Results 1 to 14 of 14

Thread: Backhaul site via LTE need the pro's thoughts.

  1. #1
    Join Date
    May 13, 2012
    Posts
    611
    Thanks
    1,192
    Thanked 387 Times in 213 Posts

    Default Backhaul site via LTE need the pro's thoughts.

    I am looking to back haul one remote site over LTE. We have had nothing but issues with the AT&T T1 currently there. If it even acts like it will rain it goes down or starts bouncing.

    Considering dumping the T1 and going with a cradle point solution. Anyone have experience??

    The way i am picturing it,,,is two cradle points one at core and one at the site. I do not want to use our IT department's network.

    Additionally i may add a second site with LTE as secondary back haul. If this site works out well.

    System is 7.18
    Radio Referenced...Those who think they know it all are very annoying to those of use who do.


  2. #2
    Join Date
    Nov 06, 2012
    Posts
    549
    Thanks
    578
    Thanked 543 Times in 293 Posts
    Country: United States

    Default

    Is there any LOS to other sites?

    Is there LOS to one of "your" buildings with reliable internet, a building that would be more likely to survive?

    I would use a prosumer redundant ptp config as primary. Combo of 5+24ghz, or 5+900MHz using ubnt and mt. Just dont use something like AF-24HD by itself, when it rains or birds poop you can have issues.

    You can't trust the MNOs backup power.

  3. The Following 2 Users Say Thank You to PSEhub For This Useful Post:

    moetorola (4 Days Ago),ndp (4 Days Ago)

  4. #3
    Join Date
    May 13, 2012
    Posts
    611
    Thanks
    1,192
    Thanked 387 Times in 213 Posts

    Default

    Direct,, LOS is marginal. I would likely have to do multi hop. In a all reality that is the way i would like to go in the future. But i have done a few studies and would likely have to do a hub setup. Nice thing is, the hub would be on a tall building for easy access.
    LTE would be ultimately backup backup solution, temporary for now going to LTE backhaul.
    I have just had enough with this T1 out in the back woods. And it seems a lot of the old timers with AT&T that understand a T1 or even know how to use a T-Bird are few and far between.
    Radio Referenced...Those who think they know it all are very annoying to those of use who do.

  5. #4
    Join Date
    Nov 10, 2013
    Posts
    574
    Thanks
    301
    Thanked 399 Times in 234 Posts

    Default

    Quote Originally Posted by moetorola View Post
    I have just had enough with this T1 out in the back woods. And it seems a lot of the old timers with AT&T that understand a T1 or even know how to use a T-Bird are few and far between.
    Boy that's truth. Five years ago, I had to show a tech how to setup his TBird and he was sent out to work on a NAWAS drop..

    Not sure where you are but, I would be looking at Siklu or Cambium first, then a Fixed 5G and then a 4G maybe 1st net with priority. Remember with 4G LTE you will probably be dealing with IPV6 to IPV4 transversal and mapping.

  6. The Following User Says Thank You to phonebuff For This Useful Post:

    moetorola (3 Days Ago)

  7. #5
    Join Date
    Jul 08, 2013
    Posts
    453
    Thanks
    157
    Thanked 1,058 Times in 277 Posts
    Country: United States

    Default

    Assuming AT&T commercial here (haven't done any FirstNet builds using this method), you are going to want two LTE modems (Cradlepoint or Sierra Wireless) and two firewalls (Cisco ASA or Palo Alto, just stay away from the Cisco Firepower software as it is garbage).

    Get AT&T to create a custom APN and only allow the modems to communicate within that APN, preferably only allow traffic between those two modems (but that gets hard to manage when swapping units for testing/after equipment failure/etc and makes it less of a chance AT&T will screw up the rules when adding more units). Each modem should be provisioned with a static, non-routable IPv4 address (or a public IP to make uniqueness easier, but with IPv4 exhaustion this option may not be around forever). Be sure to pick a subnet that doesn't conflict with any of the traffic going over the link.

    Set up an IPsec tunnel between the firewalls over the modems, and add firewall rules only allowing communication with the APN subnet or the remote modem's IP.

    Even if AT&T later breaks the traffic rules on the APN (it's happened to me) to allow traffic from the internet, the rules on the firewall are the second line of defense.

    This all relies on the 2 modems, the 2 firewalls, and the cell network operating correctly. I would still add a microwave link if possible in the future, the firewalls can handle the failover between the links.

  8. The Following 3 Users Say Thank You to duggerd For This Useful Post:

    moetorola (3 Days Ago),phonebuff (4 Days Ago),PSEhub (4 Days Ago)

  9. #6
    Join Date
    May 13, 2012
    Posts
    611
    Thanks
    1,192
    Thanked 387 Times in 213 Posts

    Default

    I noticed Cradlepoint some of there modems have built in firewall and VPN. Is it not a good good idea to use the modem for the firewall and VPN?

    I also pulled out my old notes on a path study that was done. Looks like it can be done.
    I pulled up Ubiquity path builder and it confirmed my path study. Looking at 4.9 equipment from Ubiquity.
    Radio Referenced...Those who think they know it all are very annoying to those of use who do.

  10. #7
    Join Date
    Jul 08, 2013
    Posts
    453
    Thanks
    157
    Thanked 1,058 Times in 277 Posts
    Country: United States

    Default

    Quote Originally Posted by moetorola View Post
    I noticed Cradlepoint some of there modems have built in firewall and VPN. Is it not a good good idea to use the modem for the firewall and VPN?
    Those LTE modems are modems first, firewalls/routers second. They aren't very flexible like actual networking gear is, and with those features tacked on rather than being the core functionality.

    Decoupling the roles also leads to better security, the modems are designed to have as many features as possible, which is a wider attack surface than a dedicated firewall's outside interface would have.

    Down the road you may decide to go with a microwave primary with a LTE backup. Or have both AT&T and Verizon. Or a fiber connection is brought in. The external firewall gives you flexibility there rather than having to design around the restrictions an all in one modem device has.

  11. The Following User Says Thank You to duggerd For This Useful Post:

    moetorola (3 Days Ago)

  12. #8
    Join Date
    Nov 10, 2013
    Posts
    574
    Thanks
    301
    Thanked 399 Times in 234 Posts

    Default

    Quote Originally Posted by moetorola View Post
    I pulled up Ubiquity path builder and it confirmed my path study. Looking at 4.9 equipment from Ubiquity.
    The Ubiquity hardware has been my go to for Base camps and temporary builds for awhile now. But long term I prefer one of the less SOHO type solutions.

  13. The Following 2 Users Say Thank You to phonebuff For This Useful Post:

    moetorola (3 Days Ago),ndp (3 Days Ago)

  14. #9
    Join Date
    May 13, 2012
    Posts
    611
    Thanks
    1,192
    Thanked 387 Times in 213 Posts

    Default

    Quote Originally Posted by phonebuff View Post
    The Ubiquity hardware has been my go to for Base camps and temporary builds for awhile now. But long term I prefer one of the less SOHO type solutions.
    Do you have any you recommend? I have been out of the back-haul game for a while now, last I deployed was an Unlicensed Adtran tracer and Licensed MDR-8000 type stuff..LOL
    Radio Referenced...Those who think they know it all are very annoying to those of use who do.

  15. #10
    Astro Spectra's Avatar
    Astro Spectra is offline T S - Moderator
    CS Forums $upporter
    Join Date
    Nov 22, 2012
    Posts
    968
    Thanks
    391
    Thanked 719 Times in 340 Posts
    Country: Great Britain

    Default

    Pick the Cisco 1000 series LTE if you need just IP interfacing or something Cisco that will take voice and LTE cards if you need analog.

    Forget using two LTE routers, twice latency and twice the unreliability. Talk to IT and see if they have a private APN with a carrier and use that. A private APN can be used to securely extend a core inside IP out to the LTE device so your device looks like it's locally connected. The private APN terminates via a VPN from the carrier to your data centre. Yep, you still need the IT guys involved but this takes the solution out of kludge and into acceptability.
    It is a fine thing to be honest, but it is also very important to be right

  16. The Following 2 Users Say Thank You to Astro Spectra For This Useful Post:

    moetorola (3 Days Ago),ndp (3 Days Ago)

  17. #11
    Join Date
    Aug 15, 2019
    Posts
    156
    Thanks
    111
    Thanked 349 Times in 128 Posts
    Country: Australia

    Default

    Private APN isn't going to be cheap, and it will need to terminate somewhere (ie an MPLS service you own.)

    Lot of engineering involved that no carrier is going to do just for just one site/mobile service (at least not for free), though if you were talking 200 sites that might be another story.

    LTE to LTE is going to be mostly impossible to make work due to CGNAT, and the performance will be terrible as others have pointed out.

    VPN with LTE on one end terminating on a metro ethernet service or something similarly robust would probably work acceptably well.

  18. The Following 2 Users Say Thank You to syntrx For This Useful Post:

    moetorola (3 Days Ago),ndp (3 Days Ago)

  19. #12
    Join Date
    Jul 08, 2013
    Posts
    453
    Thanks
    157
    Thanked 1,058 Times in 277 Posts
    Country: United States

    Default

    M2M performance of LTE connections on AT&T is actually pretty decent (with good coverage). If you have more than a few sites, having the hub on a wireline service is necessary for bandwidth reasons more than reliability ones. If it's just one or a couple sites to start, both sides on LTE should be fine.

    A custom APN for us on AT&T was $500, though that was a couple years ago.

    Everything should be in your own VPN tunnel, the carrier's equipment shouldn't have direct access to your inside networks. Being able to easily change providers or fail over to different transport types is worth the added complexity of running your own routing gear rather than being locked into one carrier.

  20. The Following User Says Thank You to duggerd For This Useful Post:

    moetorola (2 Days Ago)

  21. #13
    Join Date
    Nov 10, 2013
    Posts
    574
    Thanks
    301
    Thanked 399 Times in 234 Posts

    Default

    Quote Originally Posted by moetorola View Post
    Do you have any you recommend? I have been out of the back-haul game for a while now, last I deployed was an Unlicensed Adtran tracer and Licensed MDR-8000 type stuff..LOL
    As I said above, I like Siklu or Cambium. But there are any number of vendors in the space and U might be a great place for proof of concept, depends on the weather conditions around your site.

  22. The Following 2 Users Say Thank You to phonebuff For This Useful Post:

    moetorola (2 Days Ago),ndp (3 Days Ago)

  23. #14
    Astro Spectra's Avatar
    Astro Spectra is offline T S - Moderator
    CS Forums $upporter
    Join Date
    Nov 22, 2012
    Posts
    968
    Thanks
    391
    Thanked 719 Times in 340 Posts
    Country: Great Britain

    Default

    Quote Originally Posted by syntrx View Post
    Private APN isn't going to be cheap, and it will need to terminate somewhere (ie an MPLS service you own.)

    Lot of engineering involved that no carrier is going to do just for just one site/mobile service (at least not for free)...
    Yup, that why I suggested the OP talk to his IT guys to see if the had a private APN in place already for something else that he could leverage for his one off. We have several from Vodafone and they did not cost much. Terminated via plain old regular Internet over fiber, not a label switch in sight.
    It is a fine thing to be honest, but it is also very important to be right

  24. The Following User Says Thank You to Astro Spectra For This Useful Post:

    moetorola (2 Days Ago)