I have what i think is a weird use case, i'm unable to find a solution that covers this use case in this forum or on the internet.
I'm trying to configure a wan failover in case of a power or ISPinternet outage while trying to keep a single network with my ISP router. any help would be greatly appreciated.
Hardware:
ISP Router:
French ISP router "Freebox DELTA" with 8-10Gb fiber connection
basic control over network settings but no netmask change possible.
this router is used as the main router for most devices and most importantly its secondary 10Gb sfp port is used for a high speed connection to my home server this is the main reason why it has to be used as the main router and not as a modem bridge.
OpenWRT router:
Banana pi R3
this router will be used for devices that should still maintain internet connection in case of a power outage, ex. alarm and smoke detection system for notifications over the internet, camera surveillance etc... , and also would be used by other devices that are still alive during a power outage such as phones and laptops.
this router will also be used for connected home automation server/devices even when power is available to aleviate load in number of devices from isp router.
this router has an EC25 modem which i already managed to get working for 4g internet.
Network diagram:
white arrows is when the power/fiber connection is working and red is the failover route.
Requirements (in order of importance):
the home server uses an open port in the ISP router to be reachable over the internet, and the home automation server uses a cloudflare tunnel (to get around having to open ports and to allow for wan switching and public ip address change when the switching happens, Home server must still be accessible during normal operation, automation server must still be accessible during normal operation AND outage.
OpenWRT must use the the ISP router for internet as long as it works since the 4G connection is much slower.
the main router would act as a DHCP server while on, and OpenWRT will also act as a DHCP server, what i tried as a solution is limiting the range of each to part of the /24 range.
i would like devices connected to any of the two routers to be able to communicate with each other to be on the same network (or at least the seperation must be transparent).
The issue:
How do i get mwan to failover to 4g even though (i think) the ISP router must be connected to lan port (or atleast wan port should be bridged to lan) to keep devices on the same network ?
i'm not sure if this configuration is possible, please point it out if it is not.
i'm not sure how to proceed, any suggestions are welcome.
I think, if you have no "control" over the ISP box, like in a sense of direct SSH access even there would run a usable linux... You have no "good" solutions.
For typical failover scenarios you want/need things like:
keepalived with VRRP to do "First-hop redundancy protocol"
radvd or bird2 to do Router Advertisments quickly
conntrackd to sync connection states
kea for redundact dhcp and dhcpv6 deployments
I think most of that busts "typical" home user scenarios...
(Maybe I'm wrong and/or over complicate stuff, but I see no sane way how to do this in home deployments )
Thank you very much for taking the time to read and answer,
Unfortunatly i have minimal control over the ISP router other than basic network settings.
do you think that by removing one or more of the listed requirements it would make this possible ? if i seperate the networks and use the ISP router as WAN ?
If i use the ISP router as WAN do you think the cloudflare tunnel would still work ?
It depends as always.
I don't know want the ISP device is capable of but what might could work:
You have 2 openwrt devices, one is connected to the ISP fiber box and the other one to the 5g modem and both openwrt boxes have an inter connect.
Or just one openwrt device connects to both, the fiber and the 5g box. If you need to only have fail over but now "proper" high availability.
This way you could use mwan and the like.
Depends i.e. on how much ipv6 support you need and other factors.
My initial thought is just run two networks and be OK with double NAT to get failover for internet connections for the critical services with mwan3 on the Banana pi.
Other thoughts are set up a 1gb link on home server/PC to the R3 side of the network. That solves the routing issue by just having another layer 2 network connected. Then just set your route priorities, (or just no default route on that side?) or dynamic routing on the client devices?
Similarly except for 10gb services, which would be PC<-> home server, everything else is slow enough that R3 should be able to route fine?
Similarly, if you have a proper DNS setup, the different layer 3 networks doesn't matter?' You can do SNAT/DNAT + DNS on R3 too? Only issue is making wifi transparent. But if you can put up with clients changing wifi networks, if you have dns and/or nat working you should be fine?
Can you disable DHCP on the ISP router?
If your devices can handle being fed static routes, or run some other way of getting the routes populated? i.e. default route is ISP router for everyone, but they all get fed a route for the stuff behind BPI-R3 wired network/IoT etc?
Thanks again for your answer, i think for for now i'll use seperate networks, but on the long run i'll use a banana pi r4 that has a 10gb sfp and use the ISP router only as a modem, in practice i'd rather get rid of the ISP router completly and use the bpi r4 directly connected to fiber optic connection but that's another even more difficult issue in France.
EDIT: i was going to seperate the networks but then i remembered that the home automation server (home assistant) needs to be on the same network as the other devices to run part of the automations and control said devices (TV's, home cinema, vacuum etc...) so i guess my best option now is simply buying a banana pi r4 and using that only and keeping the ISP router as a modem and using its 10Gb SFP instead of the ISP router's SFP port, then also run the 4g fallback on that.
Hello @evs,
thanks for taking the time to read and answer,
i was going to seperate the networks but then i remembered that the home automation server (home assistant) needs to be on the same network as the other devices to run part of the automations and control said devices (TV's, home cinema, vacuum etc...) so i guess my best option now is simply buying a banana pi r4 and using that only and keeping the ISP router as a modem and using its 10Gb SFP instead of the ISP router's SFP port, then also run the 4g fallback on that (unrelated but yes i can disable dhcp on that router).
Thanks again for your answer and have a great day !
)