Edge Deployment Guide

Deploy Pimeleon router at edge locations

Edge Deployment Guide

Deploy Pimeleon router in remote or edge locations where reliability, remote management, and minimal maintenance are critical. Perfect for branch offices, remote sites, kiosks, digital signage, and IoT gateways.

Edge Deployment Characteristics

Typical edge requirements:

Remote locations (difficult physical access)
Minimal on-site technical support
Reliable 24/7 operation
Remote management essential
Power flexibility (PoE, solar, battery)
Harsh environmental conditions
Limited bandwidth connections

What Pimeleon provides:

Remote SSH/VPN access
Automated monitoring and alerts
Self-healing capabilities
Low power consumption
Compact form factor
Flexible power options

Recommended Hardware

Standard Edge Setup ($140-180)

For: Remote offices, branch locations

Raspberry Pi 4 (2GB) ($45) - Good performance, low power
Samsung PRO Endurance 64GB ($30) - High-reliability storage
PoE HAT ($20) - Network-powered operation
Aluminum heatsink case ($20) - Passive cooling, durable
PoE injector ($15) - If network doesn't support PoE
USB Ethernet adapter ($18) - Optional dual WAN

Total cost: $128-148 (plus injector if needed) Performance: 900+ Mbps, reliable remote operation

Harsh Environment Setup ($200-280)

For: Outdoor kiosks, industrial sites, extreme conditions

Raspberry Pi 4 (4GB) ($55) - Extra headroom
Industrial SD card 128GB ($50) - Extended temperature range
PoE+ HAT ($25) - Higher power delivery
IP65 waterproof case ($60) - Weather-resistant
Cellular modem ($40) - Backup connectivity
High-endurance components

Total cost: $230-280 Performance: Industrial-grade, all-weather operation

Edge Deployment Architecture

Network Topology

Basic edge setup:

Internet (ISP)
    │
Modem
    │
Pimeleon router (primary gateway)
    ├── eth1: Local LAN (192.168.76.0/24)
    └── wlan0: WiFi AP (192.168.77.0/24)

With cellular failover:

Primary: ISP Modem → Pimeleon eth0
                        │
Backup: USB Cellular → Pimeleon usb0
                        │
                   Local devices

With VPN back to HQ:

Remote site                    Headquarters
    │                              │
Pimeleon router ←VPN tunnel→ HQ firewall
    │                              │
Local devices              Management network

Step-by-step edge deployment

Phase 1: Pre-Deployment Preparation (At Office)

Configure everything before shipping to remote site:

Flash and configure SD card:
- Pre-configure network settings
- Set static IPs or DHCP reservations
- Configure VPN client
- Enable all remote management
Test thoroughly:
- Boot and verify all services
- Test remote access (SSH, VPN)
- Simulate network outages
- Verify automatic recovery
Document everything:
- IP addresses and credentials
- VPN configuration
- Contact information for site
- Emergency procedures
Create recovery media:
- Spare SD card (pre-configured backup)
- USB drive with recovery image
- Printed setup instructions

Phase 2: Remote Management Setup (Critical!)

SSH Configuration:

# Change SSH port (security through obscurity helps at edge)
sudo nano /etc/ssh/sshd_config

Port 24442
PermitRootLogin no
PasswordAuthentication no  # Keys only!
ClientAliveInterval 60
ClientAliveCountMax 3

sudo systemctl restart sshd

Install SSH keys:

# From management workstation
ssh-copy-id -i ~/.ssh/id_rsa.pub pi@edge-router.company.com

# Test key-based auth
ssh -i ~/.ssh/id_rsa pi@edge-router.company.com

VPN for secure remote access:

WireGuard is recommended for edge deployments due to its efficient performance and automatic roaming support. For complete VPN setup instructions covering both WireGuard (primary) and OpenVPN (alternative), see the VPN Configuration Guide.

Basic WireGuard client configuration for edge router:

# Install WireGuard
sudo apt install wireguard

# Configure WireGuard (see full guide for key generation)
sudo nano /etc/wireguard/wg0.conf

[Interface]
PrivateKey = <PRIVATE_KEY>
Address = 10.99.99.2/24

[Peer]
PublicKey = <HQ_PUBLIC_KEY>
Endpoint = hq.company.com:51820
AllowedIPs = 10.99.99.0/24, 192.168.1.0/24
PersistentKeepalive = 25

# Enable and start
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Phase 3: Monitoring and Alerting

Automated health checks:

#!/bin/bash
# /usr/local/bin/health-check.sh

# Check internet connectivity
if ! ping -c 3 8.8.8.8 &> /dev/null; then
    echo "Internet down at $(date)" | mail -s "ALERT: Edge router offline" admin@company.com
    # Attempt recovery
    sudo systemctl restart networking
fi

# Check temperature
TEMP=$(vcgencmd measure_temp | cut -d= -f2 | cut -d\' -f1)
if (( $(echo "$TEMP > 75" | bc -l) )); then
    echo "High temperature: $TEMP°C at $(date)" | mail -s "ALERT: Edge router overheating" admin@company.com
fi

# Check disk space
DISK=$(df -h / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ $DISK -gt 80 ]; then
    echo "Low disk space: ${DISK}% used at $(date)" | mail -s "ALERT: Edge router disk full" admin@company.com
fi

Cron job for health checks:

sudo crontab -e

# Run health check every 15 minutes
*/15 * * * * /usr/local/bin/health-check.sh

# Daily report
0 8 * * * /usr/local/bin/daily-report.sh

External monitoring (recommended):

Use UptimeRobot or similar service
Monitor SSH port and web interface
SMS alerts for critical issues
Check from multiple locations

Phase 4: Self-Healing Configuration

Automatic service recovery:

# Systemd service watchdog
sudo nano /etc/systemd/system/pihole-FTL.service.d/restart.conf

[Service]
Restart=always
RestartSec=10s

# Apply to all critical services

Network failover script:

#!/bin/bash
# /usr/local/bin/failover.sh

PRIMARY_GW="192.168.1.1"
BACKUP_GW="10.0.0.1"  # Cellular modem

# Check primary gateway
if ! ping -c 3 -W 2 $PRIMARY_GW &> /dev/null; then
    echo "Primary WAN down, switching to backup"
    ip route del default
    ip route add default via $BACKUP_GW dev usb0
    # Send alert
    curl -X POST "https://api.company.com/alert" -d "edge-router-failover"
fi

Automatic reboot on hang:

# Hardware watchdog
sudo nano /etc/systemd/system.conf

RuntimeWatchdogSec=60

# Enable hardware watchdog
sudo nano /boot/config.txt

dtparam=watchdog=on

Phase 5: Power Management

PoE Configuration (recommended for edge):

Benefits:

Single cable for power + network
Centralized power management
UPS at network switch protects router
Easy replacement (just plug in new unit)

Setup:

# PoE HAT configuration
sudo nano /boot/config.txt

# Enable PoE fan control (if HAT has fan)
dtparam=poe_fan_temp0=50000
dtparam=poe_fan_temp1=60000
dtparam=poe_fan_temp2=70000
dtparam=poe_fan_temp3=75000

Solar + Battery (for truly remote locations):

Components:

20W solar panel
12V 7Ah battery
USB-C PD power bank (for Pi 4)
Charge controller

Configuration:

# Low-power mode when on battery
sudo nano /etc/rc.local

# Check power source and adjust performance
if [ -f /sys/class/power_supply/battery/status ]; then
    STATUS=$(cat /sys/class/power_supply/battery/status)
    if [ "$STATUS" = "Discharging" ]; then
        # Reduce CPU frequency
        echo powersave > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
        # Disable non-essential services
        systemctl stop hostapd  # Turn off WiFi to save power
    fi
fi

Edge-Specific Features

Bandwidth Optimization

Compress traffic to save bandwidth:

# Install Squid with compression
sudo apt install squid

sudo nano /etc/squid/squid.conf

# Enable caching and compression
cache_mem 128 MB
maximum_object_size 50 MB
cache_dir ufs /var/spool/squid 1000 16 256

Traffic shaping for limited connections:

# Prioritize critical traffic
sudo tc qdisc add dev eth0 root handle 1: htb default 30

# VPN/management traffic: High priority
sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit prio 1

# Normal traffic: Medium priority
sudo tc class add dev eth0 parent 1: classid 1:2 htb rate 5mbit prio 2

# Bulk downloads: Low priority
sudo tc class add dev eth0 parent 1: classid 1:3 htb rate 1mbit prio 3

Cellular Failover

Setup USB cellular modem:

# Install modem manager
sudo apt install modemmanager

# Configure connection
sudo nmcli connection add type gsm ifname '*' con-name cellular apn "internet.provider.com"

# Set as backup WAN
sudo ip route add default via 10.0.0.1 dev ppp0 metric 200

Monitor data usage:

#!/bin/bash
# /usr/local/bin/cellular-monitor.sh

USAGE=$(vnstat -i ppp0 --oneline | cut -d\; -f11)
LIMIT=5000  # 5GB monthly limit

if [ $USAGE -gt $LIMIT ]; then
    # Disable cellular, alert admin
    sudo nmcli connection down cellular
    curl -X POST "https://api.company.com/alert" -d "cellular-data-limit-exceeded"
fi

Local Caching

Cache frequently accessed content:

# Squid caching configuration
sudo nano /etc/squid/squid.conf

# Cache everything aggressively
refresh_pattern -i \.jpg$ 1440 90% 10080
refresh_pattern -i \.png$ 1440 90% 10080
refresh_pattern -i \.gif$ 1440 90% 10080
refresh_pattern -i \.css$ 1440 90% 10080
refresh_pattern -i \.js$ 1440 90% 10080

Edge Deployment Best Practices

Redundancy

Dual WAN for critical sites:

Primary: Wired ISP connection
Backup: Cellular (LTE/5G modem)
Automatic failover script
Cost alerts for cellular usage

Spare hardware:

Keep spare Pi at HQ
Pre-configured and tested
Ship overnight if failure
Document replacement procedure

Security

Lockdown for unattended operation:

# Disable unused services
sudo systemctl disable bluetooth
sudo systemctl disable avahi-daemon

# Enable automatic security updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

# Firewall: Only allow VPN and essential ports
sudo shorewall policy

all     all     DROP  # Default drop everything
$FW     net     ACCEPT  # Router can access internet
loc     $FW     ACCEPT  # Local devices can manage

Physical security:

Locked enclosure (cabinet or case)
Tamper detection (door sensors)
Video surveillance (if valuable location)
Disable console access (require password)

Maintenance

Automated updates (with caution):

# Update system weekly during maintenance window
sudo crontab -e

# Sunday 2 AM: Update packages
0 2 * * 0 apt update && apt upgrade -y && reboot

Remote access SOP:

Connect via VPN first
SSH to router
Check system health: htop, vcgencmd measure_temp
Review logs: journalctl -xe
Make changes
Test thoroughly
Document changes

Troubleshooting Edge Deployments

Issue: Can't SSH to Remote Router

Solutions:

Check VPN connection to HQ
Try cellular backup connection
Use out-of-band management (if available)
Contact someone on-site for console access
Last resort: Ship replacement unit

Issue: High Data Usage on Cellular

Solutions:

# Check what's using bandwidth
sudo iftop -i ppp0

# Review Squid logs
sudo tail -f /var/log/squid/access.log

# Temporarily block non-essential traffic
sudo nft insert rule ip filter forward oifname "ppp0" ct state new drop

Issue: Router Offline After Power Outage

Prevention:

# Configure to wait for network before starting services
sudo nano /etc/systemd/system/pihole-FTL.service

[Unit]
After=network-online.target
Wants=network-online.target

# Enable wait-online service
sudo systemctl enable systemd-networkd-wait-online

Cost Analysis

Edge deployment costs:

Component	Standard	Harsh Environment
Hardware	$140-180	$230-280
Shipping	$20-40	$20-40
Installation	$100-200	$200-400
Total	$260-420	$450-720

Compare to alternatives:

Cradlepoint IBR200: $500 + $300/year
Sierra Wireless AirLink: $600 + $400/year
Peplink MAX BR1: $500 + $250/year

ROI: 6-12 months

Next Steps

Backup Procedures - Protect configuration
Troubleshooting - Handle common issues

Hardware Selection - Edge-appropriate hardware
Network Integration - VPN and failover
Physical Setup - Environmental considerations

Edge deployments demand reliability. Pimeleon router, properly configured, provides enterprise-grade edge networking at a fraction of traditional costs.