Avoid any ASUS routers unless you're flashing a new firmware. Awful experience. My last one was the N15. It wouldn't even give out a DHCP lease to two different computers and four different NICs.
And, as for:
"Ever sat in an internet shop, a hotel room or lobby, a local hotspot, and wondered why you can't access your email? Unknown to you, the guy in the next room or at the next table is hogging the internet bandwidth to download the Lord Of The Rings Special Extended Edition in 1080p HDTV format."
Nmap is your friend. Find the offending port and flood it. Since the local connection is always quicker than the Internet connection, it's easy to do. I've done this countless times, and only to those torrenting. At one cafe I use to frequent I would just start scanning whenever this one guy came in. I wonder if he ever developed a negative Pavlovian response to seeing me at the cafe and his torrenting success.
Do I feel guilty about basically DoS? Really, no. If someone tries to take control of a limited resource... shit is going to happen.
They are probably not trying to "take control of a limited resource". Most people don't think of bandwidth in that way.
I sometimes use the shared wifi on trains and overhear people who are confused as to why they can view webpages but 1080p video doesn't seem to stream very well.
>Running Linux? Avoid any ASUS routers unless you're flashing a new firmware.
Good to know, thanks, thought that was what the entire article was about - buy a commodity router (or hardware in general) and flash it with new and better firmware.
nmap is smart enough to determine what service is being offered on a given port and what OS is running.
The above combined with the offending computer usually being a Mac and it's named something like "Bob Smith's Computer" is enough to common-sense narrow it down within a minute or two without having to use passive mode.
(Also with the repeat offender I kept his MAC handy.)
Then just initiate as many TCP connections as you can a la Python or whatever is handy.
(of course your mileage may vary with this approach such as when clients are isolated from communicating with each other.)
Won't the program listening on the socket just drop the connection if it's getting stuff that doesn't make sense or correspond to a session that it is aware of?
It sounds more like connection flooding to me. TCP SYN flooding would also work, although modern IP stacks should cope reasonably well with that if syncookies are used.
That said ... considering these are Macs, they probably have mDNS open to IPv6 link-local traffic. It might make more sense to flood the offending machine with valid, unicasted mDNS packets. I don't know how well the Apple mDNS daemon copes with high traffic volume, but in my experience Avahi (on an Atom-powered netbook, admittedly) can regularly use over 50% CPU on a wireless network with an oversized local subnet. Hypothetically, deliberately flooding an OS X system with complex but valid mDNS announcements could have interesting results...
I should probably point out that Windows systems tend to be protected from this. Firstly, iTunes or Bonjour must be installed separately. Secondly, Windows Firewall tends to kick in with its "Public" profile, blocking inbound traffic by default. Thirdly, Windows machines tend to use mDNS over IPv4 multicast instead of IPv6 unless an auto-configured external address exists. This further reduces the traffic seen, although this last point is no protection from deliberate floods.
Or just offer to help the coffeeshop owner replace their router with something better. I replaced the router at my coffeeshop. They're happy to have the help!
I can't comment on the N15, which is a low end router; however the more powerful ASUS routers are great, I have both a rt-n56u (now with my in-laws), and a rt-n66u, and they both work spiffingly.
Also, check out the reviews on smallnetbuilder etc, they have excellent ratings for these two routers, with the most high recommendations for both.
There's no need to rubbish the whole range of ASUS routers :)
Thanks for sharing. I did not have the same prejudices against Asus' other products, but I did for their routers. (Twice bitten anecdotal evidence re: routers)
I'm seeing more hotels' providers go to private VLANs so in those cases I can't see how such a DoS attack will work any longer. Hopefully, if the provider is sophisticated enough to set up a private VLAN for each room or WiFi connection, they can write the rules for enforcing QoS on the uplink.
What surprised me was the number of responses along the lines of "you don't need this -- just install DD-WRT, OpenWRT, whatever and configure the foo,bar, and baz features as such." I'm likely in the 99th percentile of the US population in my ability to do such a thing, and I still have to spend a bunch of time Googling. Worse yet, I don't have the certainty at the end that I've done it right.
[We do sell this but] We limit the number of offices in a minimum order to 10. This was a hard lesson. We started off dreamy-eyed with onesies and twosies but were rapidly buried under a sea of "and it also has to...".
Pretty much says it all.
Also over here in the UK you get a free wi-fi router when you sign up for broadband from the major providers. No QoS, but auto-updating. Do you not get that where you are? If they do, where's the market? The router shelf space in local stores has already dwindled down to a single dusty shelf from the aisles it used to dominate.
In the US, it depends on the provider. The two giant cable telecoms I've dealt with charged ~$5/month for a wifi router which is really highway robbery - especially considering the quality of the routers they provided. Their provided cablemodems were pretty much universally awful too, so you were better off buying both your own modem and router - but they obviously didn't advertise that you could do this, if you weren't technically savvy you'd never have a clue. One friend I helped out was amazed that they could get wifi without paying TW $5/month and how much better it worked without TW's equipment.
I'm currently on Qwest (formerly anyway, now acquired by CenturyLink) DSL. Qwest provided an excellent modem/wifi router for free, but I have no idea if CenturyLink would do the same now - I kind of suspect the giant teleco would probably provide inferior equipment and/or charge for it.
I realize you're quite possibly kidding, but it's just an optional extra - quick call to TW then swapping the wifi modem for a plain old modem and it's off the bill. Easier than cancelling HBO certainly.
I'm using the 'stock' DD-WRT firmware on mine, and it handles its duty as a VPN endpoint, a Tunnelbroker endpoint, and does significant QoS'ing without a problem.
A good start. Does Buffalo offer any sort of SLA which promises timely firmware updates? What scares me about buying a router is that vendors silently stop supporting them. So, while grandma's grandson might have turned on automatic firmware updates, widely known security issues might not be patched after a year or two.
the bufferbloat project's end goal is to get to where the default firmware on everything is good out of the box, and that involves trying to fix upstream for the kernel, tools, and distros, so vendors take it and run with it.
The part of Tomato I like best is its simple DNS interface that lets you have one hosts file that is shared across all the machines connected to it. This is where I define my local dev domains so that I can test across devices that don't allow local host file changes (namely non-jailbroken iOS devices).
DD-WRT usually includes DNSMasq[0] which can do some fairly advanced stuff for being so small. The downside being that it's all manually configured via the equivalent of a config file.
No mention of Mikrotik? I picked up a RB750GL last week, and so far, it's everything DD-WRT/Tomato/etc wish they could be. It works as a basic plug-and-play router, but it's incredibly flexible beyond that.
I have deployed a dozen mikrotiks with ubiquity networks wireless cards for wireless backhaul networks covering tens of kilometres. the hardware has been good, the software hasn't always worked as advertised. I find when I really get in to using any one feature beyond the basic configuration, it hasn't worked out. For example it supports openVPN, but only over TCP and not UDP, so I end up with TCP over TCP and all the problems that go with that.
Or I want to have two access points which route traffic between eachother, but also local clients can connect to either one. ap-bridge mode with wireless distribution system (WDS) can do this, but only with WEP encryption since for some reason one of the wireless cards must be in "station" mode for the WPA key exchange to function properly. In station mode the wireless card is not an access point, it is a client only and can not accept the local connections from laptops.
The support is surly and unapologetic. If your bug is fixed, in the next major release you have to pay to upgrade your license, but probably that release has some other bug as well. read the changelogs, the users are the beta testers. mikrotik are accused of being GPL violators as well, openWRT has not been able to support recent hardware. you get what you pay for.
If I had to deploy more wireless networks, I would use the ubiquity access point products, they've come a long way. Maybe I'd still use mikrotik for a router.
Another vote for Mikrotik. I bought a RB751G-2HnD myself about a month ago, because I needed a router with decent features and fast enough to handle a 90/10 Mbit connection.
The feature list is very impressive and on par with professional-grade gear (Cisco etc.). Only downside is that it's not open source, but it's updated about every month or so. [1]
You've convinced me! I'll be picking up an RB751U this week. Now I need to return the piece of junk Linksys that stopped syncing to my DSL line this week. The best part? The MikroTik is cheaper but better!
I have one of these, and they certainly seem powerful, but holy crap, the configuration isn't for the faint of heart.
I'm not a network engineer, I just want a static IP to be assigned to the router and simple switching on the other ports, but damn if I couldn't figure that out in 15 minutes.
In the end I had other things to do so I put it aside, but be warned that you need to be willing to invest the time to make these work. (or already have a networking background)
However, I'd argue that the use of open source firmware in this case is a means to an end, since proprietary firmware generally sucks. But since this is an article about how to have a quality Internet connection, rather than how to get started in router OS development, it might be more than suitable for many of his readers.
One thing Jeff didn't mention is that due to the high CPU and RAM in that ASUS router, you can be downloading several different torrents and the internet experience in general won't be degraded.
With my Verizon FIOS's router, if I try to torrent anything it gets throttled down to less than 10KB/s, and on my old Linksys, attempting to torrent would make browsing the internet nearly impossible.
Wait a minute. Is it the CPU and memory factor on the router that causes the "internet is slow, somebody close your torrents" nuisance? I always thought it was the bandwidth getting choked. Could someone expand on this topic?
Every TCP/UDP endpoint (such as a client or a server) maintains a state-table. As you might guess, it stores the state of each connection. You can view it using the 'netstat' command on Windows and Linux.
Bittorrent tends to create several entries in the state-table (since you're typically connected to hundred of seeds/leeches), which are each stored in memory, and uses up CPU resources to setup/maintain/teardown.
So if you were downloading a file via, say, Rapidshare, there'd be probably 1 TCP (you can configure your browser to use more) connection for your router to track, and do the necessary TCP handshakes, acknowledgments, RWIN scaling etc. Multiply all that's necessary for 1 TCP connection by N, where N is the number of peers you're connected to, and the limited resources on a $60 router get used up fast.
Early models of the now-famous Linksys WRT54G could reliably be crashed by torrenting while using stock firmware. A power-cycle was necessary to get it running again. Fun times.
However, all this only applies if you're running the router in NAT mode, which means the router takes the IP address from your ISP, and acts as the endpoint on behalf of your computer. If the router is running in bridged mode, then your computer acts as the endpoint, as much more equipped to handle large numbers of TCP connections.
> Early models of the now-famous Linksys WRT54G could
> reliably be crashed by torrenting while using stock
> firmware. A power-cycle was necessary to get it
> running again. Fun times.
I had an older Linksys model, but it would get into a state where the max bandwidth it would allow would be 32kB/s.
This is actually a two part problem. oz captured half of it (maintaining hundred of connections in the NAT state table). It can also be caused by saturating your upstream bandwidth, which causes your devices send buffer to fill. When that buffer is full you end up with your packets waiting in the buffer (which is normally fifo). What makes this very noticeable most of the time is the ack part of the tcp connection getting stuck, there by forcing the remote server to wait to send you the next packet.
There are ways to mitigate that kind of thing. the simplest being keeping upstream bandwidth levels limited to slightly less than your upstream connection speed. Traffic prioritization schemes also exist letting you have some say in the buffer order ( always putting acks, icmp, and ssh first in line for instance ).
You can also mitigate the NAT state table issue by limiting the amount of peers your torrent client connects too. Some clients allow you to set a global max, and others only allow a per-torrent max (e.g. rtorrent).
While that router may be beefy enough for multiple downloads. Installing an open-source firmwire degrades WAN performance a lot. I've tried a few different routers and dd-wrt / tomato generally reduces the WAN speed by 75 - 90% (from 500-1000mbit down to <100) in comparison with the default firmware. That is simply unacceptable, although understandable since this is probably not something that hits the devs very hard since most people are not on 1gbit pipes.
That sounds ... sensational. I've never used any of the open firmwares (so I don't have any deep motive) but I would really really hope that you provide this information to the developers. Preferably as a bug report with some kind of measurement data backing up your description, of course.
The router also hooks up into my TV, so not sure if possible in my situation. However, the FIOS router is exceedingly horrible - the wifi signal is very poor, and I almost never get the rated speeds using it.
What I've ended up doing is hooking up the ASUS router via LAN to the FIOS router and connecting all my devices to the ASUS. Every single complain is fixed going this route.
Yes, but it will require a call to Verizon to enable the CAT port on the fiber terminator box in your closet. You also need to set it up properly to keep Pay-Per-View and TV Guide working.
Yes, you certainly can. At my last place of employment, I built a custom BSD (packetfilter) based router using the nice multiport gigabit intel NICs. We had static IP configuration, which meant all I had to do was put the default_router and standard interface configuration into /etc/rc.conf and, as they say, voila, internets!
It can be done. I'm doing it now. It's not cheap, though, as the FiOS router is actually 3+ devices in one: a MoCA adapter for the uplink on channel C, a MoCA adapter providing networking to the cable boxes on one of the D channels, and a regular wireless router. In order to remove it without plugging into the RJ-45 port on your ONT, you'll need all three parts. Additionally, the ch. C uplink is encrypted, so you need to grab the encryption key from the router (available buried somewhere in the web interface). I picked up a Netgear MCAB1001 kit and it's working quite well.
Not if you have FiOS TV and want access to On Demand and similar features. The router connects up to the TV and not through a network cable. However, I've had no issues getting exactly the 50/20 speeds I signed up for with their router.
Maybe this is a reasonable place to ask for some advice: I have 2 broadband connections, one via my phone line (ADSL) (76/17) and one cable (50/4) does anyone have any experience with using 1 piece of hardware to manage them both, possibly load balancing (not important, but would be cool)? I currently have 1 modem and 2 routers... it's not a very power efficient set up, it's also a bad experience because they're all ISP provided and don't allow me to control DNS.
Realistically, you'd be looking at a soho (small office/home office) load balancing router, specifically a dual-wan router. Cisco offers some [1] as well as Peplink [2]. I don't have a lot of experience with them (did some research on it a few years ago but never pulled the trigger), so YMMV when it comes to custom firmware etc. Doing a google search on "dual wan router" would give you a good feel for the environment. It's possible to find them under $200USD. $350 isn't entirely out of the question depending on the features you're looking for.
If you're outside of the US (I'm guessing, based on the speed of your link), some products are export-restricted. You'd have to check on support for your locale. Another option if you're in a DIY mood is making a custom Linux box using split access features of iptables [3].
If you don't want to mess with iptables, ClearOS (CentOS derivative) [1] has built-in multi-WAN support [2], including auto-failover and load balancing. There's a GUI, but you can always SSH in and configure things manually.
My home router/server is a MicroATX box with an Atom D525, 4GB RAM, 2 x 1TB RAID-1, and 2 x Gigabit NIC. Cost a few hundred dollars to build, draws ~16W idle, and is almost silent. DNS, SSH, FTP, SMB, POP/IMAP, SMTP, QoS, PPTP/OpenVPN/IPsec, and dmcrypt are included. The Atom chip is fine for home use, move up to an Athlon if you're pushing a lot of SSH traffic.
I've been doing this for years as well. I use PCengines ALIX boards to build new ones for friends and family now as they seem to have the same specs for half the price.
I'm not sure about your cable connection but if something similar to a Draytek Vigor 120 ADSL ethernet bridge modem exists for it, you could just build a linux box, stick 3 nics in it (one for each bridging modem and the third facing your internal network) and use that as your router.
You just bond the two public facing nics together with ifenslave, setup pppoe and write an iptables script.
Also, IIRC (been a while since I did it), normal bonding only gives you round robbin i.e. your max speed is limited to the bandwidth of whichever external link your connection is forwarded through at the time (unless you use an ISP that can do MLPPP - which is rare). If you want to combine the bandwidth of both connections into one fat virtual pipe, you could get a cheap VPS and then run an Open VPN link over the bonded virtual interface on your linux box at home to the VPS box (I think! I last played with this 4 yrs ago and details are hazy...).
I've done this with Soekris and Cisco. The tricky part is getting a router that will take a cable modem module (not sure if either Soekris or Cisco will), plus a DSL terminator (both Soekris and Cisco will). These are not consumer tech, and they're not cheap.
Then you have to get or guess the configs for both WAN links, possibly with unhelpful residential support techs.
Cisco 2600 class routers are power hungry and loud too, so no win there. Soekris is smaller and more efficient, and runs BSD, so it's awesome in other ways...but it is a pain in the neck to set up. Several hours of prep plus work for your first time.
But if you are most concerned about DNS, I can think of two quick options: put your own router (ideally running Tomato or DD-WRT) behind your existing mess and serve DHCP from there to your network(s), or take DHCP from your provider, but hardcode the DNS settings on each host.
Edit: and Aside: less than a minute after posting this, I decided to check google to see if Soekris supported cable modem cards, and my post (this comment) came up on the first page of results. I had no idea google could turn crawls into results that quickly.
But it appears that Soekris does not support cable modem cards, from a cursory investigation.
> The tricky part is getting a router that will take ...
Or if you're lucky enough for your provided devices to support real bridge, put both of your devices in dumb mode and plug that as ethernet into your dual-wan device. That's still hardware present but management is kept to the absolute minimum. Plus sometimes you don't really have a choice to use the provided devices...
BTW, do yourself a favor and don't get a Zyxel device.
Yes, I note that I have no problems browsing while downloading bittorrent with my Time Capsule, whereas my housemate's Linksys with DD-WRT would bog down.
Does your bittorrent client by any chance use uTP[1]? If so, not experiencing any problems has nothing to do with your router and all to do with your bittorrent client throtteling its own speed.
I'd pick a Buffalo WZR-HP-G300NH, or -AG300N rather than either ASUS he picked. Both ship with DD-WRT preinstalled, and full source of the firmware is available.
The older ASUS routers are stuck on Linux 2.4.x permanently in OpenWRT (which DD-WRT and Tomato are derived from) because of proprietary Wifi or Ethernet drivers or firmware blobs and poor CPU support.
The newer ASUS (RT-N12/16+) use a 2.6.x kernel (and actually don't work with the old 2.4.x kernel) on tomato, and given now, I'd get the RT-N16 running tomato. My RT-N12 (I couldn't afford the more expensive RT-N16 at the time) is fine but only has 4MB of flash, so I can't put the "full" tomato on it, instead I compile it from source for a thinned out build that gets rid of a number of things yet keeps both IPv6 & OpenVPN.
I haven't tried either of the Buffalo routers, but my budget ASUS has been rocksolid and works very well.
A word of advice about tomato though, the development has stalled somewhat and led to the continuing development of a number of "modifications"(1) developed by different people, where each goes its own ways (e.g. Shibby, Toastman etc.). They can be found via the sub-forum and continuously add new features, improve existing ones and also fix some bugs etc.
Buffalo shopping with DD-WRT is an extra selling point for me. I actually got the -AG300H (such similar model names, ugh) because it had the best hardware specs according to OpenWRT's hardware table.
I haven't yet taken the time to tweak it to perfection, and unlike Jeff Atwood haven't benched its wireless performace compared to others. While it works well for me, I'd be curious about comparison info.
Just as a data point on the Tomato firmware. I've been running it for about 2 years now, on two different hardware devices. It hangs every once in a while, the intervals range from several days to several weeks. I determined the culprit is QoS: if I disable all QoS, the device will run fine for months. Enabling it shortens the uptime to days or weeks at most.
Since I know this happens reproducibly on two different devices, I am certain it is the software. And unfortunately without QoS the Tomato firmware loses much of its appeal.
Unfortunately this is one of those "unreportable" bugs: there is no way to properly report it, much less have it debugged by original developers.
QoS in your router is only interesting if bandwidth is constrained in your last mile, otherwise it just adds complexity. I would think that QoS in home routers is only a transitional technology for the next few years while not everyone has a large enough pipe yet.
Can you imagine your electricity or water outlet at home being constrained like bandwidth is? Those issues were solved a century ago, they'll get fixed for bandwidth too within our lifetime.
I doubt water usage per capita has changed drastically in the last 20 years. Sure, there were drops from low flow toilets, low flow shower heads, and HE washing machines, and I'm sure there's some variability to usage based on seasonal variance from year to year, but the average US household uses about 350 gallons a day. I don't have access to historical data, but I'd wager that it hasn't changed more than 25% in the last decade or two.
Power has remained relatively constant at about 1.3MWh per capita. In the last thirty years, it has grown only 300KWh.
Internet bandwidth, on the other hand, went from 9.6-14.4kbit/s modems in fax machines in the 80s to 28.8-56.6kbit/s modems in the 90s to the megabit/s range in the 00s to the 15-100Mbps you can get in a residence today.
If the bandwidth issue is to get solved, the growth in consumption will need to peak.
Your comparing the last few decades of internet use with the last few decades of water use, a fairer comparison would be the first few decades of water use with the the first few decades of internet use.
More relevant to the point though, would be to compare it with the growth in internet usage a decade or two from now: as technologies mature it would would seem reasonable to expect that the growth tails off and QoS on the internet last mile will become just as useful as QoS on water pipes.
I can imagine, since my electricity outlet at home is constrained like bandwidth. We pay a fixed monthly fee that is proportional to the load capacity, so choosing a lower value and watching what I use saves me money.
In any case, I'm not sure if we'll ever have a large enough pipe for everyone; our current pipes are more than enough for our needs five years ago, but our needs grew, and will in the future.
I've been running Tomato and Tomato USB with QoS enabled for 4+ years. Routers were usually WRT54G or compatible Asus models installed into multiple homes or SOHO businesses. Tomato has been rock solid for me over that time period. Uptime was months or years depending on how often the router was moved or power went out.
However I have had a few issues with Tomato USB, which is a 3rd party fork. Switching back to original Tomato fixed my problems.
Really? I didn't expect to find a "consumer device roundup" article (along with sidebar ads and referral tags for the products being reviewed) to rate so highly on HN, even if the reviewer is Jeff Atwood. I doubt that flashing custom firmware on a router or QoS settings are a new concept to anyone on here.
All I'm gaining by reading the article is some knowledge on some consumer electronics that will probably no longer be valid in a couple weeks, which IMO is not HN-material. These types of articles are best served by Google results when I'm actually looking for a new router, not on my HN feed.
I disagree with the router recommendation. The Asus RT-N16 uses a Broadcom chipset which isn't well-supported by OpenWRT. Better choices would be something with an Atheros chipset, like the Netgear WNDR3700v2 or WNDR3800. Buffalo also has some nice models. Even if you don't plan to use OpenWRT itself, it's a base used by other firmware projects, so you might want to run a derivative of it in the future.
I don't mean to shill, but after trying all kinds of Netgear, Linksys and ADSL Modem/router combi's, I really love my Apple Airport Extreme. I haven't had to reset it once in two years, and it's every bit as fast and reliable as a wired connection. They are sold as tag-on purchases but really are a hidden gem.
Unfortunately, third-party router firmware distributors have an annoying habit of going from free-as-in-beer to having obnoxious and expensive licensing conditions. Which is of course one of the reasons why the open source ideology is popular in the first place!
<3 this. I've preaching this for the past year ever since I discovered the amazing combination of the 8yr-old Linksys WRT54GL [1][2] + Tomato SpeedMod firmware [3]. Amazing how that router still dominates the ratings of all routers, both in terms of numbers and average rating, and there are still more ratings trickling in almost daily.
Also, I don't know if SpeedMod has been merged back into mainline Tomato or not, but it's worked flawlessly on my WRT54GL for almost a year now.
I completely agree with Jeff's conclusion as well - commodity hardware + FOSS = potentially unbeatable. FOSS that has had a chance to literally evolve on the same platform for almost a decade, assuming it hasn't been abandoned, can really demonstrate the power of software evolution, for lack of better term.
I'm running this same setup - same router, same firmware.
I'm using the MultiSSID functionality (so I have my home wireless network, and a heavily throttled guest network), QoS (basically what Jeff wrote about), VPN (so I can be assured of a secure connection while on the road, and have effective LAN access via TAP), as well as all the standard stuff. It tickles me a bit that I'm getting a featureset for $80 that you'd have to pay several hundred for to get it out of the box.
Draytek Vigor. My go to router of choice. built in vpn from the off, so you can drop in these bad boys and then (once set up) auto route all your traffic that looks as if it should go to the remote site TO the remote site. Easy to vpn back "home" if you are out and about. QOS built in. VOIP server built in to the higher version. They are as cheap as a typical router but they pack the punch of any router out there. ... unless someone can tell me why not ?
- Improves DNS performance with a transparent DNS proxy (dnsmasq)
(e.g. you can have it query all servers at once, and return record from the first server to respond)
- Easy to use port forwarding rules
- Attach a USB HD to it to act as a NAS (smb/ftp/dlna, nfs possible with unfsd)
- Setup a full pxeboot enviroment with it, including a shared nfs root!
- Run tcpdump to troubleshoot network issues!
- Runs most openwrt packages
Cons:
- Sensitive to heat (90f days will cause it to crash, only reason I've had to reboot it though)
- Doesn't always mount my USB thumb drive at boot (poor USB connection?)
- Not fast enough to stream 1024p HD over wifi
- Limited internal flash, I store my utils (e.g. tcpdump, nmap) on my USB thumb drive
- TomatoUSB doesn't appear to be maintained anymore :(
In France, this need have been killed by the ISP themself. Is there any ISP in the US who does that ?
Free (a ISP) started in 2002. It's a home-made modem router, who also does TV and Phone. Since that almost all others French ISP have created their *box (Livebox, BBox, AliceBox, Neufbox, …).
I have freebox too but I still use a linksys wrt54g router with Tomato behind their router (which can be disabled btw) and I have great results. No resets, no slowdowns, uptime is very high and the wireless works well enough for my needs. There might be a little bottleneck in the wifi cause the chip is a bit older but it compensates with the fact that is very reliable. So I would recommend Tomato and Linksys over any ISP provided router.
Which is sad. We've got 5-10 devices connected at any one time and have had really terrible problems in terms of getting a consistently fast connection.
It seems like my internet connection has gotten worse over the past 4 years living in San Francisco and it's hard to pinpoint the cause because of the lack of innovation in routers. It would be nice to see someone come out with something really innovative here that shows easily what type of traffic you are getting and what is causing slowdowns.
AirPort Express/Extreme/Time Capsule are nice products that are very easy to set-up, but they do not have any user-accessible QoS settings or management (the point of this article).
A few months ago I researched how to install open-source router firmware.
I ended up chosing dd-wrt. I had some security concerns (such a technical forum stores passwords in plain text!! Does this imply anything the security of the project?) which I voiced on their forum.
I had a similar issue I raised in their forums (too lazy to Google it now) where something in my configuration led to a repeatable restart of the router each time. Denial of service, thus a security vulnerability. They were rude and arrogant. I left for Tomato.
It doesn't matter at all. QoS on your local net will let you prioritize your VoIP over your streaming video, but has zero effect on your throughput if you are constrained by a shared resource upstream of your router.
Some people share their LANs with more disruptive users than others, so QoS on that LAN can be useful. But the article was not clear at all.
I dont know what enabling QoS means on routers: is it traffic shaping or using QoS code points. Traffic shapping should be possible but I am not a strong believer of middleboxes tampering doing this (they probably dont have enough context to do it right). I'd rather have the applications or the browser or the kernel of the endpoint do this. For the latter this is kinda impossible because the QoS are ISP-specific and the application or middlebox should be aware of the them. Since there is no global solution or generic DSCP codepoints using them is not possible, however, there are some proposals in works to make generic marking possible.
The routers can enable WRED to mitigate some congestion problems, though it is not the silver bullet and works on a per-flow basis. Some new solutions to solve the buffer bloat problems is to install the experimental CeroWRT firmware in your routers (http://www.bufferbloat.net/projects/cerowrt), however, this is also a work in progress.
I have been burned by so many routers in the past few years. It is amazing how terrible the factory firmware is on these machines. For most of them I have had to install DD-WRT just to get them working. Thank the flying spaghetti monster for open source.
But what I dont understand is why hardware manufactures go out of there way to prevent external software from being installed.
Most companies lock you into their own firmware because it'd be prohibitively expensive to provide customer support for all the alternatives out there.
I don't know. I am going to keep on hoping that I will be able get by with the router built into my DSL modem when I switch from cable to DSL. Or that I can use ethernet to get my Mac mini on the net while using the mini's Wifi to create an ad-hoc wireless network to get the iPad I plan to buy on the net. Or that I will build a Linux box and the motherboard will have wifi onboard. Or that I will build a Linux box and there is a cheap PCI card I can add to it to get all the ethernet ports I will ever need.
Point is that I want to avoid adding yet another box to my home -- especially if the box is plastic rather than metal and requires its own external AC adapter like the first of the OP's buying recommendations does.
You know, not wanting things is great. Keeping things simple is great. This article is for those of us that favor functionality over simplicity. Just different views on things.
Do any of these have built-in VPN? And which services can I use it with?
I'd like to be able to configure a VPN at the router, and not have to think about whether the software is compatible with, installed in and used by all the software on my devices. Any suggestions?
While DD-WRT, OpenWRT, and Tomato are great for home and small office, I doubt most people would feel comfortable running them in a datacenter. We are fans of Sonicwall appliances, they provide a nice combinator of price, features, and performance.
I'm done with routers. Totally fed up of them running out of RAM, taking too long to open new connections, not being able to open more connections if someone is using 200 to torrent, fed up of them forgetting static IP assignments, port forwards, upnp never working...
I got fed up of all that and decided to do something about it. Routers have 8, 16mb of RAM? My worst computer that's lying around has 256mb. Slap another ethernet card in, install iptables, it's one day's work tops and your router will never crash and never forget anything again. My personal best is 7,000 torrents all going at once with the internet still being fairly usable.
Power consumption isn't great compared to a dedicated router, obviously. Noise wasn't a problem - old hardware doesn't put out much heat, so cooling it with fans is easily do-able at very low noise levels.
A future project I have in mind is to do the same thing but with ultra low power components, e.g. Intel Atom or something along those lines. I aim to get under 10W draw from the wall.
The base Tomato firmware hasn't been updated in quite some time, but there are many forks of the firmware that add some really powerful features[1]. I've run vanilla tomato for years, but some of the forks are looking tempting.
What I really like about all these opensource firmware, is that you can really easily hack the hardware.
For example, if you read the datasheets of the internal components of the DLink DIR300, you can notice that by setting a few registers here and there you can achieve 802.1Q VLAN Tagging on the device's 4 port switch.
i've an AirOS router, wifi driver is buggy. Company didn't fix it after a year.
Installed OpenWRT, no bug. Posted on their (the company, ubiquity) forum, reply is "we don't support that and if you install it, you're on your own, we won't fix bugs!"
Oh the irony. Whoever wrote that probably didn't even realize what he just did.
This is perfect timing. I need a new router at home, and my experience with Tomato in the past has been excellent. The real-time bandwidth graph (and historical graphs) were my favorite feature. Well, that and it Just Worked!
Now to find the best place to buy one of these Asus routers in Australia...
They've done a bunch of work on reducing buffers and setting up AQM by default, and I've heard mumblings about improvements but can't find numbers. Closest thing I could find was this github repo: https://github.com/dtaht/deBloat/tree/master/test with lots of tests but no comparisons (stock OpenWRT vs ceroWRT would be interesting, for instance).
Given that core components of what we were trying to do (BQL and the codel and fq_codel qdiscs) have only just landed in the mainline linux kernels, doing comprehensive benchmarks would have been misleading.
Secondly - cerowrt's intent is a research project - everything that works we try to get into openwrt - so while the qos implementations differ, both are using fq_codel now.
It's my hope that tomato and gargoyle and dd-wrt - indeed as many router distros - adopt fq_codel or something like it as their underlying qdisc.
It's been a while since this was done, but as well as the AQM and Byte Queue Limit support, a lot of work was done on minimising unaligned access traps (http://www.bufferbloat.net/issues/360). The Linux networking stack assumes that IP packets are word-aligned, but Ethernet headers are usually 14 bytes. The specific Atheros chipset used in the WNDR3700/WNDR3800 does not pad Ethernet packets and does not support misaligned DMA, and so a lot of misaligned access traps were triggered. Fixing that resulted in a 15% increase in speed for IPv4, and a doubling in speed for IPv6 (https://lists.openwrt.org/pipermail/openwrt-devel/2012-April...). As far as I can see, those patches did not get accepted into upstream OpenWRT, since these changes really should be made more generic and possibly pushed upstream. The patches would also hurt performance slightly in the case of properly-aligned packets.
I have not had the time to generalize these patches. I do note that alternate ideas for this problem landed in Linux 3.5 which are impossible to backport into Linux 3.3, so I have shelved the idea of working on generalization.
These patches were specific to the ar71xx hardware and unneeded on most other devices.
As for benchmarks, I have not taken the time to publish the results we currently get with fq_codel. However they are better in every respect than our previous attempt with sfqred and comparable to the qfq work we also did. It's not every day you go around seeing orders of magnitude improvements in anything...
dd-wrt is simple and has a good ui but not really open/no real tinkering possible etc
openwrt is very open and community-like (with actual VCS, package building scripts, package manager, and so on), easy to tinker and so on. But there's no neat and simple UI. Command line or uhm, "half decent UIs that u have to install and setup"
tomato has a very good UI, is open source, but isn't really all that easy to tinker with (none of the openwrt niceties)
I generally go with openwrt because, i like command line anyway, and i like being able to make my router do absolutely everything. for example, patching my openvpn and installing the package took 5min with openwrt.
Basically, if you're not into tinkering i'd just go with tomato. If you are, i'd go with openwrt. If somehow tomato doesn't work for you, dd-wrt.
But it's still consumer grade kit with all the limitations that implies if your running a proper business you need to go for proper kit that you can set and forget for years in my opinion.
Avoid any ASUS routers unless you're flashing a new firmware. Awful experience. My last one was the N15. It wouldn't even give out a DHCP lease to two different computers and four different NICs.
And, as for:
"Ever sat in an internet shop, a hotel room or lobby, a local hotspot, and wondered why you can't access your email? Unknown to you, the guy in the next room or at the next table is hogging the internet bandwidth to download the Lord Of The Rings Special Extended Edition in 1080p HDTV format."
Nmap is your friend. Find the offending port and flood it. Since the local connection is always quicker than the Internet connection, it's easy to do. I've done this countless times, and only to those torrenting. At one cafe I use to frequent I would just start scanning whenever this one guy came in. I wonder if he ever developed a negative Pavlovian response to seeing me at the cafe and his torrenting success.
Do I feel guilty about basically DoS? Really, no. If someone tries to take control of a limited resource... shit is going to happen.