[NNagain] upgrading old routers to modern, secure FOSS

Dave Taht dave.taht at gmail.com
Mon Oct 23 13:58:05 EDT 2023 

On Mon, Oct 23, 2023 at 10:04 AM Dave Taht <dave.taht at gmail.com> wrote:
>
> I loved that this guy and his ISP burned a couple weeks learning how
> to build openwrt, built something exactly to the need, *had it work
> the first time* and are in progress to update in place 200+ routers to
> better router software, that just works, with videoconferencing, IPv6
> support, and OTA functionality. No need for a truck roll, and while
> the available bandwidth deep in these mountains in Mexico is meager,
> it is now enough for most purposes.
>
> https://blog.nafiux.com/posts/cnpilot_r190w_openwrt_bufferbloat_fqcodel_cake/

In looking over that blog entry again today I know I overfocus on the
"bufferbloat" result, and the fact that he could indeed run a
speedtest while maintaining a good videoconfernce, which I really wish
more folk tested for. However it fails multiple checkboxes in the test
results, which others might be more inclined to look at.

4k video streaming: Failed. However this network is MORE than capable
of 1024p streaming. 4k is difficult to discern except on large,
expensive televisions. It was not all that long ago that 1024p was
considered good enough, and IMHO, still is.

Videoconferencing: Failed. Well, the test is wrong, probably having
too low a bar for the upload as a cutoff. Videoconferencing needs oh,
500kb/sec to work decently, and only facetime tends to try for 4k.
Having comprehensible voice, with a few video artifacts is ok,
incomprehensible voice, is not.

Low Latency gaming: Failed. The waveform test conflates two things
that it shouldn't - the effects of bufferbloat (none, in this case),
and the physical distance to the most local server, which was 70ms,
where the cutoff is 50ms in this test.

I wish that the city-dwellers of BEAD so in love with fiber would
insert 70ms of rural delay into all their testing. If someone would go
to all these enormous conferences about BEAD, and do that, the need
for cdns and uIXPs would become dramatically apparent in what they are
building out.

https://blog.cloudflare.com/tag/latency/

>
> I have no idea how many of this model routers were sold or are still
> deployed (?), but the modest up front cost of this sort of development
> dwarves that of deployment. Ongoing maintenance is a problem, but at
> least they are in a position now to rapidly respond to CVEs and other
> problems when they happen, having "seized control of the methods of
> computation" again.
>
> OpenWrt is known to run on 1700 different models, already, (with easy
> ports to obscure ones like this box) - going back over a decade in
> some cases.
>
> Another favorite story of mine was the ISP in New Zealand that
> deployed LibreQos and had all their support calls (from gamers and
> videoconferencers) cease overnight. The support tech, formerly drowned
> in angst from the users, set to work automating an reflashing 600 old
> agw routers they had "retired" on the shelf, and then distributing
> them to customers as extenders because the wifi finally worked right
> with the fq_codel stuff now in that release.
>
> I feel like I am tooting my own horn here a bit too much, but solving
> the right problems like MTTR, MTBF, bufferbloat, and taking back
> control of your software infrastructure while being able to customize
> it for purpose, and turning what otherwise would be ewaste into
> something that will last a decade more, is my inner "green", my inner
> stewart brand.
>
> Compare that to so many others being marketed to, to death, that buy
> the latest (and often inferior) thing, every few months, perpetually
> fooled by promises that do not pay off in the field, and often, really
> lousy MTBF. Good embedded software takes many years to develop, say,
> oh, 7, while the hardware cycle is closer to 2, nowadays, and requires
> many eyeballs to fully debug and get to lots of 9s of reliability.
>
> Back when I was even more radical about good, open, embedded, software
> than now, I used to say: "Friends don't let friends run factory
> firmware.". I do wish somehow the long term maintence costs of
> hardware with a decade plus service lifetime would be adaquately
> covered. Insurance? by law? a formal setaside from the purchase price?
> Otherwise we run the risk of turning the world's internet into a giant
> toxic waste dump that will require Superfund levels of cleanup, one
> day, and ever more contributions to trillions of dollars of fraud, and
> persistent actors having first broken down the front door, perpetually
> on the inside, wreaking more havoc. Somehow preventing that mess, up
> front, seems cheaper.
>
> Take this string of vulns:
> https://www.google.com/search?q=cisco+router+vulnerability
>
> (try that search string with *any* manufacturer - juniper, netgear, tplink,
>
> There is a new vuln going around about some very old software in a
> cisco mx series which is ancient and yet 100k+ are vulnerable -  (I
> worked on this while at montavista in the early 00s!)  - abandonware,
> toxic waste...
>
> Anyway, in Mexico at least, 200+ routers are going to be a lot better,
> through the actions of all that contribute to linux, openwrt, and one
> smart and caring engineer.
>
> --
> Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
> Dave Täht CSO, LibreQos



-- 
Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
Dave Täht CSO, LibreQos

More information about the Nnagain mailing list