Sunday, August 2, 2020

Thinking through equipment for deployment in a remote area with poor connectivity

The Constraints

I've been working through a network I'm looking to deploy in an environment with poor infrastructure and unreliable connectivity and need equip that can meet the following needs:

  • Dual WAN failover support including LTE connectivity (not expecting more than 30-40 Mbps on the WAN
  • NTP server for the LAN must be hosted locally and without reliance on external connectivity (needs to obtain time from GPS)
  • Capable of supporting multiple forms of VPN including Wireguard, Zerotier, among others
  • Would like to have IDS/IPS software running like Suricata
  • Multiple VLANs and internal routing between them
  • IP camera traffic will be present as well
  • The less power it needs, the better to increase runtime on batteries/UPS
  • The more affordable the better but not at the sake of resilience
  • Ideally needs to operate with little regular intervention (no full-time IT staff will be on-site)

The options I've been looking at

Option 1: Getting something like a Teltonika RUTX09 as the primary router and running a Ubiquiti managed switch for all LAN activity. The good news is that the Teltonika covers most of what I need (including the GPS-based NTP server) however the hardware looks a little underpowered and I'm not sure how to run Suricata elsewhere in the network to filter all traffic.

Option 2: Getting a separate LTE modem/gateway with passthrough and running Opnsense on a dedicated machine (e.g. Qotom) to handle the WAN failover as well as Suricata (and Ubiquiti managed switches). The only issue is I'm not sure how to accomplish the local GPS-based NTP server. From what I've seen so far, it looks like this route may also be more expensive and the general feeling I get is that the more moving parts, the more potential issues might crop up requiring onsite intervention.


Any thoughts on what route may be the better option? Or perhaps new options I haven't considered yet?



No comments:

Post a Comment