Production-ready OOB Router
Posted: Wed Nov 10, 2021 3:45 pm
First off, I hope I'm posting this to the right place. If not, just let me know and I can delete/re-post it elsewhere.
I'm looking for a solid/reliable router for our out-of-band access to our colo rack. I'm currently using my personal WE826-t2 for now and it just doesn't feel reliable -- I have to totally reboot the entire router just to get the LTE modem to restart, and it feels like some of my AT+ commands don't always work. When it was my daily modem here at home, I needed to manually reboot it once every 2 to 4 weeks. The Wireguard and OpenVPN configs also seem to only partly work (and conceptually, the Wireguard implementation doesn't seem quite right - there is a server and client mode, but Wireguard is peer-to-peer).
All of those add up to make the device feel 'brittle' and not at all suited to this task. (I know that it was not built for this task so I'm not criticizing it for the flaws; I'm just spelling those out to give you an idea of what I am looking to avoid.)
Here are the main features that we need:
1. VERY reliable - solid uptime with reboots only rarely needed (ideally just for firmware updates)
2. Works on Verizon network
3. Minimum 4 LAN ports but, more are better
4. Bonus if there are serial ports for connecting to our PDUs and switches, but those are rare so I'm not expecting them.
5. Native (or easily added) VPN support: ideally through Wireguard but OpenVPN is ok.
6. Routing and firewall tooling that can support passing traffic coming in from the ingress VPN connection through to the devices connected to the LAN ports. Bonus if it can also run something like fail2ban to auto-block excessive login attempts.
7. Speed is not a critical issue but I'll mention it here because I am sure the question will come up if I don't - most of what we need can be done via a simple web UI or command line. Given our signal on-site, I am confident anything that can connect to VZW over LTE will be fast enough for what we need. So the only reason I'd want to go with a top-of-the-line 5G-CAT-bazillion modem would be for reliably; not for speed.
8. Future-secure -- the last purpose-built device I tried was a Tripp Lite serial console server. On paper it appeared to be what we needed. But Verizon rejected the IMEI of the Sierra Wireless MC7354 because it did not support e911 and so I had to RMA the device. I know nothing is future-proof, but I'm looking to get a good 5+ years out of this device.
Let me know if there are any other datapoints I can provide!
I'm not opposed (at all) to DIY, but I need something that will be consistent and reliably online.
Budget is $1,000 but obviously if there is a device that can give me that level of performance and reliability for less, I would not mind saving some of that budget for other items in my rack.
I'm looking for a solid/reliable router for our out-of-band access to our colo rack. I'm currently using my personal WE826-t2 for now and it just doesn't feel reliable -- I have to totally reboot the entire router just to get the LTE modem to restart, and it feels like some of my AT+ commands don't always work. When it was my daily modem here at home, I needed to manually reboot it once every 2 to 4 weeks. The Wireguard and OpenVPN configs also seem to only partly work (and conceptually, the Wireguard implementation doesn't seem quite right - there is a server and client mode, but Wireguard is peer-to-peer).
All of those add up to make the device feel 'brittle' and not at all suited to this task. (I know that it was not built for this task so I'm not criticizing it for the flaws; I'm just spelling those out to give you an idea of what I am looking to avoid.)
Here are the main features that we need:
1. VERY reliable - solid uptime with reboots only rarely needed (ideally just for firmware updates)
2. Works on Verizon network
3. Minimum 4 LAN ports but, more are better
4. Bonus if there are serial ports for connecting to our PDUs and switches, but those are rare so I'm not expecting them.
5. Native (or easily added) VPN support: ideally through Wireguard but OpenVPN is ok.
6. Routing and firewall tooling that can support passing traffic coming in from the ingress VPN connection through to the devices connected to the LAN ports. Bonus if it can also run something like fail2ban to auto-block excessive login attempts.
7. Speed is not a critical issue but I'll mention it here because I am sure the question will come up if I don't - most of what we need can be done via a simple web UI or command line. Given our signal on-site, I am confident anything that can connect to VZW over LTE will be fast enough for what we need. So the only reason I'd want to go with a top-of-the-line 5G-CAT-bazillion modem would be for reliably; not for speed.
8. Future-secure -- the last purpose-built device I tried was a Tripp Lite serial console server. On paper it appeared to be what we needed. But Verizon rejected the IMEI of the Sierra Wireless MC7354 because it did not support e911 and so I had to RMA the device. I know nothing is future-proof, but I'm looking to get a good 5+ years out of this device.
Let me know if there are any other datapoints I can provide!
I'm not opposed (at all) to DIY, but I need something that will be consistent and reliably online.
Budget is $1,000 but obviously if there is a device that can give me that level of performance and reliability for less, I would not mind saving some of that budget for other items in my rack.
. I'd say as long as you can get it configured the way you like and working with your modem and connection SIM properly, it can be a long running unit.