I still remember the thrill of getting my first 300 baud modem in the early 1980s. I used it to connect a Radio Shack TRS-80 Model III computer to the West Virginia University mainframe so I could work from home rather than have to walk across a snowy campus in the middle of the night. The data came in at rate so slow that you could get bored waiting on the characters to march across the screen, but my friends still thought it was a high-tech wonder just the same.
Today nearly everyone has become addicted to high-speed Internet. We have become so dependent on the high-speed connections when they don’t work we don’t work either. Every minute a connection is slow or broken we lose money or time or both. Many businesses are moving their IT to the cloud with the aim of improved bandwidth and better uptime on virtual severs. This perceived advantage can evaporate quickly however if the Internet connection is down and the server is inaccessible!
Twenty years ago the POTS (plain old telephone service) was the lifeline for every business. With POTS the phone company generally worked hard to try to meet 99.999% uptime. This goal of “five-nine” reliability works out roughly 5 minutes of service interruption every year. You might think that things would be better with newer technology such as cable modems, ADSL, satellite, WiFi, 3G/4G/WiMax, etc. but you’d be wrong! Despite the advances, todays’ high-speed networks aren’t as reliable as POTS. The words “can you hear me now” pretty much tell that story. Despite the reliability advantage there is however no future in POTS for most homes and small business. To move forward we must have both high-speed and high-reliability.
Department of Redundancy Department
A typical approach to improve reliability is to use redundancy. In earlier posts I have shown how my primary service provider (River Canyon Wireless) provides great speed and with good reliability over redundant backhaul. I also showed how the Virgin Mobile Broadband2Go has served as a suitable travel and backup 3G Internet service. Today I will show you how I used a specialised router to combine the two services and improve speed and reliability without resorting to expensive leased lines.
Mission-Critical versus Home Grade Routers
Since moving to Moab in the spring of 2009 I have gone through no less than a half-dozen home grade routers of various brands; all of which have failed or caused problems. After wasting a lot of time resolving the most recent incident, I decided that my next router would be a business or enterprise grade device. So, over the course of the last few weeks I have done some research on the topic of routers and firewalls; including USG (Unified Security Gateways) / UTM (Unified Threat Management) devices such as those recommended by my associate here. I was particularly interested in devices that offered business or enterprise quality with these key features:
- Multiple wired (e.g. ethernet from cable or ADSL modem) and wireless (e.g. 3G, 4G, WiMax and WiFi) WAN interfaces
- Load Balancing – the ability to combine use multiple WAN connections at once to improve speed
- Failover – the ability to automatically detect a failure on a primary WAN connection and switch to a backup connection
- Failback – the ability to sense that the primary WAN connection is available again and switch over from the backup connection
I eventually chose the CradlePoint MBR1400 shown here:
This model offers the best overall feature set for my needs and supports most 3G/4G/WiMax modems. With a street price of roughly $300, it is definitely a bigger investment than home grade routers. On the other hand, it offers features that go well beyond the cheaper units. For starters, it has 5 giga-bit ethernet ports which are all configurable as WAN. It has support for up to 3 USB modems and up to 2 express card modems. On top of that, it has dual band (2.4 & 5 GHz) 802.11 a/b/g/n WiFi that can be configured as either LAN or WAN connection! This last part, WiFi as WAN, is unusual and only offered on Cradlepoint models with the latest 3.3 firmware based on NetBSD. With this nifty feature, it would be easy to configure failover or sharing with your existing WiFi enabled iPhone or Blackberry hotspot. Given the wide array of connection options along with flexible configuration for load balancing, failover, and failback the MBR1400 is an ideal gateway device for locations where wired options are limited or unreliable.
The features don’t stop there however. If you opt to use the WiFi as LAN and not WAN you are free to configure up to four WiFi SSIDs each with distinct security settings. This will appeal to those who run a business from home since you can keep your business machines isolated while still offering WiFi to your children. It even offers captive portal features for customer or guests. The device offers the usual alphabet soup of capabilities for routing, firewall, NAT, DMZ, LAN, VLAN, VPN, QOS, etc. An added bonus is the ability to do content filtering to help stop phishing attacks and limit objectionable materials on your network without the cost of a subscription fee.
The biggest difference between the MBR1400 and some of the more expensive USG, UTM devices from Sonicwall and others is the lack of packet filtering to screen for spam and viruses, and intrusion detection and prevention. I didn’t worry about having these features in one device however. My plan was to get a robust and flexible gateway and then add a second PC or VM running Untangle or pfsense for additional security functions later. Your needs and tolerance for building and managing the additional security appliance may point you toward the all in one USG or UTM type devices from Sonicwall or ZyXEL however.
A Cheaper Option
The biggest problem I have with MBR1400 is that it feels like overkill for a small office. If you can get by without giga-bit ethernet, 5 GHz WiFi, and load balancing there is a cheaper option. The MBR95 shown here:
allows you to have reliable Internet connection with failover/failback on one WAN ethernet port, one USB 3G/4G/WiMax modem, or WiFi as WAN for only about $100 street price. It even offers 2 SSIDs for WiFi. I very nearly went for this one but ultimately decided that the speed and flexibility of the MBR1400 were worth the extra cost.
I’ve only had a few days with the MBR1400 but I can already say that it’s a huge step up from my previous home grade routers. Despite all the sophistication it was very easy to set up, and the features that I wanted (i.e. load balancing, failover, failback, multiple SSID, etc.) all work as promised. So far, the only thing that hasn’t worked are the WAN modem signal strength lights on the front panel. As near as I can figure that is due to a limitation of the MC760 modem and not the MBR1400. Signal levels are still available from with the web-based interface however so it’s not a big deal. I’ll update this post if anything changes in this assessment.
Meanwhile do yourself a favor and at least think about how important having a fast, reliable and secure Internet connection is for your home or business. If you’re smart you’ll take the initiative now to prevent costly problems later.
Update November 14, 2011
I’ve added another article on using Untangle to supplement the MBR1400 with added security features. You can find it here:
Update November 16, 2011
I was getting dropped connections and connection errors when using Load Balancing on MC760. Unfortunately, it wasn’t easy to find the right settings to get things to work properly. I’ve outlined the steps here in hopes that it will save others time and frustration:
Step 1. Upgrade to the latest firmware (now version 3.4).
Step 2. Go to Connection Manager. Configure the MC760 Failure Check options to do an active ping every 300 seconds or so to a high availability machine (e.g. google DNS at 22.214.171.124). The ping will make sure that at least some data passes through the modem periodically and prevents the connection from timing out.
Step 3. Configure LB and QOS load balancing values on all interfaces. The default values didn’t seem to work for me so I ran speed tests (www.speedtest.net) on each interface individually to get a realistic picture of what was possible. I got about 9 Mb/s down and 2.25 Mb/s on my primary WAN during peak hour. To be conservative, I set LB to 6 Mb/s and QOS to 2 Mb/s for that interface. On the MC760 I got about 1.5 Mb/s down and about 600 kb/s up so set LB to 1 Mb/s and QOS to 500 kb/s.
I’m not sure yet if these are really optimal settings but the 3G connection is now solid and the load balancing algorithm is actually pushing traffic onto the MC760 once the primary WAN is heavily loaded.
Update March 2, 2012
Today I installed firmware revision 3.5.0. After rebooting the WAN signal level lights now seem to work properly with the MC760.