[NNagain] upgrading old routers to modern, secure FOSS

Sebastian Moeller moeller0 at gmx.de
Mon Oct 23 14:39:56 EDT 2023 

Hi Dave,


> On Oct 23, 2023, at 19:58, Dave Taht via Nnagain <nnagain at lists.bufferbloat.net> wrote:
> 
> On Mon, Oct 23, 2023 at 10:04 AM Dave Taht <dave.taht at gmail.com> wrote:
>> 
>> I loved that this guy and his ISP burned a couple weeks learning how
>> to build openwrt, built something exactly to the need, *had it work
>> the first time* and are in progress to update in place 200+ routers to
>> better router software, that just works, with videoconferencing, IPv6
>> support, and OTA functionality. No need for a truck roll, and while
>> the available bandwidth deep in these mountains in Mexico is meager,
>> it is now enough for most purposes.
>> 
>> https://blog.nafiux.com/posts/cnpilot_r190w_openwrt_bufferbloat_fqcodel_cake/
> 
> In looking over that blog entry again today I know I overfocus on the
> "bufferbloat" result, and the fact that he could indeed run a
> speedtest while maintaining a good videoconfernce, which I really wish
> more folk tested for. However it fails multiple checkboxes in the test
> results, which others might be more inclined to look at.
> 
> 4k video streaming: Failed. However this network is MORE than capable
> of 1024p streaming. 4k is difficult to discern except on large,
> expensive televisions. It was not all that long ago that 1024p was
> considered good enough, and IMHO, still is.

	[SM] With my aging eyes I agree "full HD" aka 1920 by 1080 still looks plenty fine to me, even on our biggest screen (43").However the older I get the less picky I get, even SD resolution will not keep me from watching things if the content is compelling ;)
	-> 4K streaming is reported as failure due to insufficient download capacity.


> Videoconferencing: Failed. Well, the test is wrong, probably having
> too low a bar for the upload as a cutoff. Videoconferencing needs oh,
> 500kb/sec to work decently, and only facetime tends to try for 4k.
> Having comprehensible voice, with a few video artifacts is ok,
> incomprehensible voice, is not.

	[SM] Videoconferencing reported as failure due to insufficient upload capacity, I am sure though that 10.6/3.46 Mbps will be enough for decent video conferencing for a single seat.

> 
> Low Latency gaming: Failed. The waveform test conflates two things
> that it shouldn't - the effects of bufferbloat (none, in this case),
> and the physical distance to the most local server, which was 70ms,
> where the cutoff is 50ms in this test.

	[SM] the cutoff is reported as "95th Percentile Latency < 40 ms" which is indeed harsh. 



Here is the expanded list of the grading rules:
We use the following criteria to determine if a particular service will work on your Internet connection. Of course, these criteria are far from perfect, but we think they’re a good general guideline.
	• Web Browsing:
		• Download speed > 2 Mbps
		• Upload speed > 100 Kbps
		• Latency < 500 ms
	• Audio Calls:
		• Download speed > 100 Kbps
		• Upload speed > 100 Kbps
		• 95th Percentile Latency < 400 ms
	• 4K Video Streaming:
		• Download speed > 25 Mbps
	• Video Conferencing:
		• Download speed > 10 Mbps
		• Upload speed > 5 Mbps
		• 95th Percentile Latency < 400 ms
	• Low Latency Gaming:
		• Download speed > 10 Mbps
		• Upload speed > 3 Mbps
		• 95th Percentile Latency < 40 ms



> I wish that the city-dwellers of BEAD so in love with fiber would
> insert 70ms of rural delay into all their testing.

	[SM] In fiber 70ms RTT is good for 70 *100 = 7000 Km, that is a lot of latency, sure there are other delays other than propagation delay, but I wish we could wire up more rural ares with better topologies that avoid 7000 Km detours... here however the issue might well be more cloudflare sparsity in MX, they only mention Maxico City and Queretaro... Maxico is quite large, but even then 70ms indicates clear potential.

BUT I also think that we should be able to build an internet infrastructure that can cope decently with such delays!


> If someone would go
> to all these enormous conferences about BEAD, and do that, the need
> for cdns and uIXPs would become dramatically apparent in what they are
> building out.
> 
> https://blog.cloudflare.com/tag/latency/
> 
>> 
>> I have no idea how many of this model routers were sold or are still
>> deployed (?), but the modest up front cost of this sort of development
>> dwarves that of deployment. Ongoing maintenance is a problem, but at
>> least they are in a position now to rapidly respond to CVEs and other
>> problems when they happen, having "seized control of the methods of
>> computation" again.
>> 
>> OpenWrt is known to run on 1700 different models, already, (with easy
>> ports to obscure ones like this box) - going back over a decade in
>> some cases.
>> 
>> Another favorite story of mine was the ISP in New Zealand that
>> deployed LibreQos and had all their support calls (from gamers and
>> videoconferencers) cease overnight. The support tech, formerly drowned
>> in angst from the users, set to work automating an reflashing 600 old
>> agw routers they had "retired" on the shelf, and then distributing
>> them to customers as extenders because the wifi finally worked right
>> with the fq_codel stuff now in that release.
>> 
>> I feel like I am tooting my own horn here a bit too much, but solving
>> the right problems like MTTR, MTBF, bufferbloat, and taking back
>> control of your software infrastructure while being able to customize
>> it for purpose, and turning what otherwise would be ewaste into
>> something that will last a decade more, is my inner "green", my inner
>> stewart brand.
>> 
>> Compare that to so many others being marketed to, to death, that buy
>> the latest (and often inferior) thing, every few months, perpetually
>> fooled by promises that do not pay off in the field, and often, really
>> lousy MTBF. Good embedded software takes many years to develop, say,
>> oh, 7, while the hardware cycle is closer to 2, nowadays, and requires
>> many eyeballs to fully debug and get to lots of 9s of reliability.
>> 
>> Back when I was even more radical about good, open, embedded, software
>> than now, I used to say: "Friends don't let friends run factory
>> firmware.". I do wish somehow the long term maintence costs of
>> hardware with a decade plus service lifetime would be adaquately
>> covered. Insurance? by law? a formal setaside from the purchase price?
>> Otherwise we run the risk of turning the world's internet into a giant
>> toxic waste dump that will require Superfund levels of cleanup, one
>> day, and ever more contributions to trillions of dollars of fraud, and
>> persistent actors having first broken down the front door, perpetually
>> on the inside, wreaking more havoc. Somehow preventing that mess, up
>> front, seems cheaper.
>> 
>> Take this string of vulns:
>> https://www.google.com/search?q=cisco+router+vulnerability
>> 
>> (try that search string with *any* manufacturer - juniper, netgear, tplink,
>> 
>> There is a new vuln going around about some very old software in a
>> cisco mx series which is ancient and yet 100k+ are vulnerable -  (I
>> worked on this while at montavista in the early 00s!)  - abandonware,
>> toxic waste...
>> 
>> Anyway, in Mexico at least, 200+ routers are going to be a lot better,
>> through the actions of all that contribute to linux, openwrt, and one
>> smart and caring engineer.
>> 
>> --
>> Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
>> Dave Täht CSO, LibreQos
> 
> 
> 
> -- 
> Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
> Dave Täht CSO, LibreQos
> _______________________________________________
> Nnagain mailing list
> Nnagain at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain

More information about the Nnagain mailing list