Multi-Gateway LAN Setup

In these days LTE becomes an alternative to wireline based broadband access like ADSL, VDSL or FTTx. Operators offer LTE bonding as a supplement to boost wireline broadband performance with spare LTE capacities. So general case for such a setup is to achieve more network performance by adding a wireless connection. If the operator does not offer a combination with a wireless access, there are still ways to take advantage of the technology. In this article, I'm going to describe the approach I took in the absence of an operator based solution.

The following table illustrates how LTE can be used for internet access in a household or small office:

Type of Access	Technology	Description
LTE Router	LTE	In this case the network is exclusively connected to the internet using LTE Router. Depending on the operators mobile network architecture it may not be possible to use VoIP Telephony (SIP or Skype) or to expose any services to the outside like a VPN Server or a FTP Server.
LTE + DSL	Multi-WAN	This technology combines two internet connections. There is a single gateway in the local LAN connecting through a special router setup serving to WAN interfaces. There can be a load balancing or failover mechanism configured. Here an example on how to do this for OpenWrt: http://wiki.openwrt.org/doc/howto/multiwan.failower Such a setup does not have the possible  limitations like the exclusive LTE Setup described above.
LTE + DSL	Multi-Path	This is a lower level network implementation splitting the traffic for multiple WAN interfaces. It requires a pendant on the operators side to assemble the split traffic again. This is a typical approach for LTE-Bonding. LTE-Bonding in addition has a management to provide only excess network capacity to such clients. Multipath TCP is in the process of becoming a standard: http://en.wikipedia.org/wiki/Multipath_TCP
LTE + DSL	Multi-Gateway	The multi-gateway approach (I called it like this), is a simple deviation of the Multi-WAN approach requiring less configuration is probably more easy to implement.

In my case the LTE only setup is not a feasible option as it is not possible with the current operator to expose any ports plus  VoIP based traffic is (at least partially) blocked. The multi-path option is also not available. The Multi-WAN option is possible, but it would have caused some re-wiring of the network, which I want to avoid.

The following graphic shows my setup:

From a network architecture it is certainly not ideal, that the network clients "need" to know through what connection the internet traffic goes. On the other hand, the setup is just simple. Although we have two routers in the network, any network client can access any other client.

The following steps have to be done for the setup:

Wireline Router

• Configure Wireline DSL Access as usual
• Configure the IP address of the router, e.g. 192.168.1.1.
• As this is a router, the Gateway defaults to ist IP address, otherwise set it explicitely
• Wireless: Probably a good idea to leave it off, as a client connected to this device will use the (slow) wireline connection. If the Router offers a guest network function, it might be good idea to configure at least a guest network 
• VoIP client / DECT Base: can be configured as needed for the router. VoIP traffic goes through the wireline connection
• Portforwarding: as needed
• DHCP Server: off

Wireless Router

• Configure LTE Access as described in the router manual
• Configure the IP address of the router, e.g. 192.168.1.199
• Configure DNS identical to router IP
• DHCP Server: configure and make sure you remember the IP range later for "special clients"
• Portforwarding: no
• Wireless: Configure your home wireless network (SSID, WPA2,...)
• VoIP Client: no

Special Network Client (e.g. VPN Server)

Manually configure network parameters: Assign a static IP outside the DHCP server range, configure DNS & Gateway to the Wireless Router

Generic Network Client

Nothing really to do. Just get into the network  (e.g. SSID & WLAN Pw)

By default, any client goes through LTE - the fast way. My "special" applications like VPN Server and VoIP Client are manually configured in terms of network parameters. They use the wireline connection.

In my case, I could improve the internet surfing experience drastically. Currently, I'm getting >130 Mbit/s through this setup while my wireline access is way below 10 Mbit/s.

Static Routes: OpenVPN

In case your OpenVPN server uses dev tap, you are on network level 2 and won't require a static route. In case you use dev tun, you are on layer 4 and will require a route. You should make sure that both gateways have the proper route.

The packets sent from the VPN Server into the local network will have the address of the VPN servers network adapter in the packet, which is recognized as a remote ip address by a network client. Thus any client will send responses to such packets to the default gateway configured. The route on the gateway send the packets back to the VPN server. As an alternative, the route can be defined on the network host directly. This avoids the extra way through the router.

Ideas for Managing the Configuration properly

For just a home network a manual configuration of a separate gateway and a couple of separate clients may be quite feasible. If the environment becomes bigger, managing the different clients may become a challenge. Also it may be a requirement to dynamically change the configuration based on WAN availability or load.

The standard Linux dhcpd offers in the config file all configuration options needed to address such a situation. A short lease time of the IP (e.g. 30 minutes) allows changes in the configuration to be reflected in the network on a shorter notice.

A script could monitor whether internet access is up on the gateways. In case one goes down, the dhcpd could be reconfigured to run against the other WAN. Apparently the dhcpd needs a restart after such a config change (kill -HUP may not be supported.

The config file itself is a text file which can easily be edited by a script.