Networking Conundrum: Load balancing and vlans

Hi all

I have a bit of a networking conundrum which I thought the knowledgeable folk on here likely know the answer(s) to.

Current setup is:

FTTC1 (Plusnet) + FTTC2 (NowTV) >> Draytek 2862 (Load Balancing) >> LAN

The lan has been retrofitted around the 3 floors of the house, so it is not a nice star from a single switch. There are a number of branches and subbranches with passive switches dotted around, breaking out mesh points and whatever needs ethernet at the relevant point or daisy chaining on to the next switch.

The FTTC lines are quite average around 50 down 8 up. Line#2 has recently become unstable, dropping to 32 down 6 up, with the SNR jumping to 11db. The loss of speed is annoying but the packet loss/jitter is more of the problem. Even getting it back to where it was, the load balanced 100 / 16 combined is still a bit 'meh'.

My house is quite close to a number of blocks of flats, which so far seems to have put off G.Network or Community Fibre from laying fibre although they are doing stuff in the area, there is nothing planned down my road. Openreach have the area down as upgrading for FTTP between 2022-2025, but no activity so far, and it could be a while. Replacing 2x FTTC with FTTP is the ultimate solution, but not an option for now it seems.

Trying to work out a plan B, I've noticed that I have line of sight to a three 5G antenna on top of one of the nearby block of flats. Three checker says strong signal for 5G. I'm tempted to try the three 5G home broadband (unlimited data with a Qualcomm 5G SDX55M NSA/SA) and load balancing this with the better performing FTTC line, in case of mobile network issues. The problem with this though, is the best location for the 5G router is not near the the 2x phone lines and draytek. I know using mobile networks (and three in particular) can be hit and miss, and there is the whole external antenna thing that you can also do with a different 5G router, but to stop this getting too complicated, lets just assume the Qualcomm on three will work fine for now.

I want to avoid running new ethernet from the top of the house (converted attic room likely the best location), all the way down to the ground floor middle of the house room where the phone lines are (likely the worst location for 5G). Ideally I want to use the existing LAN cabling to send the output from the Qualcomm down to the WAN2 of the draytek, and then load balanced back across the whole LAN. I *think* I can do this using a VLAN and a couple of active switches between the Qualcomm and the Draytek to virtually separate this route from the rest of the LAN when the 5G traffic is 'WAN side', but I have never done/tried this before.

I'm assuming here that:

1.the rest of the passive switches in the lan that would sit between the new active switches would be happy with all of this...

2. The Qualcomm can do some form of modem mode (like on VM) to avoid double natting (although I guess there may be CGnat anyway) or there is a work around (e.g. DMZ) that I can put in place

3. I'm not missing a better way of doing this

Any thoughts/suggestions on the approach/ set up / kit to use would be appreciated!!

The Three UK device is a ZTE MC801A 5G router. The Qualcomm designation is the chipset it is based on.

You can set it up in bridge mode. See this YT video for detail, in order to avoid double NAT.

I'm not totally clear on your physical network setup, especially link from loft to ground floor/middle - but if you have a sole Cat5e netwetok cable to the loft, then you could simply use that to bring the connection from the ZTE down to your main Draytek router and then carry on as usual.

Unless you need to use the same cable for both LAN and WAN traffic then you should not need to go down the VLAN road.

Is there anyway you can drop an ethernet cable from the roof space, down the exterior of the house, to the room? That would save a lot of hassle and the 5G WAN would have a connection of it's own. You don't have to run ethernet internally.

Just to update on this, the three/zte router arrived and I've been having a play around with its location.....

In the room where the 2x phone lines and draytek are, I get a poor 4G signal and a spectacular 1mbit down, 1 mbit up. It's not much better in adjacent rooms / near windows on the ground floor.

In the attic room however..... 780mbit down 130mbit up, which I think is surprisingly good.

@Pheasant - thanks for the video link, bridge mode works! Sadly there is not a single cable between loft room to router room. There are 4 cable runs and 3 switches between the 2, lan traffic and lan devices branching off each switch.

@Adduxi - a new run is not easy, and would involve a fair amount of drilling/ladders!

At this stage I'm thinking:

1. Try VLAN idea;

2. Move router to the loft and loadbalance from there (question whether the draytek can actually loadbalance 700+mbit??). Use a separate wifi network to send the good FTTC line from ground floor to the loft. While the bandwidth loss between that distance is likely high, it would only need to manage 60 or so mbit.... That may negatively impact the 'normal' mesh wifi though.. There is also homeplug to do the same job, but that does seem like a backward step; or

3. Abandon the FTTC lines entirely. Until I see how reliable three 5G is though (I need to work from home around half the week), this seems a bit risky.

Hmmm

Thoughts?

According to Draytek you could get 900 Mbps NAT throughput. So definitely worth a shot.

As to VLAN the intermediate switches *shouldn’t* pose a problem even though they’re unmanaged / not VLAN aware.

You could pickup a couple of Ubiquiti USW-Flex Mini 5-port switches. These are great little switches. I have used them a fair bit.

They (were) pretty cheap when I bought my last batch under £25 each. Now they’re around £35 to £45. But current stock, as with lots of stuff is a bit limited. Download the UI network controller software onto your computer for setup/management. Then set up each switch at either end with a VLAN for ‘WAN’ say VLAN ID xxx - assign that to a particular port (they only support simple port-based VLANs but that’s fine and all you’re really needing here) and plug those ports into your ZTE box LAN port (bridge mode) and the WAN port on the Draytek.

Here’s a quick video I found that shows this being done.

I would otherwise recommend a pair of small Netgear managed switches, but these will be around three times the price of those little UI boxes above.

As it happens the USW-Flex Mini do support a general range of vlan configurations - access to a single vlan presented as a native vlan or a trunk containing a list of multiple tagged vlans with zero or one native vlan.

On Ubiquiti the default port profile is called "ALL" and is equivalent to 1U, othersT
You do need to create port profiles on a controller if you want to do anything other than ALL or Single though.

So you do need to be aware of whether you want to use VLAN 1 or not because Ubiquiti treat it differently across their product line and for UniFi expect it to be your "corporate" LAN as defined in the controlller.

A pair will do the job nonetheless.

Internet on a VLAN - have done this on several occasions and it's generally fine if your LAN switches don't have an SVI in that VLAN so that the only L3 device that can be on the network is the firewall/router.
I'll often use 9 or 90 (as in the outside line) and ≥100 for the real VLANs.

Intermediate unmanaged switches - yes they shouldn't change the tagging, however any multicast or broadcast frames on that VLAN will still be sent to all plugged devices and APs as tagged frames and (it will be up to them to drop frames).
So I would just avoid passing Internet and LAN over them together.

Good to know I’m not smoking crack 👍😅

Just to update on this....

I got a pair of the flex minis, and set up as described in the guides....and the vlan worked!! Weirdly I can't get bridge mode on the ZTE to work over the vlan, whether i put the draytek on the end of it or a laptop. It all works though if I leave the ZTE in router mode and double NAT with the Draytek (or use a laptop). In bridge mode, while I can still access the interface of the ZTE (so the vlan is working), there is no Internet connectivity / public IP being passed through.

Leaving it on double NAT, throughput wise is looking good and the Draytek seems fine in load balancing the 5G and the VDSL line. Peak performance (around 400mbit is the best so far) does seem lower than can be achieved connected directly to the ZTE. I do wonder whether that might be as I'm hitting the bandwidth limitation of 1gbe by effectively sending the same traffic over the network twice (once as wan in the vlan, then again as lan outside of it). Either way, assuming the 5G doesnt get too congested, it is an improvement until FTTP comes along!!

Thanks for the suggestions!

Just to make you aware the max throughput of the firewall on your 2862 is 400Mbps so that is the limit you are hitting.

Thanks
Dan

That’s good news on the whole and with some minor wrinkles otherwise working as you’d expected. 👍

It all works though if I leave the ZTE in router mode and double NAT with the Draytek (or use a laptop). In bridge mode, while I can still access the interface of the ZTE (so the vlan is working), there is no Internet connectivity / public IP being passed through.

Pretty hard to diagnose this remotely, especially without access to a ZTE so it difficult to say what precisely is causing this. From what I can see in the manual, in bridge mode ZTE are still using DHCP to the “first” client accessing the interface, so there’s probably something going on with broadcast DHCP packets from your router/PC to the ZTE in this mode over the VLAN. Bit of packet sniffing / some tweaking of settings might get to the root of the issue. But if it’s otherwise working in router mode with double NAT probably not super urgent to resolve.