Using an LTE backup to get around an unstable cable modem connection

Ari Gesher
6 min readDec 26, 2020

--

Welcome to the gilded cage of your home. You’ll be working from home for the foreseeable future. No problem, you say, I have the platinum cable modem package and severely over-provisioned wifi — my network will hum its way through Zoom calls while my kids chat with their grandparents.

Which would be great, except that your cable modem service is pretty flaky. Like not just a little, but like everyday, multiple soft outages. You’ve checked your house wiring and connections and even verified that sometimes you get a solid gigabit of service out of your upgraded modem. And finally you’ve checked your router health graphs and it has lovely plots like this:

A graph of packet loss showing 10–20% over the space of a few hours.
packet loss spanning a few hours in the morning
A graph showing 4–5 hours of severe latency on a home network
latency storm spanning many hours in the afternoon

Note these are from the same day — strangely the latency storms of the afternoon appear to be uncorrelated with the packet loss vortex of the morning. Regardless, both lead to pretty horrible user experience of using your network.

What follows is a quick survey of the solution I cobbled together. As with many problems of this sort, there are many viable solutions. This is the one I’ve settled on for now; it works and maybe this outline can help you too.

Using LTE as a backup link

I originally wanted to set up an LTE backup so that various parts of my home automation that needed a cloud loop to function could continue to do so even if our primary link went down. Ironically, I’ve since gotten rid of the cloud loops for the essential automation — but the investment is paying off as my family and I increasingly rely on our internet link to conduct our everyday lives.

This solution requires three components that many folks may not have in their home networks already:

  1. A network appliance that can aggregate multiple WAN links into a single logical connection for the home LAN
  2. An LTE data-capable SIM
  3. Something to act as an LTE modem

The general theory of operation is to use the main link almost all of the time, but kick over to the LTE backup when the main link becomes unstable.

Multi-WAN capable gateway

There are a lot of options in this space. I went with a generic network appliance from Protectli, the 4 Port Vault:

The Protectli 4-Port Vault Appliance

All the various flavors here are an embedded PC with some extra network ports. I like the Protecli line because a) they’re well engineered (no fan!) & reasonably priced and b) it’s the first one I found on Amazon.

Subsequently, I’ve been using two or three of these units in various capacities for almost five years and have no complaints.

Were I starting over from scratch, I might instead go with something like Ubiqiti’s Unifi Security Gateway — which is a nicely integrated offering (edit: looks like Ubiqiti has this productized in their product lineup).

In my setup I chose the OPNSense open-source firewall firmware to install on my network appliance. Other folks like PFSense or any other number of choices. The Ubiqiti unit uses their integrated firewall software.

The key here is to make a choice that supports multi-wan with failover.

LTE network gateway

For this, I stuck with Protectli and chose their 4G LTE appliance, mainly because it had nice big external antennae.

The Protectli 4G LTE Modem

The other reasonable choice I cam across was the Netgear 4G LTE Modem (edit: which apparently also has external antennae available).

Both of these devices act as proper network gateways — they have an ethernet interface that will route traffic and will optionally act as a DHCP server to the LAN with which they are connected.

Note that these are akin to various hotspot devices, but I think you want a unit with hard-wired connections for home networking rather than managing yet-another-interfering wifi network just to get your firewall to talk to its outbound network connection. With a bit of hacking, one might be able to get an old phone, tethered via USB to work as the modem.

I tried various flavors here, and this is most consistently performant and headache free way to go — but there are other combinations that could work and work well.

Here I think the key attributes are a) dedicated hardware designed to do this job (vs. phones and hotspots that go to sleep) b) external antennae to maximize speeds and c) an ethernet connection which is designed to be “always on” vs. tethered USB modem connections.

Google Fi Data Sim

(note that there may be better options at this point in time — I’m documenting my current setup without claiming that it’s optimal. When I set it up a few years ago, this was clearly the way to go.)

The choice of LTE provider is pretty crucial in all this. While the hardware outlined above isn’t cheap, it’s a one-time, non-recurring cost that should continue to function for many years (my last network appliance made it about seven years before succumbing to board failure). The monthly charges involved in maintaining and using an LTE data link can stack up pretty fast, with a $50/month fee netting out to $600/year before even one bit has been sent.

LTE data pricing is all over the map and changing pretty frequently, but the key features for backup links are:

  1. reasonable per-GB pricing
  2. no/low monthly fee
  3. no need to manually “top up” your account to get more data

Google Fi’s plans start with $20/month and then $10/GB up to 6 GB. From 6–15 GB, no additional cost. Above 15 GB, you have to opt-in to continuing to pay for high speed data or you get throttled to 256kbps (they’ll notify you).

The key takeaway here: don’t be surprised by your data bill. Really game out what the costs may be here. Additionally, check any data caps you might hit that render your backup unusable until the next month rolls around.

Configuration

While I won’t dive into the minutiae of configuring each component, I’ll sketch out the high level architecture.

  1. Plug your home network (I use eero) into the LAN side of the network firewall appliance. This will create a double-NAT situation — make sure that the DHCP network that the network appliance uses is distinct from the IP addressing inside your home network. Many home networks use 192.168.1.0/24. As an example, you could set up the DHCP range in on the network appliance to be 192.168.42.0/24.
  2. Plug in one WAN interface to your cable modem, plug in the LTE modem into a second interface (often labelled OPT). You’ll want to make sure to use yet another distinct DHCP range for the LTE modem to manage — it will be handing out an address to your network appliance to use.
  3. In your firewall software, configure a gateway group and tailor the latency and packet loss metrics to get the right level of responsiveness.

For reference, here’s my gateway configuration screen in OPNSense:

Gateway group configuration.

How does it perform?

Better than not having it but it’s not perfect.

  • Things still fuzz out on video calls, as it can take longer than you want to get it to switch.
  • Conversely, you can make it too sensitive and have it switch too often — and every switch is experienced as connections dying and timing out.
  • Persistent connections (like Slack’s websockets) can get unhappy when the gateway switches and can require a restart/reload.

Note that this piece is not designed to be an exhaustive how-to and this topic is tackled in whole and in parts in many, many places on the net — my thanks goes out to the army of documentation and forum post authors that I consulted in getting my set up working.

--

--

Ari Gesher
Ari Gesher

No responses yet