HOW TO use backup gateways for non-stop Internet connectivity.
While most Internet connection technologies are normally quite reliable, technologies such as VDSL are prone to intermittent interference and copper cable problems. Such problems are often difficult to locate and repair, so users may well require a backup connection until their main connection is again functioning correctly. NAT32 has the ability to detect connection failure and to switch to a backup connection whenever the main connection is down. When connectivity via the main connection is restored, NAT32 can switch back to using it.
Many DSL Routers support failover to a Mobile Broadband connection, but user interaction with the failover mechanism is usually quite limited. The following limitations deserve mention:
Dual Gateway Configuration
The simplest way to provide failover is to install a second router fitted with a Mobile Broadband adapter for Internet access. That router must be on the same LAN as the main router and its IP address should be specified in the NAT32 Interface Configuration, Alternate Gateway textbox. All Internet traffic normally flows via the main gateway, but should its Internet connection fail, a switchover can be done as follows:
The switchover can be automated by adding this line to the crontab file:
* * * * * switch.tcl # If icheck, check gateways and switch if needed
The NAT32 variable icheck controls whether or not connectivity checks are actually carried out. Additional crontab entries can be added to set or reset icheck at certain times of day.
A small WIN32 application called NETSTAT has been provided to monitor connectivity and activate failover automatically or manually as needed. The NAT32 textbox contains the address of the NAT32 machine with which the program is to interact.
The Failover Mode checkbox can be set to allow automatic switching between gateways (DSL or Mobile).
The icon indicates the state of the Mobile connection (yellow) and the DSL connection (green).
When failover is off, the DSL and Mobile buttons can be used to force the use of a particular gateway.
The author has a FritzBox 7590 at address 192.168.178.1 that serves as the main Internet gateway. It is a Mesh Controller and has its DHCP Server disabled. All machines connect to the 7590 via WiFi or Ethernet and they are configured either manually or via NAT32's DHCP Server.
A FritzBox 4040 at 192.168.178.4 serves as the alternate Internet gateway. It is fitted with a Huawei E3372 Mobile Broadband adapter for Internet access. It is not part of the mesh and it also has its DHCP server disabled. It is running FritzOS 6.83 for Huawei E3372 compatibility reasons.
The 4040's mobile Internet connection is always up, but it is only used for traffic to/from NAT32 when the VDSL2 connection of the 7590 is down.
Users can use a simple gateway selection web page to switch gateways for their machine, or the NETSTAT applet can be used on Windows machines to monitor and switch connections for all machines.
This solution has proven itself useful on several occasions when the VDSL2 connection had failed. In one test scenario, a Windows machine running Skype also has the NETSTAT applet running. Failover mode is OFF, and if the connection fails during a Skype call, simply clicking the Mobile button in the applet will instantly switch traffic to the 4040 gateway, and the call continues a few seconds later. Once the call has completed, the user can click the DSL button and the machine will then again use the VDSL2 connection, once it has been restored.
Note that no version of Windows to date (March, 2020) handles multiple Internet gateways in a sensible manner. At best, Windows will monitor traffic from the current default gateway and switch to the other gateway if the original gateway is not responding. It then continues to use that gateway as long as it keeps responding. Windows cannot use multiple gateways simultaneously. In contrast, NAT32 can route traffic from specific machines via specific gateways as described here.
When NETSTAT is running on the NAT32 machine, it cannot reach UDP port 7 of the NAT32 TCP/IP stack unless a permanent port mapping is in place (see startup.txt). In addition, it cannot reach the IP address of the NAT32 TCP/IP stack either, because socket traffic to a local address is never passed to the NDIS layer, where NAT32 could intercept it. It is therefore required that NETSTAT is set to use the IP address 188.8.131.52, because socket traffic to that address is sent to the NDIS layer, at which point NAT32 can intercept it.
When NETSTAT is running on some other machine, it should be started as netstat.exe nat32.box.