
It's time to build your own router - ghosh
http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
======
powvans
Everything that's old is new again. Raise your hand if this is how you first
got into Linux.

I needed to share a spectacularly slow DSL line with my college roommates.
Soultion? Cobble together a router out of a cheap Pentium box, a PCI DSL
modem, a 10mbit ISA nic, and Debian. Oh, and a couple of days of tinkering.

Ah ipchains. Those were the days.

~~~
jlgaddis
> _Raise your hand if this is how you first got into Linux._

_raises hand_

In my case, I had my existing desktop PC and acquired another (used) one.
Broadband hadn't yet made it to the rural area I lived and I got tired of
moving the phone line back and forth between the two PCs.

I was able to find a pair of (very well supported) 3c509s and a crossover
cable and managed to build my first network and get both machines online at
the same time.

20+ years later, I'm still doing pretty much the same thing, progressing from
ipfwadm to ipchains to iptables (on Linux) to pf (on OpenBSD). And, of course,
the little dedicated machine flinging my packets nowadays is much faster than
I could have ever imagined back then.

~~~
mwpmaybe
Oh man, ipfwadm, I completely forgot about that. I also now remember an ipmasq
command, which google reminds me was kind of a wrapper around ipfwadm or
ipchains, and I remember rebuilding my kernel over and over again (overnight!)
to get the right combination of networking options. I also remember being very
frustrated when I had to drop ipfwadm and learn ipchains for kernel 2.2, and
drop ipchains and learn iptables for kernel 2.4!

~~~
jlgaddis
Yep, so much relief when 2.6 came out and retained iptables!

~~~
sneak
I also recall doing the same sort of dance with linux kernel RAID, (0.90 vs
md-style) and also encrypted block devices (cryptoloop to device mapper).

It's nice to remember and realize how stable and performant things are these
days.

------
jevinskie
This article has motivated me to do this for my parents. They are plagued by
wireless reliability problems. I added another WiFi router at the other end of
the house and bridged over Ethernet (it was a PITA to configure bridging in
the extension router's firmware). I'm not even sure if it helps, though I did
ensure that the two APs are operating on the two least-noisy channels. I
regularly have connectivity problems when I visit, and feel bad that they have
to deal with it on a regular basis. Updating to newer consumer routers has
only offered marginal improvements.

Their house actually has acquired quite a bit of CAT 5E runs to the far
corners, so I'm thinking about getting them a router (small x64 machine as
described in the blog post), a gigabit Ethernet switch, and some Ethernet-
connected WiFi APs around the house.

Does anyone have experience with Ubiquiti APs? They seem to understand that
they exist primarily to bridge WiFi and Ethernet, not solve every networking
related problem on Earth. I have to say, my WiFi experience at the office
improved dramatically after the AirPorts and Cisco APs were tossed for
Ubiquiti...

~~~
robocat
> Does anyone have experience with Ubiquiti APs?

Great article: [http://arstechnica.com/gadgets/2015/10/review-ubiquiti-
unifi...](http://arstechnica.com/gadgets/2015/10/review-ubiquiti-unifi-made-
me-realize-how-terrible-consumer-wi-fi-gear-is/)

\- we use a Unifi AP Pro at work, and it has been superbly reliable (no weird
connection dropouts or resets, unlike various expensive consumer routers we
previously tried).

\- you need the Controller software installed somewhere permanent (it contains
a db of configuration settings for the APs). On Windows the software has an
ugly dependency upon Java (ouch) and I couldn't quickly get it to run on
Windows 7 (wouldn't start) or Windows 10 (crashed) so ended up installing it
on OSX.

\- you need your own router (they are only an AP).

~~~
throwaway7767
> \- you need the Controller software installed somewhere permanent (it
> contains a db of configuration settings for the APs). On Windows the
> software has an ugly dependency upon Java (ouch) and I couldn't quickly get
> it to run on Windows 7 (wouldn't start) or Windows 10 (crashed) so ended up
> installing it on OSX.

Just a small correction: you don't need the controller software running
permanently. Unless you're running a paid hotspot, you only need it for
changing configuration or performing firmware updates. Once the configuration
is applied to the APs, they retain it in flash and you can shut down the
controller until next time.

------
mwpmaybe
Just a quick shout-out for pfSense as an excellent router OS. I've been
playing around with ClearOS, DD-WRT, m0n0wall, Smoothwall, Shorewall, etc. (as
well as many of my own home-grown solutions) for years and nothing even comes
close to the features and performance offered by pfSense. DD-WRT is close but
you're extremely limited in terms of the hardware it will run on (think
WRT54G/L units with ancient processors and 16MB RAM). Not to dismiss all those
other efforts but pfSense is at least worth a try. The writer of this article
seems to disregard it off the bat but it's worth the time investment if you're
looking for something secure and stable with features like Snort, VPN, traffic
shaping, country blocking, DNSBL... the list goes on and on! Plus, it gave me
an excuse to finally get my feet wet with FreeBSD. :-)

~~~
jlgaddis
pfSense is a good operating system and provides a nice pointy-clicky interface
for configuration. I'll give it that.

I was a bit turned off by how they yanked the pfsense-tools repository and
then put in some restrictions on access to it.

(Jim: There's no need to reply and have the same conversation yet again. I'm
well aware of what your reasons for doing so were and you are well within your
rights to do it; we don't have to agree with it or like it, though.)

~~~
pyvpx
pfSense is FreeBSD with a clunky web interface that does some "magic" with PHP
using XML. now, that characterization won't be as accurate in the future (I'm
genuinely curious to see what happens with python, dpdk, and other things
they've mentioned/hinted at) but let's be entirely honest here: it's FreeBSD
with a web interface and a support company behind it.

~~~
mwpmaybe
Most router/firewall distributions can be described in such overly-simplistic
terms.

------
codinghorror
Just as a PSA, there are zillions of _very_ nice $300-$350 15w TDP Broadwell
x86 boxes, with 4-8GB RAM, 64/128GB SSD, bundled WiFi, and dual gigabit
ethernet ports on aliexpress. I don't know why there are so many broadwell
boxes on offer, but these are a stellar deal for the price, and are fully
solid state, super flexible, extremely fast anything x86 boxes.

For example: [http://www.aliexpress.com/item/Fanless-i5-Mini-PC-Windows-
Ba...](http://www.aliexpress.com/item/Fanless-i5-Mini-PC-Windows-Barebone-PC-
Broadwell-Intell-Core-i5-5200U-2-7GHz-4K-HTPC/32366202925.html)

I initally looked on Amazon and found the fitlet-i, which is nice for a 4.5w
TDP AMD box..

[http://www.fit-pc.com/web/products/specifications/fitlet-
mod...](http://www.fit-pc.com/web/products/specifications/fitlet-models-
specifications/)

.. but these aliexpress deals are far better, and easily 3x faster if you can
afford the 15w TDP budget.

~~~
maaarghk
Oh wow, nice. I've been buying quite a lot of stuff from AliExpress recently,
it's great. But for some reason I've never noticed these. I imagine they would
make pretty great media servers/homebrew set-top boxes. Does anyone have any
idea what those connectors hanging about on the inside (last image) might be?

~~~
codinghorror
for a traditional SATA drive. It has two M.2 ports for internal SSDs.

~~~
maaarghk
Great, so could fire a (multi-)terabyte drive in there and use it as a set-top
box. Thanks for posting, yet another project to go on the unending list.. :)

------
Cyphus
> As far as the routers are concerned, there's no difference between
> maintaining connections to thousands of individual IP addresses or just to
> thousands of ports on the same IP address.

Has anyone tested this? It makes intuitive sense, but things are often
surprising in the performance/optimization world.

~~~
NetStrikeForce
As far as routers are concerned, that's mostly true. If the router has a big
routing table and packets are coming from different sources, it may have to
spend some time looking up those routes, but that's one of its core
competences anyway :)

There are going to be, however, many people out there throttling 10k
simultaneous connections from the same host, while they wouldn't bat an eye
for 20k simultaneous connections coming from 2k different hosts in total.

------
oliwarner
I don't want a 17W Celeron on all day, every day. I want something like an ARM
Cortex-A57. Powerful (and possibly well beyond 17W) but with "big.little"
cores that just turn off in low load situations.

When is the ARM universe going to get serious about desktop-style
construction? The chips are getting fast enough for anything now so they're
going to have to end this ridiculous throwaway culture soon.

How about standard memory and accessory slots for starters. Something _I_ can
upgrade when I want faster network.

~~~
microcolonel
There are standard-ish ARM boards with standard DIMMs. They're just quite
pricey.

~~~
oliwarner
Fair point. That is of course probably the bit I want most. Massive mass
production to the point where it competes with the current integrated
(throwaway) market.

------
jagermo
I thought about building a new router myself, but I decided against it.

Two reasons: i could not hit the price point of a off-the-shelf-solution and I
was worried about energy efficiency.

However I switched from consumer gear to a more professional stuff, using
Unifi APs as wireless APs and a n EdgeRouter X as router - the four available
gigabit-ports are enough to support the network.

------
omginternets
This article has spawned a few questions. My apartment building is hooked up
to a fiber optics line, and it enters my living room through a coax cable. I'm
still using the stock router, and the performance has been absolutely
_abysmal_. In short, my connection gets dropped entirely for minutes at a
time. I'll usually get 20 minutes of internet, and then 2-5 minutes of outage.

Here's the rub: I have more devices than the normal person:

\- 1x home-built NAS, via ethernet

\- 1x desktop, via ethernet

\- 1x laptop, again via wifi

\- 1x mobile phone, via wifi

Could the outages be due to having an under-powered router? Are there any
simple tests I could run to diagnose the problem further?

Off the top of my head, the usual internet speed-test battery indicates that
my performance behaves as advertised, so it would seem that the problem isn't
with the fiber line _per se_.

A related question: the article here left me a bit confused. Did the author
end up finding a router that could take a coaxial input?

~~~
mseebach
Apparently (this is second hand knowledge), the thermal design of cheap
consumer routers is really poor (because a sleek package + no fans is a
priority, along with low cost), and this somehow causes the device to degrade
over time. It's beyond my understanding exactly _how_ this degradation works
(I thought digital things either worked or not), but it appears to be a thing.

FWIW, four devices might be slight more than a normal single person has, but
it's definitely less than an average modern family reasonably has: 1
smartphone + 1 tablet per person, a smart TV (and/or AppleTV/Chromecast/Fire),
a Sonos or two, a couple of laptops etc, plus whatever guests bring along.

~~~
mlonkibjuyhv
Afaik the primary mechanisms behind hardware degradation are electromigration
in semiconductors and evaporation of electrolyte from capacitors. Both of
these are temperature dependent, and a golden rule is that an increase of
10deg C halves the lifetime of a component (at least for caps).

A device may still work most of the time, but the analog electronics that
implement the Boolean logic your digital device depends on are running outside
design-spec, and the probability of a transient failure is increased.

One can further fantasize of secondary effects for example caused by unclean
voltage rails due to bad filtering on switching regulators, perhaps increasing
the probability of transistors latching up, frying controllers, or directly
injecting strong noise typically in the 100kHz range into IO devices fucking
with touchscreens, Ethernet, WiFi, you name it.

Take all of this with a grain of salt, I'm merely a university dropout
struggling to make my boss understand why the 100's of decade old kiosks I
service for a living don't work good like they used to.

Edit: Apparently my mind-dump above merely scratches the surface.

[https://en.m.wikipedia.org/wiki/Failure_of_electronic_compon...](https://en.m.wikipedia.org/wiki/Failure_of_electronic_components)

~~~
rashkov
That is super interesting, thanks

------
xuhu
Spoiler: the homebrew solution didn't have WiFi. Unless your LAN is servers-
only, how much of an option is no-WiFi these days ?

~~~
lultimouomo
Not that it would be hard to add and configure; the only problem would be that
WiFi PC card offer a much shorter range than APs.

OP used Ubiquiti APs, directly managed from the homebrew router. Seems a
sensible solution.

~~~
throwaway7767
> Not that it would be hard to add and configure; the only problem would be
> that WiFi PC card offer a much shorter range than APs.

They generally use the same cards, it's having proper antennas that makes the
most difference.

------
sliken
Sad that they skipped wifi, then ignored the ubiquity edgerouter, at least 2
of which are cheaper than what they reviewed.

~~~
jagermo
I'm getting the edgerouter for my home network, looking forward to see what it
can do.

------
voltagex_
11 days ago, I bought a new $200 ADSL2/Wifi router. 10 days ago I was moved on
to a fibre connection (yay!). This has removed the need for the very specific
Broadcom ADSL chip/DAC that I needed to maintain a stable connection.

The particular router I'm using has a 2.6.36 based kernel and some of the
worst web UI work I've seen, not to mention a very unstable version of udhcpd.

With my new net connection all I need is something that has an Ethernet card
and can do a PPPoE handshake - now to find an ARM box with 4+ gigabit NICs...

------
rglullis
So, I have a circa-2012, dual core atom machine with 2GB of RAM. It has two
ethernet ports and six SATA. I was using it as a NAS, but apparently one of
the SATA controllers went bust.

The author mentions that he was specifically looking for the newer celerons.
Any specific reason? Just because of OpenVPN? Wouldn't such an atom machine be
able to handle this load?

What about if I set it up to have the VPN only for torrents, for example?

~~~
ThatPlayer
>Just because of OpenVPN? Wouldn't such an atom machine be able to handle this
load?

Newer processors will have hardware to do AES, you can look it up on
ark.intel.com where it is called Intel AES New Instructions. You probably want
this on a slower processor such as a Celeron if you're planning to do OpenVPN.

------
microcolonel
I have a similar box with OpenBSD which I've been running for about five years
now. No hiccups or pain. Added the Ubiquiti APs last year when I started
wanting wireless.

I could possibly replace the hardware to cover the next five years of power
consumption difference though. That's not so much an issue with the new little
Celerons though.

------
lnvd
It sure is easy to throw lots of CPU processing power at the problem and get a
fast router. But for $40 less, the Nighthawk additionally includes 2 WiFi
chips, a whole lot of software engineering and a probably much lower power
consumption due to specialized hardware e.g. for NAT offloading.

------
dzhiurgis

      swapping in new gear because an old router could no longer keep up with increasing Internet speeds available in the area
    
      upgraded from 1.5-9mbps traditional T1 connections to 50mbps coax (cable)
    

Easter Europe is laughing at you

------
riobard
Is there anyway to make a router using just a single port ethernet? I'd like
to have an Intel NUC to act as the main router, but it has only a single
ethernet port.

~~~
kijiki
Netgear has a cheap 5 port switch (GS105e, IIRC) that can do VLANs and
trunking. There also have larger models.

You'd configure the switch port that the router is plugged into as a trunk,
and then configure the other 4 switch ports as untagged in different VLANs
(say, 101 for port 1, 102 for port 2, and so on).

On the router side, you can use vconfig to create VLAN subinterfaces for each
VLAN. You'd end up with eth0.101, eth0.102, and so on.

You then just ignore eth0 on the router, and use eth0.# interfaces as stand-
ins for the various switch ports. You can put them in Linux bridges, route to
and from them, and so on.

This is internally how most cheap wireless routers work. The CPU has only 1 or
2 ethernet interfaces, and an small onboard switch chip.

Link level things like LLDP and STP may or may not work right with this
config, depending on exactly how the switch chip (on board on a cheap wireless
router, in the netgear switch for this DIY version). But most home and small
business routers don't support LLDP and STP anyway.

~~~
riobard
Thanks a lot for the guide!

------
spb
How would performance stack up versus the consumer routers if you just used a
Raspberry Pi B+ / Zero, with additional network interfaces added via USB?

------
Tomte
I fondly remember fli4fl
([https://en.wikipedia.org/wiki/Fli4l](https://en.wikipedia.org/wiki/Fli4l)).

------
esaym
I run Shorewall on Debian hosted on top of xen on a dual core Atom. This is
for my home. I dont think I would run that at an office though.l

------
SG-
I would have also liked to see how the routers performed with QoS enabled
since that really seems to strain them even more.

------
vlucas
This article makes me glad I purchased a Netgear Nighthawk R7000 a year or so
ago :)

------
anon4
What about MikroTik?

