Twice in the past week the internet has gone down at my house while I was away. I realize this should not be a big deal but my roommate works remotely. He uses the internet to connect to his office and the lack of internet is disruptive to his productivity. As my networking equipment is exclusively used from the demarc to his PC, I feel obligated to provide uninterrupted service as best as I can. Also due to the complexity of the system, it is not easy to walk him through diagnosing issues. Uninterrupted service is impossible but both times I could have resolved the issue if I was able to SSH into my home network. This is the primary reason for revisiting this long time desire of having a secondary internet connection.
For a few years I have wanted to have a way to remote into my home network if my primary WAN goes down. Not for any particular reason but I thought it would be cool. When I first came up with this “great” idea, my immediate thought was to use Ting.com’s mobile service due to their pay-for-usage pricing schema.
- Always-on secondary Cellular WAN
- DDNS to update changes in the Cellular’s IP address
- Route traffic through primary gateway and swap over to route to the Cellular WAN when the Primary ISP’s DNS is no longer responding to ICMP echos.
- Low cost (relatively)
Unintentional Sales Pitch
If you are not familiar, Ting [referral link] offers pay-for-usage service for mobile CDMA and GSM service. For $6/month+taxes you get a phone number, they have no pre-set plans, you simply get billed for the bracket you use. There current rates are below:
As my usage on this secondary link is going to be very limited, Ting is likely the least-expensive service I can subscribe to. As you can see, I likely will only be paying $9+taxes for this connection. I consider much better than my other two options in my neighborhood of CenturyLink’s least expensive service at $29.95/month or Comcast’s $19.99/month service.
- Cisco 1841 Router (IOS version 15.0(1)M1 or later required)
- Cisco HWIC-3G-CDMA-S – WWAN device from Cisco for Sprint service
- Cisco Antenna – 3G-ANTM1919D
Gather necessary information for manual activation
Navigate on Ting’s online account tools to Device Settings > click on HWIC’s assigned phone number and record the:
- Phone number (also called MDN in the telco realm)
Unlike a cell phone, you’ll need to manually activate the device on Ting’s service before you can expect to have any data connection.
Cisco1841#terminal monitor Cisco1841#cellular 0/1/0 cdma activate manual ? WORD 10 Digit Mobile Directory Number Cisco1841#cellular 0/1/0 cdma activate manual 1234567890 ? WORD 10 digit Mobile Subscriber Identification Number Cisco1841#cellular 0/1/0 cdma activate manual 1234567890 1233214567 ? WORD 6 digit Mobile Subscriber Lock (please check with service provider) Cisco1841#cellular 0/1/0 cdma activate manual 1234567890 1233214567 000001 iota Run IOTA after Manual Activation <cr> Cisco1841#cellular 0/0/0 cdma activate manual 1234567890 1233214567 000001 iota NAM 0 will be configured and will become Active Modem will be activated with following Parameters MDN :1234567890; MSID :1233214567; Checking Current Activation Status Modem activation status: Not Activated Begin Activation Account activation - Step 1 of 5 Account activation - Step 2 of 5 Account activation - Step 3 of 5 Account activation - Step 4 of 5 Account activation - Step 5 of 5 Secure Commit Result: Succeed Done Configuring - Resetting the modem The activation of the account is Complete Waiting for modem to be ready to start IOTA Beginning IOTA Cisco1841# *May 22 23:29:08.459: IOTA Status Message Received. Event: IOTA Start, Result: SUCCESS *May 22 23:29:08.459: Please wait till IOTA END message is received *May 22 23:29:08.459: It can take up to 5 minutes Cisco1841# *May 22 23:29:27.951: OTA State = SPL unlock, Result = Success *May 22 23:29:32.319: OTA State = Parameters commited to NVRAM, Result = Success *May 22 23:29:40.999: Over the air provisioning complete; Result:Success *May 22 23:29:41.679: IOTA Status Message Received. Event: IOTA End, Result: SUCCESS
Basic configuration. This first section is not required but suggested due to the device being on the public facing internet.
hostname Cisco1841 ip domain name home.local crypto key generate rsa modulus 4096 no ip domain-lookup ip name-server 188.8.131.52 login block-for 900 attempts 5 within 300 logging buffered 16000 login on-failure log login on-success log service password-encryption no ip http server no ip http secure-server ip ssh version 2 ip ssh dh min size 4096 line vty 0 15 exec-timeout 0 0 logging synchronous login local transport input ssh
interface FastEthernet0/0 description Out-Of-Band Management Network ip address 10.0.0.3 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto interface FastEthernet0/1 description Primary Network - Link to Main WAN Connection ip address 192.168.6.3 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto
Cellular interface and other required commands for cell connectivity.
chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT" interface Cellular0/1/0 ip ddns update no-ip.com host free_account.no-ip.com ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp dialer in-band dialer idle-timeout 43200 dialer string cdma dialer-group 1 async mode interactive routing dynamic line 0/1/0 exec-timeout 0 0 script dialer cdma login modem InOut no exec transport input all transport output all dialer-list 1 protocol ip list 1
track 99 ip sla 10 reachability delay down 1 up 1 ip sla schedule 10 life forever start-time now ip sla 10 icmp-echo 184.108.40.206 source-interface FastEthernet0/1 threshold 3000 frequency 5
Create NAT mappings for both external interfaces. Route maps are required due to needing NAT on multiple interfaces.
ip nat inside source route-map NAT1 interface FastEthernet0/1 overload ip nat inside source route-map NAT2 interface Cellular0/1/0 overload route-map NAT1 permit match ip address 30 match interface FastEthernet0/1 route-map NAT2 permit match ip address 30 match interface Cellular0/1/0
Note on the first route entry it references the track interface command, which references the SLA entries, which requires 220.127.116.11 ICMP responses otherwise the route is removed until connectivity is reestablished. On the second entry, a high AD is used to ensure the link is used as a last resort. During testing I forgot a device was using the cell network and overnight it used over 700MBs while downloading a system update.
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 192.168.6.1 track 99 ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 250
Here routes are explicitly set to ping common DNS servers through certain interfaces. This is a good way to check connectivity over a particular link. The second route entry is required otherwise the link will not reset from a failover.
ip route 18.104.22.168 255.255.255.255 Cellular0/1/0 ip route 22.214.171.124 255.255.255.255 FastEthernet0/1 192.168.6.1
Setup the access lists.
access-list 1 permit ip 10.0.0.0 0.0.0.255 any access-list 30 permit ip 10.0.0.0 0.0.0.255 any
This section tells how to update dynamic DNS with No-IP.com. The “<h>” is auto-populated by the interface command; “<a>” auto-populates the IP address. When entering the command you must use enter the pre-question-mark content, hit Ctrl + V, type ?, and then paste the post-question-mark content for both lines. The maximum is set to 7 days and minimum is set to 5 minutes.
ip ddns update method no-ip.com HTTP add http://<username>:<password>@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a> remove http://<username>:<password>@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a> interval maximum 7 0 0 0 interval minimum 0 0 5 0
3G mobile service was never fast and still is not. I get in the mid ~200Kb/s for downloads with lots of jitter. However the primary purpose is to allow me to remote into my home network in the event the core system goes down.
Another curious but non-determinant thing, Ting recognized the HWIC as a 2G device when signing up for service through the web interface.
However, after some poking around I believe the device is actually operating on 3G service.
Cisco1841#show cellular 0/1/0 network Current Service = 1xEV-DO (Rev A) and 1xRTT Current Roaming Status(1xRTT) = HOME, (HDR) = HOME Current Idle Digital Mode = HDR Current System Identifier (SID) = 4274 Current Network Identifier (NID) = 313 Current Call Setup Mode = Mobile IP only Serving Base Station Longitude = <redacted> Serving Base Station Latitude = <redacted> Current System Time = Sat Jun 13 11:52:18 2015 Cisco1841#show cellular 0/1/0 connection Phone number of outgoing call = #777 HDR AT State = Idle, HDR Session State = Open HDR Session Info: UATI (Hex) = <redacted> Color Code = 70, RATI = 0xFFFFFFFF Session duration = 0 msecs, Session start = 0 msecs Session end = 0 msecs, Authentication Status = Authenticated HDR DRC Value = 14, DRC Cover = 0, RRI = Pilot only Current Transmitted = 3131147 bytes, Received = 28992553 bytes Total Transmitted = 33555 KB, Received = 659109 KB Current Call Status = DORMANT Current Call Duration = 9477 secs Total Call Duration = 187086 seconds Current Call Type = AT Packet Call Dormant Last Call Disconnect Reason = Client ended call Last Connection Error = None HDR DDTM (Data Dedicated Transmission Mode) Preference = On Mobile IP Error Code (RFC-2002) = 0 (Registration accepted)
|Item||Cost Shipped – USD|
|1x Cisco 1841||$29.98|
|1x RAM and Storage upgrade for Cisco 1841||$21.99|
|1x Cisco WWAN Sprint Adapter (HWIC-3G-CDMA-S)||$10.99|
|1x Cisco Antenna Stand with attached 15′ cable (3G-AE015-R)||$19.99|
|1x Cisco Antenna (3G-ANTM1919D)||$20.00|
|Ting Service (1x device and 1-100MB of data)||$9.63/month with taxes|
|Grand total over 12 months||$18.21/month|
I was able to get some good deals on most of the hardware on eBay. For the antenna and antenna stand I did not wait for the best deal, and end up purchasing with a Buy-It-Now.
Of course there are faster options. My primary goal was a secondary connection for remote low bandwidth SSH access. High bandwidth was not a requirement for me but being the curious type; I did look to see the cost of utilizing 4G service. Unfortunately 4G cards were not made for the original Cisco ISR line of routers. However, the 2nd generation ISRs do have 4G EHWICs available but are significantly more costly (relative to this projects cost.) The cheapest 2nd gen ISR with a EHWIC slot I could find was $350 and the lowest cost EHWIC-4G-LTE-A I could find was another $540.
I ended up setting up a RaspberryPi running FreeBSD to further my remote capability in the event my SAN crashes and brings everything else down. Powering the rPi was easily solved as the 1841 has a USB port.
Cisco1841#ping 126.96.36.199 [ROUTED THROUGH CELL REGARDLESS] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 188.8.131.52, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 80/90/100 ms Cisco1841#ping google.com [ON CELL SERVICE] Translating "google.com"...domain server (184.108.40.206) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 220.127.116.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 96/101/116 ms Jun 13 17:09:06.888: %TRACKING-5-STATE: 10 ip sla 70 reachability Down->Up [18.104.22.168 UNBLOCKED AT MY PRIMARY GATEWAY] Cisco1841#ping google.com [ON PRIMARY WAN SERVICE] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 22.214.171.124, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms
This project is largely a proof of concept but it was fun setting it up. And it surprised me when I made it half way through the day using the cell service for my desktop with only minimal awareness it was “slow”.