
How I doubled my Internet speed with OpenWRT - arkenflame
https://msol.io/blog/tech/2015/03/10/how-i-doubled-my-internet-speed-with-openwrt/
======
jfroma
I use this very same feature of openwrt to load balance between my two ISPs.
Here in argentina neither of the two ISP are reliable, but cheap enought if
you really use then and you need reliability. I recommend multiwan3 as the op
suggest, other pkgs didnt work for me. Some modern routers have two radios for
2.5 and 5ghz, but even with one radio openwrt allows you to set it up as
client and ap. I find other features of openwrt quite amazing like dnsmasq. It
is a really powerful firmware.

~~~
listic
I was going to go with pfSense for that feature. Do you think it makes sense?

~~~
pyvpx
pfSense is a re-packaged FreeBSD. you'll find pfSense doesn't support as wide
a variety of platforms (anything MIPS) or wireless cards.

~~~
anonbanker
that's quite disingenuous. it uses pf, openSSH, and LibreSSL (in development
version) from OpenBSD on top of a FreeBSD core, and it's wireless card support
is not very much below linux (though you might need to work to get it up).

if you have older x86 hardware, it's hard to top pfsense.

------
CodeWriter23
Xfinity says your wireline speed will not be impeded by others who are using
WiFi via the xfinitywifi shared service. Since DOCSIS 3.0 has no limit on the
maximum number of channels (source
[http://en.wikipedia.org/wiki/DOCSIS#Bandwidth_tables](http://en.wikipedia.org/wiki/DOCSIS#Bandwidth_tables)
), I believe in order to make that claim, they have to allocate additional
channels to the xfinitywifi traffic.

BUT OP will only double his bandwidth if he is purchasing a rate less than or
equal to the actual realized throughput of his WiFi connection, somewhere from
50-90Mbps.

Additionally, all Cable modems have some kind of throttling because the speeds
offered by ISPs (30x5, 100x8, etc.) are not evenly divisible by the per-
channel rate of DOCSIS 2.0/3.0 (38Mbps Down, 27Mbps up).

And then there's this: [http://www.dslreports.com/forum/r29743167-Signals-
Report-16-...](http://www.dslreports.com/forum/r29743167-Signals-
Report-16-Downstream-Channel-Bonding-Here)

~~~
windexh8er
Every modem has a finite number of channels it can bond. Up and down are
different. Also the CMTS (the device the cable modem connects to) limits the
number of bonds per source modem.

A piece of coax has a finite amount of bandwidth it can carry. As modulation
schemes get better (QAM256) you can do more with less.

To say DOCCIS 3 is limitless is not taking into consideration the hardware and
frequency constraints. The more frequency you allocate to Internet the less is
available for other programming (TV).

~~~
CodeWriter23
Yes, and more than a couple of people have observed downstream 16 channel
bonding on Comcast. That would be 4 times as many as you cited "Most commonly
4 channel bond on the downstream and 2 on the up", in your post that I failed
to reply to.

~~~
windexh8er
I have Comcast 100Mb service and have 4 QAM256 bonded downstream right now.
I've deployed and managed these networks (as a Comcast subsidiary in fact). 16
down doesn't mean anything other than fragmented frequency usage.

If you have a Motorola cable modem go to: 192.168.100.1 to get to the web UI
of your Surfboard. Click on the "Signal" tab at the top. My guess is the
majority of people will see 4 x bonded down. Probably 2-3 bonded up using a
lesser QAM as well.

Not sure why all the hate - I'm a network engineer who's dealt with these
networks and a lot of what's been posted here is incorrect.

~~~
philiplu
Surfboard 6141 here on Comcast, and the Signal page is showing 8 QAM256
channels downstream, 4 QPSK/64QAM up. Speedtest.net has been showing 125M
down/12M up for the past few months, which was a silent bump up from the 75/10
I noticed before that (Seattle Eastside area).

I'm curious how much faith to put in the speedtest numbers. Does Comcast
detect speedtest, or is that what I'd really get elsewhere as well?

~~~
NKCSS
If you google for 100mb.bin or 1000mb.bin you'll find a lot of
networks/exchanges that offer files for speedtest purposes if you want to
independantly verify.

Here's a list: [http://www.glasvezel.nu/speedtest-servers-100mb-1000mb-
bin](http://www.glasvezel.nu/speedtest-servers-100mb-1000mb-bin)

------
TD-Linux
I also have XfinityWifi. The box that provides it is extremely buggy. I
recommend setting it to "Bridge mode" (which turns it into a dumb modem) and
then using OpenWRT in a normal, router configuration. You get a really good
speed boost, especially over wifi, just by taking Xfinity's routing out of the
equation.

------
sajal83
Another way for "bonding" would be to use mptcp ( [http://multipath-
tcp.org](http://multipath-tcp.org) ). You might need to patch and build
openwrt yourself for it... The key difference is with mptcp each individual
tcp connection uses both connections at the same time, rather than picking a
lottery.

I blogged about my setup at [http://www.sajalkayan.com/post/fun-with-
mptcp.html](http://www.sajalkayan.com/post/fun-with-mptcp.html)

~~~
pyvpx
so many middleboxes out there, unfortunately. I've had success with both GRE
and LISP tunnels in addition to utilizing MPTCP.

------
m0skit0
Am I the only one that sees missing letters?

[http://s2.postimg.org/vpba0a1wp/image.png](http://s2.postimg.org/vpba0a1wp/image.png)

~~~
MrRadar
I'm seeing corrupted 'r's in the section headings.
[http://i.imgur.com/v7HZcQI.png](http://i.imgur.com/v7HZcQI.png) (Firefox 36,
Win 7 x64, AMD Radeon HD 7770)

~~~
Havoc
Same. Win 8 64/ Chrome / nvidia 860

------
tkmcc
Do xfinitywifi hotspots permanently authenticate clients based only on their
MAC addresses? A malicious client could easily find the MAC address of any
device connected to a xfinitywifi hotspot (by using e.g. airodump-ng [0]) and
then spoof that device's MAC address on their own computer to access the
internet via the hotspot without any authentication.

[0] [http://www.aircrack-ng.org/doku.php?id=airodump-ng](http://www.aircrack-
ng.org/doku.php?id=airodump-ng)

~~~
aselzer
That's basically the only way to do it. If it were really clever, it could
ignore packets based on vendor extensions and device characteristics. They are
not that easy to spoof (you would have to modify the driver, as opposed to
just changing the MAC).

I actually use this method to use school WiFi anonymously (or rather, as
someone else).

~~~
CHY872
Mm not entirely - I'd imagine that they could fairly easily run wpa-
enterprise, authenticating against Comcast servers. Then when a user tries to
connect, they'd be asked for their Comcast creds, which they could type in
once, and then be authenticated with on all such servers.

It's how eduroam works, and that works fairly flawlessly (provided the routers
have enough bandwidth).

------
gtwy
I'm sorry but I can't take the author's advice on speed seriously when he's
using Comcast's charge-you-every-month modem which is known to get terrible
speeds to begin with. Let alone someone who is running wifi between their
router and their modem.

If you want the fastest speeds on Comcast, pick up a DOCSIS 3 Motorola
Surfboard modem. I'm paying for 100/20\. This is what I get with my surfboard
[http://www.speedtest.net/my-result/4251868226](http://www.speedtest.net/my-
result/4251868226)

~~~
narrowrail
If you reread the post, it is his neighbor that is renting the modem/router,
not him.

------
0x0
Doesn't the xfinitiwifi inject ads MITM-style? I recall seeing some weird html
overlays with xfinity ads on random web pages last time I browsed over one of
these SSIDs.

~~~
ars
> Doesn't the xfinitiwifi inject ads MITM-style?

No.

I feel like this post should be longer, but I can't think else to say. The
answer to your question is: No.

~~~
hueving
Well your post seems to be at odds with sibling comments. What is your source
of information?

------
mwsherman
I don't see any benchmarks, did I miss them? I suspect this doesn't double
bandwidth, the packets all end up over the same neighborhood network.

The only way it would increase bandwidth is if it evades artificial throttles.
Having two connections to the same (neighborhood) pipe seems useless.

~~~
ricardobeat
UPC has a similar system, where the guest network has extra bandwidth, on top
of your own subscription. Even if Comcast doesn't do this, he is leeching off
his neighbour's connection and not his own.

~~~
davej
Was interested in this so I did a bit of investigation into whether it makes
sense with UPC.

UPC only makes a small amount of bandwidth available on the 'Wi Free' (UPC's
version of Xfinity) network, seems to be about 2.5mbps down and 0.5mbps up. In
my country (Ireland), the minimum package you need to get 'Wi-Free' is 120mbps
down, so It's not really worth the effort for an extra 1% bandwidth.

------
moron4hire
So this works because you have neighbors who are also on Comcast and you can
leach bandwidth from them?

~~~
grok2
The article is talking about also using the additional WiFi hotspot that every
Comcast modem they provide you with has (not leaching from a neighbor).
[http://arstechnica.com/tech-policy/2014/12/comcast-sued-
by-c...](http://arstechnica.com/tech-policy/2014/12/comcast-sued-by-customers-
for-turning-routers-into-public-hotspots/)

~~~
shmerl
But that hotspot goes through the same line that neighbors are connected with,
no? Or Comcast doesn't count the hotspot traffic towards the plan bandwidth?

~~~
FireBeyond
It counts it towards your data cap (if you are subject to it), but not to the
bandwidth available under your plan.

~~~
moron4hire
That's the worst. I have more than enough bandwidth for Netflix, but I
frequently hot my data cap.

I don't think there is such a thing as a comcast account without a data cap.

~~~
FireBeyond
I pay for a business account (but I work from home). No caps, no torrent or
other throttling, no port blocking (back in the days when I ran my own mail
server), optional static IPs. But you definitely pay for it.

~~~
moron4hire
I might gave to go that route. Thanks for reminding me.

------
andrewhillman
I just had comcast to my home last week. I pay for 120 mbps but when connected
via cat 5 it only reached 90 max mbps which would fine considering when using
a wifi router it only reaches around 30 mbps. I have moved around the wifi
router but it doesn't make much of a difference. The technician told me the
120 mbps that I am being charged for is for for direct access and wifi won't
reach 120mbps. I complained to customer care saying if I go to the grocery
store and pay for 120 items, I expect to get 120 items, not 30 items. I told
them they should tell people upfront that 120 mbps is when you are plugged in
directly since most people use a wifi router but this still doesn't make sense
to me since they can easily downgrade you to, say, 6 mbps without a problem.

Does anyone know if this OpenWRT works? I would love to push my speed to its
limits. Comcast pretty much has a monopoly in my city and they are not very
helpful.

~~~
icebraining
I don't see the problem. If you paid for 120 items and you can't carry them in
your car, it's not the grocery store's fault, even if "most people" used small
cars.

If you want to get a better Wifi connection, get a good router and plug it in
to the one installed by Comcast.

~~~
minot
Personally, I got an Asus router as well so this does not affect me. However,
I can understand this from an average customer's point of view. It would be
nice for the ISP to give a router that is good enough for the speed that they
advertise. The router should not be the bottleneck.

------
aceperry
Now that the op has published this workaround, I have the feeling that Comcast
will take steps to stop this from happening. Comcast's version of "customer
service."

------
chatmasta
I'm surprised nobody has mentioned this in the thread but you can actually opt
out of the xfinitiwifi thing. The deal is that you can use any of the hotspots
if you have a comcast account and also share your router. If you opt out, you
can no longer use the xfinitiwifi hotspots but nobody can use yours either.

~~~
mintplant
Have you tried opting out? When my dad did, he ran into a mess of broken links
and incorrect support pages. Eventually he got someone to opt him out over the
phone... only to have the "xfinitywifi" network pop back up the next day. It
took a few more tries to have it actually disabled once and for all.

I imagine the less technically-inclined would have given up a lot earlier in
the process.

~~~
chatmasta
Actually, that did happen to me and I ended up just forgetting about it. At
the time I also wondered if it was intentional.

In fact I've noticed conveniently broken web pages from multiple large
corporations. I've ran into this issue when attempting to access privacy
policies and other disclosures.

There certainly may be something nefarious about this. Comcast could certainly
get away with it.

------
logone
Could something like this (two ISP connections) be combined to use the speed
of both links at once (i.e. speed up a single connection). Perhaps with the
aide of a remote VPS?

------
nrahnemoon1
Very cool. In practice, unless you live next to a coffee shop, there'd almost
never be anyone connected to your xfinity wifi network, so you'd get the full
bandwidth anyhow. Although, if your neighbor has xfinity wifi, it'd be a smart
way to leach off your neighbor's bandwidth.

Also, because your router is a routed client of the xfinity wifi network, I'd
imagine there'd be a big increase in latency. It'd be interesting to see the
before/after speed test results.

~~~
cbabraham
I think you can connect to your neighbors xfinity hotspot without using up any
of their private bandwidth allocation. The hotspot connection gets its own.

~~~
nrahnemoon1
That's what they want you to think. ;)

------
windexh8er
What the author doesn't realize is he's doubled nothing. DOCCIS networks are
shared mediums. That means you have to double bandwidth by increasing the
number of channels you have. Newer DOCCIS modema are already bonding channels
today. Most commonly 4 channel bond on the downstream and 2 on the up. By
connecting to the cable modem twice, via two different routes, does nothing to
change the available bandwidth available to the users behind the CPE (cable
modem). As some have stated you could do this against your neighbors modem to
share more channels on the cable media, however your neighbor is on the same
HFC node and sharing the same available bandwidth to how many other users are
connected to that node. You may get a few extra megabit but its the latency
that will make that portion of the link "slower" so you really won't improve
things much, if at all.

The best way to improve consumer Internet connection is to get a fast router
that can route fast _in hardware_. I'm always amazed people think a SOHO
device doing WiFi, NAT, DHCP, DNS, etc. on gimped hardware is "fast". The
majority of time it's not and real improvements can be realized with dedicates
hardware. Meaning that until you split service off from routing using cheap,
consumer SOHO gear, will most always be the bottleneck.

~~~
pat2man
His connection is probably throttled. This essentially doubles his throttled
bandwidth.

~~~
windexh8er
Having worked with deployment of these networks (DOCCIS 3) for a Comcast
subsidiary I can tell you this is not true. If you have 10Mb the non-guest
network is prioritized. But you cannot use more than 10Mbit between the two.
As stated, the author has doubled nothing.

~~~
icebraining
You can if you use _the neighbor 's_ guest connection.

~~~
windexh8er
The author doesn't implicitly state this, only that his neighbor also has it.
You're still failing to understand that a $50 SOHO router has a cheap
transceiver and getting to your neighbors guest network is far more latent and
prone to dropped packets and errors due to the distance. Also the embedded
transceiver in the cable modem is competing with a lot of local RF from the
cable modem.

Again, he's not doubling his bandwidth based on the above and a whole host of
other reasons beyond these.

For those who try I'd say post true bandwitdh and latency test comparisons
using multiple sessions that are shown using both links. Its actually pretty
funny to me, having been in network engineering for well over a decade, that
people are so passionate that they're sticking it to Comcast and "doubling"
bandwidth with nothing to back it up. But, whatever floats your boat.

~~~
icebraining
If you read carefully, I wrote "You can", not "(S)he has"; I was saying you
can use more than 10Mbit, not that the bandwidth has doubled.

------
josh2600
This is all well and good until you start doing anything with address
sensitive replies. For example a VoIP call would need some way of anchoring
the packets to a specific connection for the duration of the call (some kind
of session pinning would be ideal).

I like the idea but I wonder how it performs on many use cases (like Skype or
online gaming).

~~~
tres
routing should be 'sticky' to an ip address; connections to any given ip
address should use the same outbound route for the duration of that
connection.

from
[http://wiki.openwrt.org/doc/howto/mwan3](http://wiki.openwrt.org/doc/howto/mwan3)

 _Linux outgoing network traffic load-balancing is performed on a per-IP
connection basis – it is not channel-bonding, where a single connection (e.g.
a single download) will use multiple WAN connections simultaneously_

~~~
josh2600
Ahh cool! That's way better. I thought it was just channel bonding.

I can still easily imagine a conflict where your signaling IP and your media
IP are different in VoIP, but binding connections to IP addresses is pretty
reasonable.

------
ausjke
used openwrt for 8 years but never used this feature, looks cool. as a matter
of fact I'm updating my home-router with newest openwrt head right now

------
late2part
Awesome hack!

------
enraged_camel
So it requires access to a second wireless network, as well as a router that
supports OpenWRT _and_ has two radios.

I don't see anything particularly noteworthy here. He just happens to have a
very specific setup and is leveraging it.

~~~
ssully
I think it's noteworthy only because of how wide spread Comcast's newer
router's are becoming, specifically in dense areas in the United States. It's
a technique that obviously isn't ground breaking or that technical, but it's
actually viable because of these new routers Comcast is renting out as their
standard router now.

I live in a typical neighborhood in Chicago; houses are spaced apart enough to
where you don't get a ton of wifi overlap, but enough to see a handful of your
neighbors networks. I noticed the first "XfinityWifi" network about mid/late
last year and now will see between 2 - 3 from my house. I found this post
interesting because of how he is leveraging these, relatively, open
connections.

------
jebblue
He's connecting to his neighbor's router seemingly without permission.

"When you rent a cable modem/router combo from Comcast (as one of my nearby
neighbors apparently does)"

It may be illegal:

[http://en.wikipedia.org/wiki/Legality_of_piggybacking](http://en.wikipedia.org/wiki/Legality_of_piggybacking)

Comcast is not on the EFF's list of Wireless Friendly ISP's (referenced in the
Wiki article):

[https://www.eff.org/pages/wireless-friendly-
isps](https://www.eff.org/pages/wireless-friendly-isps)

Even if it were:
[http://compnetworking.about.com/od/wirelessfaqs/f/legal_free...](http://compnetworking.about.com/od/wirelessfaqs/f/legal_free_wifi.htm)

"Using a neighbor's wireless access point may not be legal even with their
permission. "

~~~
icehawk
xfinitywifi is provided by Comcast, you need a valid comcast login to connect.
He is a Comcast subscriber himself, and thus he has a valid Comcast login.

~~~
jebblue
It has not been proven that Comcast has the authority to do this:

[https://www.techdirt.com/articles/20141208/13222529362/comca...](https://www.techdirt.com/articles/20141208/13222529362/comcast-
sued-over-router-update-that-makes-your-wi-fi-hotspot-public-ignores-your-opt-
out-preferences.shtml)

It has been proven that in many places at least in the US, it is illegal and
in some cases is a felony.

Edit: Further, it is not a good idea to connect to any known SSID unless you
know for a fact that it can be trusted:

[http://arstechnica.com/security/2014/06/free-wi-fi-from-
xfin...](http://arstechnica.com/security/2014/06/free-wi-fi-from-xfinity-and-
att-also-frees-you-to-be-hacked/)

Your neighbor might be hacking you while you think you are legally using their
hardware.

~~~
tedunangst
What is a felony? Using Comcast?

~~~
jebblue
Using Comcast with your own equipment and none owned by any one else outside
your home? I'm not a lawyer.

Anything else including what the author describes, using his neighbor's
equipment without their permission even if he thinks Comcast has the legal
authority to authorize it (and documentation in the links I provided
challenges that notion) then it's not for me to say; I'm not a lawyer.

