, not good for a network. STP would shut off one of those links so you don't end up with a network that went stupid because packets are running in circles!

    That wouldn't help with a secondary redundant link, that's a router's business. Ok so this is how it works (a ddwrt cant do it good):

    for load balancing (the unix "bind" interface, not dns bind though) you must have 2 or more equal cost links, like 2 t1 connections, not gunna work with dsl or cable. Static routes won't work because if the router that you have the routes pointing to goes down, you won't get that second link up. Ok so this is the "expensive" option, have 2 "real" routers like a cisco 2621 or a multilayer switch like a cisco 6000. you could use something like HSRP if one link goes down, go to the other, life is good. But ummm, you could get 1 2621 on ebay for like 300 bucks, and good luck taking a loan out for a 6000. that's a lot of money to impress someone. Then there's knowing how to get it to work. There's no nice fancy schmancy 192.168.x.x webpage to go to. You have to know how to configure it!
  10. eridanx

    eridanx Guest

    try this is cheap and works great !!!

  11. ifican

    ifican Network Guru Member

    Somewhere in the forum i have written alot about this. It can be done with cheap equipment and easier with cable then with dsl. But the only way to get it to work right is with dynamic routing and you need to have your isp send you updates. This by the way is not going to happen for most users buisness or otherwise. You can go about it to a lesser extent without the isp updates but there are lots of little traps/holes you can fll into that are really hard to get out of in making it work right and its still not "right" as you would have to be monitoring route connectivity across links. But on a basic level you can accomplish this with 3 routers if you have 2 different isp connections.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice