[NNagain] upgrading old routers to modern, secure FOSS
Dave Taht
dave.taht at gmail.com
Mon Oct 23 13:04:02 EDT 2023
I loved that this guy and his ISP burned a couple weeks learning how
to build openwrt, built something exactly to the need, *had it work
the first time* and are in progress to update in place 200+ routers to
better router software, that just works, with videoconferencing, IPv6
support, and OTA functionality. No need for a truck roll, and while
the available bandwidth deep in these mountains in Mexico is meager,
it is now enough for most purposes.
https://blog.nafiux.com/posts/cnpilot_r190w_openwrt_bufferbloat_fqcodel_cake/
I have no idea how many of this model routers were sold or are still
deployed (?), but the modest up front cost of this sort of development
dwarves that of deployment. Ongoing maintenance is a problem, but at
least they are in a position now to rapidly respond to CVEs and other
problems when they happen, having "seized control of the methods of
computation" again.
OpenWrt is known to run on 1700 different models, already, (with easy
ports to obscure ones like this box) - going back over a decade in
some cases.
Another favorite story of mine was the ISP in New Zealand that
deployed LibreQos and had all their support calls (from gamers and
videoconferencers) cease overnight. The support tech, formerly drowned
in angst from the users, set to work automating an reflashing 600 old
agw routers they had "retired" on the shelf, and then distributing
them to customers as extenders because the wifi finally worked right
with the fq_codel stuff now in that release.
I feel like I am tooting my own horn here a bit too much, but solving
the right problems like MTTR, MTBF, bufferbloat, and taking back
control of your software infrastructure while being able to customize
it for purpose, and turning what otherwise would be ewaste into
something that will last a decade more, is my inner "green", my inner
stewart brand.
Compare that to so many others being marketed to, to death, that buy
the latest (and often inferior) thing, every few months, perpetually
fooled by promises that do not pay off in the field, and often, really
lousy MTBF. Good embedded software takes many years to develop, say,
oh, 7, while the hardware cycle is closer to 2, nowadays, and requires
many eyeballs to fully debug and get to lots of 9s of reliability.
Back when I was even more radical about good, open, embedded, software
than now, I used to say: "Friends don't let friends run factory
firmware.". I do wish somehow the long term maintence costs of
hardware with a decade plus service lifetime would be adaquately
covered. Insurance? by law? a formal setaside from the purchase price?
Otherwise we run the risk of turning the world's internet into a giant
toxic waste dump that will require Superfund levels of cleanup, one
day, and ever more contributions to trillions of dollars of fraud, and
persistent actors having first broken down the front door, perpetually
on the inside, wreaking more havoc. Somehow preventing that mess, up
front, seems cheaper.
Take this string of vulns:
https://www.google.com/search?q=cisco+router+vulnerability
(try that search string with *any* manufacturer - juniper, netgear, tplink,
There is a new vuln going around about some very old software in a
cisco mx series which is ancient and yet 100k+ are vulnerable - (I
worked on this while at montavista in the early 00s!) - abandonware,
toxic waste...
Anyway, in Mexico at least, 200+ routers are going to be a lot better,
through the actions of all that contribute to linux, openwrt, and one
smart and caring engineer.
--
Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
Dave Täht CSO, LibreQos
More information about the Nnagain
mailing list