Adding Backup Internet for a Home Network

Summary

"Once considered a costly and complex luxury, now, even on a tight budget, you can effortlessly fortify your home with automated internet failover and fallback."

In this example, my ISP offers such an automated service but it was expensive >£240 a year and slow compared to the solution I installed which has an annual running cost <£50 and a one-time hardware cost of £160. Like all networking the specifics depend on your location and budget.

Background: Why I wanted a backup for my home Broadband

There are three compelling factors at play:

  1. The rise of remote work for both myself and my family, demands a dependable internet connection.
  2. Increasing reliance on the internet for IoT and media consumption, driven by streaming and other activities.
  3. The changing weather patterns in the UK, are marked by extreme heat, heavy rainfall, flooding, and thunderstorms, which can disrupt internet services unexpectedly. Even our trusted local ISP, with years of flawless service, recently experienced a 20-minute outage during a big lightning storm in our area."

Dual WAN for Home Use

Indeed, in a commercial environment, deploying a dedicated firewall for a multi-home network with separate lines is a viable strategy, particularly for data centres and well-funded offices. However, at home, our options are more limited. We rely on a single ISP offering VDSL2 with fibre at the cabinet, providing us with a respectable 70 Mbps download and 20 Mbps upload speed. In making decisions about our home internet setup, we must take into account several crucial factors:

The prospect of subscribing to a second ISP would effectively double our monthly internet expenses.

  • The infrequency of typical outages (only 4 times in 6 years), mostly lasting just a few minutes, though we recently endured an 11-hour outage.
  • Consider an alternative internet provider that could step in during extended outages, ensuring continuous connectivity.
  • Recognising the merits of Starlink while acknowledging that utilising another ISP proves cost-prohibitive and lacks a pay-as-you-go option.


The 5G router is a robust, mains-powered device sporting an array of internal 5G antennas. These units excel in delivering a consistent connection, and interestingly, they can maintain a stable link on 4G, even if the actual speeds on 4G networks may be somewhat lower. What's more, they possess the intelligence to seamlessly transition services from 4G to 5G, guided by factors like signal strength and quality.

It's crucial to note that 5G relies on 4G as its backbone. The 4G connection serves as the control plane for setting up and managing 5G operations. While users may not be aware of this intricate behind-the-scenes process, it's the high-level orchestration that ensures our seamless and uninterrupted connectivity."

I explored both 4G and 5G solutions, but encountered various challenges along the way:

  • PAYG SIMs proved expensive, and their data often had expiration dates, causing concerns about unused data going to waste.
  • Contract SIMs were also pricey, in part because they subsidized the cost of 5G routers, making them less cost-effective.
  • I found that 4G routers were a more economical choice, ranging from £40 for CAT4 models to £100 for CAT5 or CAT6 versions. Many of these routers were sold unlocked. However, my quest for the exceptional performance of 5G Cat 20 units with sustained multi-gigabit speeds and superior 4G performance persisted.
  • The downside was that even the best 5G CAT 20 units had subpar Wi-Fi capabilities. These units seemed to be built on mobile phone technology with robust antennas and extensive DSP power, prioritizing blistering 5G speeds and 2.5g Ethernet. Unfortunately, their Wi-Fi performance lagged behind top-end Wi-Fi Access Points.
  • Commercial solutions offered excellent Wi-Fi and 5G performance, but they came at a steep price, often exceeding £900. Additionally, most of these solutions assumed the use of external 5G antennas, which I preferred to avoid.
  • To complicate matters further, all UK ISP 5G units were locked, leaving no option for unlocking them. Moreover, these 5G routers had to be returned after a contract ended, or a hefty £450 fee would be imposed. There was even a potential threat of IMEI blocking, although this had not been implemented yet. This arrangement underscored that the units belonged to the telcos until they deemed them paid for, either directly or through other customer purchases.

I looked around and noticed that 5G SIM-only deals had come down in price and were available for phones/tablets and home broadband. Remember a SIM can be locked to a class of devices like a phone and can block tethering. This was very common in the early days of 3G, 4G and 5G as the telco use the SIMs to limit traffic on their nascent networks. All networks start off weak and grow. Telcos don't drop prices and restrictions until the technology is commoditised and there is market competition. Thankfully in the UK, this has started to happen and the insane demand for streaming media on all devices has grown data caps.




This is the strategy I ultimately settled on:

  • I was determined to acquire a CAT 20 5G router for its exceptional performance, capable of saturating a 1-gig Ethernet connection, and some of the latest models even featured 2.5-gig Ethernet connections.
  • Instead of paying the steep list price, which often exceeded £450 for unlocked units, I was open to purchasing a used CAT20 router, even if it wasn't the latest model and lacked certain features like dual 2.5-gig Ethernet, and had only a couple of 1-gig Ethernet ports.
  • Crucially, the router had to be unlocked by the ISP, a measure taken to mitigate the risk of IMEI blocks in the future. Unlocking implied that I would own the device, especially after fulfilling a long-term contract.
  • The UK market offered several MVNOs with SIM-only deals, including 5G connectivity and over 1GB of data per month, often accompanied by sign-up vouchers that reduced the effective monthly cost to less than £4.
  • I opted for a make and model with a solid reputation in the UK market, as it had proven compatibility with multiple network providers. This particular model was sold by major carriers like Vodafone, EE, and Three.
  • Reliability and firmware stability were paramount, so I chose a unit with a strong track record for robustness and consistent support and upgrades.
  • I was cautious about units unlocked by third parties, as these could potentially be bricked or blacklisted by the telcos. My preference was for a unit that had been officially unlocked by a telco.
  • Finally, I was dissatisfied with my ISP's failover solution to mobile broadband, which was not only expensive at £20 per month but also slow, providing a sluggish 4G USB2 portable MyFi unit. It seemed like a profit-maximizing move by the telco, prioritizing their gains over the consumer's need for speed and reliability.

At this point, it's worth outlining the setup at home



  • My existing home network has robust scalable Wifi (5 high-end ASUS domestic routers) 
  • and > 40-gigabit ethernet ports around the house every location includes unused sockets and cables back to a central location allowing new networks to be created in minutes with no cabling
  • A large 24-port central switch port around the house provides a stable internal copper backbone LAN for the house
  • 7 accessory switches around the house 
  •  I don't use the ISP router for the LAN directly it sits behind an ASUS unit.
  • As I have lots of redundant ethernet cables terminated but not used; I could find the best location for a 5G router and direct copper connection to the location of the main router for the house

Sourcing a 5G unit the plan

I had an idea of what I wanted but how to source a good second and unit that met my needs
  • Read every review on the top 5 units available in the UK it boiled down to 3 models
  • Must have features
    • CAT20 5G
    • Unlocked
    • Ethernet
    • Internal Antenna
  • Did not need the latest model just a reliable make, stable firmware and reliable hardware
  • Did not want to pay for
    • Wifi6 (my existing Wifi is fine and coverage/speed is excellent)
    • External Antenna ports (Today's CAT20 units have amazing internal antennas) 
A couple of weeks and some automated sniping got me a good unlocked unit and I ordered a low-cost 5G SIM with a 12GB monthly allowance

Testing the 5G

The unit arrived the same day as the SIM. The instruction for the SIM said plug and go. Did that but the device reported no 4G no 5G and reported a SIM registration error. Popped the SIM into a phone, it registered with the network and connected. Put the registered SIM that was now active and the 5G router got a signal - we had data!

Location, Location, Location

I had looked at the Telcos coverage maps and thought I'd try the router at the top of the house. The signal was good and speed usable. Tried the front of the house speeds were faster. Triend next to the existing router location and the speed was good!

Failover & Failback

My main ASUS router has Dual WAN support so I enabled that and assigned a port to use for WAN2 which confusing it calls LAN port as its one of the Yellow LAN ports that it reassigns for WAN2 use! Failover tested and working. Enable failback, again working fine. 


Lessons Learnt

The prep work paid off with no issues. I did notice that the failover testing did use 2 GB of data in 20 minutes so the 12GB 30 data contract I'm on might need to be reviewed or I could limit the most bandwidth-hungry applications when non on the unlimited data.

Turning off Services during Outages

I noticed that when on the primary internet provider's network via VDSL the name of the IP connection has the ISP's name in the endpoint so checking the name for btcentral would let any client know if it was on the primary or secondary network. for internet access e.g. host86-XXX-YYY-ZZZ.rangeQQQ-TTT.btcentralplus.com 

 Action
 Command
 Detect the network's External IP 
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com 
 Remove quotes
sed s/\"//g 
 Get the DNS name for the IP

 host 

 Get the hostname without the text

 rev  | cut -d' ' -f1 | rev 

 Search for the VSDL ISP name

 grep -q 'btcentral' 


Putting it all together to turn Services On / Off

Unlike commercial routers, the ASUS units are domestic so I can stop data-hungry hosts in 2 ways







  1. Blacklisting MAC addresses on the 5G router using parental control: For the MAC of specific devices in my case, Rasberry Pi running Kodi I can set parental control to allow internet access only for one minute a day (or whatever logic your 5G router support to block internet access) In my case the router assumed that between specific hours some devices would not have internet access. Under normal operation: my VDSL line with unlimited data would be active and traffic would get through the VDSL modem router from the primary ISP. During this operation, the 5G router would see no traffic except for the ping tests from the Asus router checking if the 5G unit was working (Hot Standby / Cold Standby reporting). When the main VDSL failed (Ping not working 4 times over 1. 
  2. Using a cron job to check which WAN is in use
I decided to do both. The first command executes the start command if and only if the name of the public IP address contains btcentral as the && ensures the command is only executed if the return status of the grep was positive: Search String present. The second command has the same logic but the || ensures the command executes if and only if the grep fails to match. The -q tells grep to return a match / no match as the status code of the command.

dig TXT +short o-o.myaddr.l.google.com @ns1.google.com | sed s/\"//g | xargs -l host | rev  | cut -d' ' -f1 | rev | grep -q 'btcentral' && transmission-remote --torrent all --start


dig TXT +short o-o.myaddr.l.google.com @ns1.google.com | sed s/\"//g | xargs -l host | rev  | cut -d' ' -f1 | rev | grep -q 'btcentral' || transmission-remote --torrent all --stop

I've noticed that there are small outages such as new firmware for the VDSL modem that the ISP pushes out. Typically these are completed quickly but if there is no internet for a minute (5 seconds * 12 times = 60s) the failover will trigger. 

Fallback is triggered if and only if  the primary WAN is up for 20s (5 seconds * 4 times = 20s)




Example of a firmware upgrade taking place on the primary VDSL modem which would create an outage on the internet.


An example of a nightly outage is when a time switch powers off the VDSL modem for 60s 
  1. 02:16:11 The WAN link is reported as down (the timer has powered off the VDSL router)
  2. 02:16:31 The WAN link is reported as up (this is the 5G router taking over.)
  3. Now the ASUS router keeps checking the primary WAN. Fallback is triggered if and only if  the primary WAN is up for 20s (5 seconds * 4 times = 20s)
  4. 02:17:55 The WAN link is back up and traffic is going to the VDSL router (Failback complete)

This is the full log



Wrap up and reflectionbon the Future

It's worth noting that I've taken a conservative approach to ensure reliability. Limited testing so far suggests that my primary internet remains unaffected by the new setup, but only time will provide a true measure of its performance and stability.

In my particular case, my choice to configure failover was driven by the data limit of 12GB per month on my cost-effective SIM. However, should I eventually acquire an unlimited data SIM and find that my 5G connection doubles my VDSL speed, I could explore the possibility of load balancing on the router as an alternative to failover. By doing so, I can intelligently distribute traffic across both internet providers, reducing contention and achieving faster overall speeds.

The future holds exciting possibilities for optimizing my internet experience, and I'm eager to adapt and fine-tune my setup as circumstances change and new opportunities arise.