
Because Everyone (Still) Needs a Router - bussetta
http://www.codinghorror.com/blog/2012/06/because-everyone-still-needs-a-router.html
======
orbitingpluto
Running Linux?

Avoid any ASUS routers unless you're flashing a new firmware. Awful
experience. My last one was the N15. It wouldn't even give out a DHCP lease to
two different computers and four different NICs.

And, as for:

"Ever sat in an internet shop, a hotel room or lobby, a local hotspot, and
wondered why you can't access your email? Unknown to you, the guy in the next
room or at the next table is hogging the internet bandwidth to download the
Lord Of The Rings Special Extended Edition in 1080p HDTV format."

Nmap is your friend. Find the offending port and flood it. Since the local
connection is always quicker than the Internet connection, it's easy to do.
I've done this countless times, and only to those torrenting. At one cafe I
use to frequent I would just start scanning whenever this one guy came in. I
wonder if he ever developed a negative Pavlovian response to seeing me at the
cafe and his torrenting success.

Do I feel guilty about basically DoS? Really, no. If someone tries to take
control of a limited resource... shit is going to happen.

~~~
awakeasleep
Can you explain any more about how this works?

I'm assuming you find someone with a high random port open, but I have no idea
where to go from there.

How would you go about flooding that connection? Are you relying on a card in
passive mode to gather data and replay it? What do you use to replay?

~~~
orbitingpluto
nmap is smart enough to determine what service is being offered on a given
port and what OS is running.

The above combined with the offending computer usually being a Mac and it's
named something like "Bob Smith's Computer" is enough to common-sense narrow
it down within a minute or two without having to use passive mode.

(Also with the repeat offender I kept his MAC handy.)

Then just initiate as many TCP connections as you can a la Python or whatever
is handy.

(of course your mileage may vary with this approach such as when clients are
isolated from communicating with each other.)

~~~
jiggy2011
Won't the program listening on the socket just drop the connection if it's
getting stuff that doesn't make sense or correspond to a session that it is
aware of?

Or is the idea just to spam multiple connections?

~~~
rb12345
It sounds more like connection flooding to me. TCP SYN flooding would also
work, although modern IP stacks should cope reasonably well with that if
syncookies are used.

That said ... considering these are Macs, they probably have mDNS open to IPv6
link-local traffic. It might make more sense to flood the offending machine
with valid, unicasted mDNS packets. I don't know how well the Apple mDNS
daemon copes with high traffic volume, but in my experience Avahi (on an Atom-
powered netbook, admittedly) can regularly use over 50% CPU on a wireless
network with an oversized local subnet. Hypothetically, deliberately flooding
an OS X system with complex but valid mDNS announcements could have
interesting results...

I should probably point out that Windows systems tend to be protected from
this. Firstly, iTunes or Bonjour must be installed separately. Secondly,
Windows Firewall tends to kick in with its "Public" profile, blocking inbound
traffic by default. Thirdly, Windows machines tend to use mDNS over IPv4
multicast instead of IPv6 unless an auto-configured external address exists.
This further reduces the traffic seen, although this last point is no
protection from deliberate floods.

------
ShabbyDoo
I posted this "Ask HN" awhile back about my desire to pay for a router-as-a-
service:

<http://news.ycombinator.com/item?id=1160585>

What surprised me was the number of responses along the lines of "you don't
need this -- just install DD-WRT, OpenWRT, whatever and configure the foo,bar,
and baz features as such." I'm likely in the 99th percentile of the US
population in my ability to do such a thing, and I still have to spend a bunch
of time Googling. Worse yet, I don't have the certainty at the end that I've
done it right.

~~~
JshWright
Buffalo ships a router with DD-WRT preinstalled.

[http://www.buffalotech.com/products/wireless/wireless-
router...](http://www.buffalotech.com/products/wireless/wireless-
routers/airstation-highpower-n300-gigabit-wireless-router-wzr-hp-g300nh-v2/)

I'm using the 'stock' DD-WRT firmware on mine, and it handles its duty as a
VPN endpoint, a Tunnelbroker endpoint, and does significant QoS'ing without a
problem.

~~~
ShabbyDoo
A good start. Does Buffalo offer any sort of SLA which promises timely
firmware updates? What scares me about buying a router is that vendors
silently stop supporting them. So, while grandma's grandson might have turned
on automatic firmware updates, widely known security issues might not be
patched after a year or two.

------
dugmartin
As I commented here:

<http://news.ycombinator.com/item?id=4082351>

The part of Tomato I like best is its simple DNS interface that lets you have
one hosts file that is shared across all the machines connected to it. This is
where I define my local dev domains so that I can test across devices that
don't allow local host file changes (namely non-jailbroken iOS devices).

~~~
tnorthcutt
Whoa, that's pretty awesome. Does anyone know if DD-WRT can do this as well?

~~~
paxswill
DD-WRT usually includes DNSMasq[0] which can do some fairly advanced stuff for
being so small. The downside being that it's all manually configured via the
equivalent of a config file.

[0] <http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html>

------
btgeekboy
No mention of Mikrotik? I picked up a RB750GL last week, and so far, it's
everything DD-WRT/Tomato/etc wish they could be. It works as a basic plug-and-
play router, but it's incredibly flexible beyond that.

Check out <http://wiki.mikrotik.com/wiki/Manual:RouterOS_features> if you're
interested. You can download the OS and run it in a VM if you want to give it
a try before purchasing.

~~~
alter8
> No mention of Mikrotik?

FTA: (...) a combination of commodity hardware and _open-source_ firmware.

It's OK that you suggest RouterOS, I'm just saying OP is not supposed to
mention it.

~~~
btgeekboy
You're correct, I see how I missed that.

However, I'd argue that the use of open source firmware in this case is a
means to an end, since proprietary firmware generally sucks. But since this is
an article about how to have a quality Internet connection, rather than how to
get started in router OS development, it might be more than suitable for many
of his readers.

------
jtreminio
One thing Jeff didn't mention is that due to the high CPU and RAM in that ASUS
router, you can be downloading several different torrents and the internet
experience in general won't be degraded.

With my Verizon FIOS's router, if I try to torrent anything it gets throttled
down to less than 10KB/s, and on my old Linksys, attempting to torrent would
make browsing the internet nearly impossible.

~~~
dustinupdyke
Curious if it is possible to take the FIOS router out of the equation
entirely?

~~~
jtreminio
The router also hooks up into my TV, so not sure if possible in my situation.
However, the FIOS router is exceedingly horrible - the wifi signal is very
poor, and I almost never get the rated speeds using it.

What I've ended up doing is hooking up the ASUS router via LAN to the FIOS
router and connecting all my devices to the ASUS. Every single complain is
fixed going this route.

------
citricsquid
Maybe this is a reasonable place to ask for some advice: I have 2 broadband
connections, one via my phone line (ADSL) (76/17) and one cable (50/4) does
anyone have any experience with using 1 piece of hardware to manage them both,
possibly load balancing (not important, but would be cool)? I currently have 1
modem and 2 routers... it's not a very power efficient set up, it's also a bad
experience because they're all ISP provided and don't allow me to control DNS.

~~~
freehunter
Realistically, you'd be looking at a soho (small office/home office) load
balancing router, specifically a dual-wan router. Cisco offers some [1] as
well as Peplink [2]. I don't have a lot of experience with them (did some
research on it a few years ago but never pulled the trigger), so YMMV when it
comes to custom firmware etc. Doing a google search on "dual wan router" would
give you a good feel for the environment. It's possible to find them under
$200USD. $350 isn't entirely out of the question depending on the features
you're looking for.

If you're outside of the US (I'm guessing, based on the speed of your link),
some products are export-restricted. You'd have to check on support for your
locale. Another option if you're in a DIY mood is making a custom Linux box
using split access features of iptables [3].

[1]
[http://www.newegg.com/Product/Product.aspx?Item=N82E16833124...](http://www.newegg.com/Product/Product.aspx?Item=N82E16833124160)

[2] <http://www.peplink.com/>

[3] <http://lartc.org/howto/lartc.rpdb.multiple-links.html>

~~~
dbarlett
If you don't want to mess with iptables, ClearOS (CentOS derivative) [1] has
built-in multi-WAN support [2], including auto-failover and load balancing.
There's a GUI, but you can always SSH in and configure things manually.

My home router/server is a MicroATX box with an Atom D525, 4GB RAM, 2 x 1TB
RAID-1, and 2 x Gigabit NIC. Cost a few hundred dollars to build, draws ~16W
idle, and is almost silent. DNS, SSH, FTP, SMB, POP/IMAP, SMTP, QoS,
PPTP/OpenVPN/IPsec, and dmcrypt are included. The Atom chip is fine for home
use, move up to an Athlon if you're pushing a lot of SSH traffic.

[1] <http://www.clearfoundation.com/Software/overview.html> [2]
[http://www.clearcenter.com/support/documentation/clearos_ent...](http://www.clearcenter.com/support/documentation/clearos_enterprise_5.2/user_guide/multi-
wan)

------
msh
Well, I have been very impressed by the performance and stability of my 4 year
old Apple Airport Express.

~~~
stcredzero
Yes, I note that I have no problems browsing while downloading bittorrent with
my Time Capsule, whereas my housemate's Linksys with DD-WRT would bog down.

~~~
rmk2
Does your bittorrent client by any chance use uTP[1]? If so, not experiencing
any problems has nothing to do with your router and all to do with your
bittorrent client throtteling its own speed.

[1]: <https://en.wikipedia.org/wiki/Micro_Transport_Protocol>

------
zdw
I'd pick a Buffalo WZR-HP-G300NH, or -AG300N rather than either ASUS he
picked. Both ship with DD-WRT preinstalled, and full source of the firmware is
available.

The older ASUS routers are stuck on Linux 2.4.x permanently in OpenWRT (which
DD-WRT and Tomato are derived from) because of proprietary Wifi or Ethernet
drivers or firmware blobs and poor CPU support.

~~~
rmk2
The newer ASUS (RT-N12/16+) use a 2.6.x kernel (and actually don't work with
the old 2.4.x kernel) on tomato, and given now, I'd get the RT-N16 running
tomato. My RT-N12 (I couldn't afford the more expensive RT-N16 at the time) is
fine but only has 4MB of flash, so I can't put the "full" tomato on it,
instead I compile it from source for a thinned out build that gets rid of a
number of things yet keeps both IPv6 & OpenVPN.

I haven't tried either of the Buffalo routers, but my budget ASUS has been
rocksolid and works _very_ well.

A word of advice about tomato though, the development has stalled somewhat and
led to the continuing development of a number of "modifications"(1) developed
by different people, where each goes its own ways (e.g. Shibby, Toastman
etc.). They can be found via the sub-forum and continuously add new features,
improve existing ones and also fix some bugs etc.

(I am using Toastman's tomato no-usb mod)

(1): <http://tomatousb.org/mods>

------
jwr
Just as a data point on the Tomato firmware. I've been running it for about 2
years now, on two different hardware devices. It hangs every once in a while,
the intervals range from several days to several weeks. I determined the
culprit is QoS: if I disable all QoS, the device will run fine for months.
Enabling it shortens the uptime to days or weeks at most.

Since I know this happens reproducibly on two different devices, I am certain
it is the software. And unfortunately without QoS the Tomato firmware loses
much of its appeal.

Unfortunately this is one of those "unreportable" bugs: there is no way to
properly report it, much less have it debugged by original developers.

~~~
speleding
QoS in your router is only interesting if bandwidth is constrained in your
last mile, otherwise it just adds complexity. I would think that QoS in home
routers is only a transitional technology for the next few years while not
everyone has a large enough pipe yet.

Can you imagine your electricity or water outlet at home being constrained
like bandwidth is? Those issues were solved a century ago, they'll get fixed
for bandwidth too within our lifetime.

~~~
nitid_name
I doubt water usage per capita has changed drastically in the last 20 years.
Sure, there were drops from low flow toilets, low flow shower heads, and HE
washing machines, and I'm sure there's some variability to usage based on
seasonal variance from year to year, but the average US household uses about
350 gallons a day. I don't have access to historical data, but I'd wager that
it hasn't changed more than 25% in the last decade or two.

Power has remained relatively constant at about 1.3MWh per capita. In the last
thirty years, it has grown only 300KWh.

Internet bandwidth, on the other hand, went from 9.6-14.4kbit/s modems in fax
machines in the 80s to 28.8-56.6kbit/s modems in the 90s to the megabit/s
range in the 00s to the 15-100Mbps you can get in a residence today.

If the bandwidth issue is to get solved, the growth in consumption will need
to peak.

~~~
speleding
Your comparing the last few decades of internet use with the last few decades
of water use, a fairer comparison would be the first few decades of water use
with the the first few decades of internet use.

More relevant to the point though, would be to compare it with the growth in
internet usage a decade or two from now: as technologies mature it would would
seem reasonable to expect that the growth tails off and QoS on the internet
last mile will become just as useful as QoS on water pipes.

------
ad_hominem
Really? I didn't expect to find a "consumer device roundup" article (along
with sidebar ads and referral tags for the products being reviewed) to rate so
highly on HN, even if the reviewer is Jeff Atwood. I doubt that flashing
custom firmware on a router or QoS settings are a new concept to anyone on
here.

All I'm gaining by reading the article is some knowledge on some consumer
electronics that will probably no longer be valid in a couple weeks, which IMO
is not HN-material. These types of articles are best served by Google results
when I'm actually looking for a new router, not on my HN feed.

What's next, "how to build a computer?"

~~~
recursive
I'm using a ~5 year old router that probably came from some big box
electronics store. I didn't even know this was a thing.

------
sciurus
I disagree with the router recommendation. The Asus RT-N16 uses a Broadcom
chipset which isn't well-supported by OpenWRT. Better choices would be
something with an Atheros chipset, like the Netgear WNDR3700v2 or WNDR3800.
Buffalo also has some nice models. Even if you don't plan to use OpenWRT
itself, it's a base used by other firmware projects, so you might want to run
a derivative of it in the future.

<http://wiki.openwrt.org/toh/start>

~~~
j-kidd
Make donation here to add unofficial support for Asus RT-N66U in OpenWrt:

<https://forum.openwrt.org/viewtopic.php?id=37069>

By the way, I think most TP-Link products are using an Atheros chipset. Very
affordable and really well supported by OpenWrt.

------
mahrain
I don't mean to shill, but after trying all kinds of Netgear, Linksys and ADSL
Modem/router combi's, I really love my Apple Airport Extreme. I haven't had to
reset it once in two years, and it's every bit as fast and reliable as a wired
connection. They are sold as tag-on purchases but really are a hidden gem.

~~~
Terretta
Especially if setting up a multi point WiFi network.

------
nodata
Tomato isn't exactly open source, it's more a mixture of Linux (kernel),
freeware and a proprietary frontend.

~~~
TheGateKeeper
There's nothing inherently wrong with that. I say the best tool for the job at
hand is what wins, especially over ideologies.

~~~
makomk
Unfortunately, third-party router firmware distributors have an annoying habit
of going from free-as-in-beer to having obnoxious and expensive licensing
conditions. Which is of course one of the reasons why the open source ideology
is popular in the first place!

------
SkyMarshal
<3 this. I've preaching this for the past year ever since I discovered the
amazing combination of the 8yr-old Linksys WRT54GL [1][2] + Tomato SpeedMod
firmware [3]. Amazing how that router still dominates the ratings of all
routers, both in terms of numbers and average rating, and there are still more
ratings trickling in almost daily.

Also, I don't know if SpeedMod has been merged back into mainline Tomato or
not, but it's worked flawlessly on my WRT54GL for almost a year now.

I completely agree with Jeff's conclusion as well - commodity hardware + FOSS
= potentially unbeatable. FOSS that has had a chance to literally evolve on
the same platform for almost a decade, assuming it hasn't been abandoned, can
really demonstrate the power of software evolution, for lack of better term.

1\.
[http://www.newegg.com/Product/Product.aspx?Item=N82E16833124...](http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190)

2\. [http://www.amazon.com/Cisco-Linksys-WRT54GL-Wireless-G-
Broad...](http://www.amazon.com/Cisco-Linksys-WRT54GL-Wireless-G-Broadband-
Router/dp/B000BTL0OA/ref=sr_1_1)

3\. [http://touristinparadise.blogspot.com/2008/04/linksys-
wrt54g...](http://touristinparadise.blogspot.com/2008/04/linksys-wrt54gl-
routers-improving.html)

------
cheald
I'm running this same setup - same router, same firmware.

I'm using the MultiSSID functionality (so I have my home wireless network, and
a heavily throttled guest network), QoS (basically what Jeff wrote about), VPN
(so I can be assured of a secure connection while on the road, and have
effective LAN access via TAP), as well as all the standard stuff. It tickles
me a bit that I'm getting a featureset for $80 that you'd have to pay several
hundred for to get it out of the box.

------
ragmondo
Draytek Vigor. My go to router of choice. built in vpn from the off, so you
can drop in these bad boys and then (once set up) auto route all your traffic
that looks as if it should go to the remote site TO the remote site. Easy to
vpn back "home" if you are out and about. QOS built in. VOIP server built in
to the higher version. They are as cheap as a typical router but they pack the
punch of any router out there. ... unless someone can tell me why not ?

~~~
corford
+1 for Draytek. IMHO they're as close as you can get to professional level
gear without spending more than $400.

------
soldermont001
I have been running the RT-N16 + TomatoUSB for a couple of years now.

Pros:

\- Hard to brick, easy to revert an f'ed up flash

\- 5-6mo uptimes (most stable consumer router I've owned at least)

\- Tracks network usage, attractive graphs

\- Easy to add local DNS entries for your systems

\- Improves DNS performance with a transparent DNS proxy (dnsmasq) (e.g. you
can have it query all servers at once, and return record from the first server
to respond)

\- Easy to use port forwarding rules

\- Attach a USB HD to it to act as a NAS (smb/ftp/dlna, nfs possible with
unfsd)

\- Setup a full pxeboot enviroment with it, including a shared nfs root!

\- Run tcpdump to troubleshoot network issues!

\- Runs most openwrt packages

Cons:

\- Sensitive to heat (90f days will cause it to crash, only reason I've had to
reboot it though)

\- Doesn't always mount my USB thumb drive at boot (poor USB connection?)

\- Not fast enough to stream 1024p HD over wifi

\- Limited internal flash, I store my utils (e.g. tcpdump, nmap) on my USB
thumb drive

\- TomatoUSB doesn't appear to be maintained anymore :(

~~~
GeorgePB
> TomatoUSB doesn't appear to be maintained anymore :(

I recently switched to Toastman
([http://www.linksysinfo.org/index.php?threads/toastman-
releas...](http://www.linksysinfo.org/index.php?threads/toastman-
releases-1-28-7493-4-5-6-7-8-9.36106/)) which: is based on TomatoUSB; has
better QoS rules; and is updated more frequently. I currently use it on a
RT-N16 and a WRT54G.

------
wut42
In France, this need have been killed by the ISP themself. Is there any ISP in
the US who does that ?

Free (a ISP) started in 2002. It's a home-made modem router, who also does TV
and Phone. Since that almost all others French ISP have created their *box
(Livebox, BBox, AliceBox, Neufbox, …).

~~~
klodolph
US ISPs generally provide a modem-router. The point of the article is that the
router provided by your ISP is probably terrible.

------
grk
How does this compare to buying an Airport Express/Extreme?

~~~
breck
I bought an Airport Extreme and have been somewhat disappointed with it.

I hadn't heard the term QoS until today.

It looks like Airports lack it:
<http://forums.macrumors.com/showthread.php?t=1115580>

Which is sad. We've got 5-10 devices connected at any one time and have had
really terrible problems in terms of getting a consistently fast connection.

It seems like my internet connection has gotten worse over the past 4 years
living in San Francisco and it's hard to pinpoint the cause because of the
lack of innovation in routers. It would be nice to see someone come out with
something really innovative here that shows easily what type of traffic you
are getting and what is causing slowdowns.

------
sge
A few months ago I researched how to install open-source router firmware.

I ended up chosing dd-wrt. I had some security concerns (such a technical
forum stores passwords in plain text!! Does this imply anything the security
of the project?) which I voiced on their forum.

Their responses shocked me: <http://www.dd-
wrt.com/phpBB2/viewtopic.php?p=681593>

I'm probably not going to install dd-wrt.

~~~
ComputerGuru
I had a similar issue I raised in their forums (too lazy to Google it now)
where something in my configuration led to a repeatable restart of the router
each time. Denial of service, thus a security vulnerability. They were rude
and arrogant. I left for Tomato.

------
ams6110
How much does QoS matter on your home router when your next door neighbor
might be downloading HD pr0n and sapping all the "local loop" bandwidth?

~~~
quesera
It doesn't matter at all. QoS on your local net will let you prioritize _your_
VoIP over _your_ streaming video, but has zero effect on your throughput if
you are constrained by a shared resource upstream of your router.

Some people share their LANs with more disruptive users than others, so QoS on
that LAN can be useful. But the article was not clear at all.

------
vr000m
I dont know what enabling QoS means on routers: is it traffic shaping or using
QoS code points. Traffic shapping should be possible but I am not a strong
believer of middleboxes tampering doing this (they probably dont have enough
context to do it right). I'd rather have the applications or the browser or
the kernel of the endpoint do this. For the latter this is kinda impossible
because the QoS are ISP-specific and the application or middlebox should be
aware of the them. Since there is no global solution or generic DSCP
codepoints using them is not possible, however, there are some proposals in
works to make generic marking possible.

The routers can enable WRED to mitigate some congestion problems, though it is
not the silver bullet and works on a per-flow basis. Some new solutions to
solve the buffer bloat problems is to install the experimental CeroWRT
firmware in your routers (<http://www.bufferbloat.net/projects/cerowrt>),
however, this is also a work in progress.

------
mcteapot
I have been burned by so many routers in the past few years. It is amazing how
terrible the factory firmware is on these machines. For most of them I have
had to install DD-WRT just to get them working. Thank the flying spaghetti
monster for open source.

But what I dont understand is why hardware manufactures go out of there way to
prevent external software from being installed.

~~~
dereg
Most companies lock you into their own firmware because it'd be prohibitively
expensive to provide customer support for all the alternatives out there.

------
hollerith
I don't know. I am going to keep on hoping that I will be able get by with the
router built into my DSL modem when I switch from cable to DSL. Or that I can
use ethernet to get my Mac mini on the net while using the mini's Wifi to
create an ad-hoc wireless network to get the iPad I plan to buy on the net. Or
that I will build a Linux box and the motherboard will have wifi onboard. Or
that I will build a Linux box and there is a cheap PCI card I can add to it to
get all the ethernet ports I will ever need.

Point is that I want to avoid adding yet another box to my home -- especially
if the box is _plastic_ rather than metal and requires its own external AC
adapter like the first of the OP's buying recommendations does.

~~~
windsurfer
You know, not wanting things is great. Keeping things simple is great. This
article is for those of us that favor functionality over simplicity. Just
different views on things.

------
scoot
Do any of these have built-in VPN? And which services can I use it with?

I'd like to be able to configure a VPN at the router, and not have to think
about whether the software is compatible with, installed in and used by all
the software on my devices. Any suggestions?

~~~
imrehg
Most of these have OpenVPN in it, some can use it either as client or server
as well.

------
nodesocket
While DD-WRT, OpenWRT, and Tomato are great for home and small office, I doubt
most people would feel comfortable running them in a datacenter. We are fans
of Sonicwall appliances, they provide a nice combinator of price, features,
and performance.

------
ZoFreX
I'm done with routers. Totally fed up of them running out of RAM, taking too
long to open new connections, not being able to open more connections if
someone is using 200 to torrent, fed up of them forgetting static IP
assignments, port forwards, upnp never working...

I got fed up of all that and decided to do something about it. Routers have 8,
16mb of RAM? My worst computer that's lying around has 256mb. Slap another
ethernet card in, install iptables, it's one day's work tops and your router
will never crash and never forget anything again. My personal best is 7,000
torrents all going at once with the internet still being fairly usable.

~~~
zalew
and how much power does it consume and how much noise it produces?

~~~
ZoFreX
Power consumption isn't great compared to a dedicated router, obviously. Noise
wasn't a problem - old hardware doesn't put out much heat, so cooling it with
fans is easily do-able at very low noise levels.

A future project I have in mind is to do the same thing but with ultra low
power components, e.g. Intel Atom or something along those lines. I aim to get
under 10W draw from the wall.

------
SnaKeZ
My best router is Lynksys WRT54GL with Tomato Victek. Now i can:

\- Limit dw/up by ip/mac

\- QoS

\- VPN (with Open VPN)

\- Web sniffer (i can see url history)

and much more...

<http://victek.is-a-geek.com/specs.html>

------
Judson
The base Tomato firmware hasn't been updated in quite some time, but there are
many forks of the firmware that add some really powerful features[1]. I've run
vanilla tomato for years, but some of the forks are looking tempting.

[1]:
[http://en.wikipedia.org/wiki/Tomato_(firmware)#Feature_compa...](http://en.wikipedia.org/wiki/Tomato_\(firmware\)#Feature_comparison)

------
soapdog
I like my mikrotik, best router I ever used. So powerful and configurable that
I don't need 80% of what is available to me =)

------
ZeWaren
What I really like about all these opensource firmware, is that you can really
easily hack the hardware.

For example, if you read the datasheets of the internal components of the
DLink DIR300, you can notice that by setting a few registers here and there
you can achieve 802.1Q VLAN Tagging on the device's 4 port switch.

Very fun times.

------
zobzu
i've an AirOS router, wifi driver is buggy. Company didn't fix it after a
year.

Installed OpenWRT, no bug. Posted on their (the company, ubiquity) forum,
reply is "we don't support that and if you install it, you're on your own, we
won't fix bugs!"

Oh the irony. Whoever wrote that probably didn't even realize what he just
did.

------
ajtaylor
This is perfect timing. I need a new router at home, and my experience with
Tomato in the past has been excellent. The real-time bandwidth graph (and
historical graphs) were my favorite feature. Well, that and it Just Worked!

Now to find the best place to buy one of these Asus routers in Australia...

------
matthew-wegner
There are multiple Tomato variants (some offer per-user bandwidth limits and
other features that are great for coffeshop-like environments).

Check <http://en.wikipedia.org/wiki/Tomato_(firmware)> for a nice matrix.

------
krakensden
Has anyone given CeroWRT (the bufferbloat project's distribution) a spin?

~~~
sheraz
yeah -- I came across their site the other day. Would love to see some
quantitative / qualitative numbers from that project.

~~~
krakensden
They've done a bunch of work on reducing buffers and setting up AQM by
default, and I've heard mumblings about improvements but can't find numbers.
Closest thing I could find was this github repo:
<https://github.com/dtaht/deBloat/tree/master/test> with lots of tests but no
comparisons (stock OpenWRT vs ceroWRT would be interesting, for instance).

~~~
rb12345
It's been a while since this was done, but as well as the AQM and Byte Queue
Limit support, a lot of work was done on minimising unaligned access traps
(<http://www.bufferbloat.net/issues/360>). The Linux networking stack assumes
that IP packets are word-aligned, but Ethernet headers are usually 14 bytes.
The specific Atheros chipset used in the WNDR3700/WNDR3800 does not pad
Ethernet packets and does not support misaligned DMA, and so a lot of
misaligned access traps were triggered. Fixing that resulted in a 15% increase
in speed for IPv4, and a doubling in speed for IPv6
([https://lists.openwrt.org/pipermail/openwrt-
devel/2012-April...](https://lists.openwrt.org/pipermail/openwrt-
devel/2012-April/015025.html)). As far as I can see, those patches did not get
accepted into upstream OpenWRT, since these changes really should be made more
generic and possibly pushed upstream. The patches would also hurt performance
slightly in the case of properly-aligned packets.

~~~
dtaht2
I have not had the time to generalize these patches. I do note that alternate
ideas for this problem landed in Linux 3.5 which are impossible to backport
into Linux 3.3, so I have shelved the idea of working on generalization.

These patches were specific to the ar71xx hardware and unneeded on most other
devices.

------
libria
Speaking of routers, did anyone ever get a free Bismark router from last year?
<http://news.ycombinator.com/item?id=2782504>

------
riobard
Can anyone familiar with DD-wrt/OpenWrt/Tomato comment with their relative
merits against each other?

~~~
zobzu
dd-wrt is simple and has a good ui but not really open/no real tinkering
possible etc

openwrt is very open and community-like (with actual VCS, package building
scripts, package manager, and so on), easy to tinker and so on. But there's no
neat and simple UI. Command line or uhm, "half decent UIs that u have to
install and setup"

tomato has a very good UI, is open source, but isn't really all that easy to
tinker with (none of the openwrt niceties)

I generally go with openwrt because, i like command line anyway, and i like
being able to make my router do absolutely everything. for example, patching
my openvpn and installing the package took 5min with openwrt.

Basically, if you're not into tinkering i'd just go with tomato. If you are,
i'd go with openwrt. If somehow tomato doesn't work for you, dd-wrt.

~~~
riobard
Thanks!

Does the support of devices (e.g. different chips) affect the choice of which
one to use?

------
thesteamboat
Any updates on the status of freedombox on this front?

------
mjwalshe
But it's still consumer grade kit with all the limitations that implies if
your running a proper business you need to go for proper kit that you can set
and forget for years in my opinion.

