#iorestoacasa: it’s today one of the fundamental rules to be respected to avoid contagion from COVID-19. Given these directives, smart working is the simplest solution that companies and professionals can adopt to continue their work even outside the office, if it’s possible, for business continuity.

In this article Marco Cosatto, DevSecOps of MOLO17, will explain to you how to connect an emergency failover LTE gateway to the main router with VLANs to work from home.

During the COVID-19 outbreak, we will see how to connect an emergency failover LTE gateway to the main router with VLANs, keeping an eye on the aesthetics with a 3D printed dock. Let’s see how to connect to the internet and work from home in complete safety.

#IORESTOACASA – the hashtag used by workers in smart working in Italy during the pandemic

As you might have noticed, here in Italy the outbreak took its toll.
And as you can imagine we, as MOLO17, have activated the business continuity plan and immediately switched to smart working.
We gladly embraced the #IORESTOACASA (that is “I’m staying at home”) movement. As you will have been able to see from our stories on instagram, our team is working from their home desks.

Some of us were more prepared than others. I, for example, without the pretense of being a fully fledged prepper, I was a well prepared for this, at least speaking about connectivity.
If you’d like to know what i mean you can have a look at my series of posts

I always believed that home is where wifi auto-connects. As you can imagine, during this smart working exceptional explosion, internet connectivity is totally taxed by the number of people using it. Even if I already have two internet uplinks at home, I wanted to ensure my business continuity at “prepper” level.

LTE/4G connectivity as Network failover option for smart working

As I promised in a past article, I show you how to make my third uplink, an “absolute-failover” connectivity.

It’s a LTE/4G connectivity, obviously metered. I use it only when the FTTC and the WIMAX go down simultaneously, as explained before. 

When not home, I can take the device with me to use it outside.

Network failover with Netgear Nighthawk M1 LTE router

What I’m using? An high performance LTE router by Netgear, the Nighthawk M1. Now, as you know I’m not a fan of COTS devices, but this thing included everything I needed, including both a long-lasting battery, an LTE CAT16 chip (which potentially delivers 1Gbps/150mbps of download / upload speed), and an ethernet port. The ethernet port is what I needed the most: this way the device brings the hardware, I bring the professional networking features when at home. 

Now, during this outbreak I will stay at home, and I’ll really want the internet uplink to be as resilient as possible for my smart working sessions. So the device is always plugged in to the network as an uplink.
How did I make it work as an uplink to my existing router/firewall?

VLANs instead of cables

The first problem is that on the ground floor of myhouse there is barely any signal for it, but the firewall and the main uplink is located there. 

On the first floor, where my bedroom is, there is a switch that distributes the wired network for that floor. It would be a perfect place to plug it in, but since the main router is on the ground floor and I didn’t want to route more cables down the walls, I just did it with a dedicated VLAN.

Topology Diagram VLANs

Topology Diagram VLANs

The main router is connected to the main switch with a LACP, with four gbit network interfaces, both for resilience and bandwidth. 

VLANs instead of cables: the project 

 Here’s how I did it:

  1. I created a new VLAN interface on the LACP, tagged 200
  2. After that, I also created the new VLAN on both the switches: the main switch and the first floor switch
  3. In the meantime, I set all the ports to use the VLAN as TAGGED both in ingress and egress. The only exception is the port where the Nighthawk M1 has to be plugged, that is PVID 200/UNTAGGED 200, in other words “an access port on VLAN200”, without any other VLAN on it. 
  4. Later, I set the new VLAN interface, with DHCP Client enabled, as an uplink port in the router. Subsequently, I set the proper routes,  failover routes and groups. 
  5. Since the connection is metered, I created a whitelist of hosts allowed to use it.  So you can avoid consuming traffic on frivolous things, especially if you, like me, already have the two unmetered uplinks. I can always disable the firewall rule in case of emergency. 

Finally I also put an usb power cable in the cabinet on my bedroom floor. So I can come home, plug the device to the ethernet and the usb-c connector, charging and enabling my third uplink at the same time.

Bonus for paranoid preppers: if you are actually quarantined and in smart working in your floor, doing it with VLANs instead of real cables, on an already installed network, you won’t need any physical access to anything else other than the floor switch where you already are.

COVID-19 shut down shops? Here comes 3D printing 

Now I just need to make the thing polished and nice. There are some docks for the device, but you can’t go outside to buy one right now. During an emergency like this you don’t want to go outside for stupid reasons. To avoid contagion, for now it is illegal here in Italy.

I’m also a maker and I don’t mind using my 3D printer once in a while.

I found a nice model here, that is just perfect for my needs: https://www.thingiverse.com/thing:3891372

Time to fire up Slic3r and here we are:

  • Slic3r: 3D printer STL Slicer
  • Test del router Dock
  • The 3D printed Dock

Conclusions

I hope this article can help you with your home network and with your smart working sessions.  

#IORESTOACASA for the good of all. 

Stay Safe and good smart working!