<div dir="auto">Hi David,<div dir="auto"><br></div><div dir="auto">I'm glad it helped. </div><div dir="auto"><br></div><div dir="auto">The reason for the breakouts are a few things:</div><div dir="auto"><br></div><div dir="auto">o) reduce the fault domain when a failure occurs, including a power supply failure which is exacerbated by POE. (I don't use POE)</div><div dir="auto">o) leverage different non recurring engineering (NRE) pools, i.e. each domain is done by engineers specializing in that domain. Any group that claims deep expertise in all are fooling themselves </div><div dir="auto">o) Gateways tend to use a programmable forwarding plane, typically via CPUs or NPUs. This is both a fault and attack service. 802.3 forwarding is so well known it should be done in RTL and realized in transistors. </div><div dir="auto"><br></div><div dir="auto">An all-in-one gateway goes against this. It's cheaper and easier but not robust enough by my opinion.</div><div dir="auto"><br></div><div dir="auto">As an aside, the Space Shuttle computer system handled byzantine faults similarly, 4+1 redundant computers that voted at check points. Coded by different contractors. </div><div dir="auto"><br></div><div dir="auto">I started my career working networks for the initial Space Station design. We had to identify fault domains first, then build fault tolerance and redundancy per those. It was called FDIR - fault detection isolation and recovery.</div><div dir="auto"><br></div><div dir="auto">I then went to Cisco where router engineers thought it ok to have buggy code and hammer resets because the protocols were designed for self healing. But that healing takes time and causes disruptions, e.g latency spikes. </div><div dir="auto"><br></div><div dir="auto">APs are closer to the latter. Fi-Wi with remote radio heads will be closer to the former. </div><div dir="auto"><br></div><div dir="auto">Bob</div><div dir="auto"><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sat, Mar 15, 2025, 11:49 AM Daniel Ezell via Nnagain <<a href="mailto:nnagain@lists.bufferbloat.net">nnagain@lists.bufferbloat.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This is one of the most helpful posts on this list ever. I appreciate the whole scope of the discussion, but from time to time you guys drop a gem of helpful advice for my real-world needs. Nothing may ever top Dave’s 2021 email with the crontab script for updating OpenWrt, but this will certainly be a reference for me as I prepare my home for the upcoming revelation of 10G Sonic Fiber later this year. Thank you Bob, and thank you all. <br>
<br>
Daniel Ezell<br>
<a href="https://chronos.academy" rel="noreferrer noreferrer" target="_blank">https://chronos.academy</a><br>
<br>
> On Mar 15, 2025, at 11:16 AM, Robert McMahon via Nnagain <<a href="mailto:nnagain@lists.bufferbloat.net" target="_blank" rel="noreferrer">nnagain@lists.bufferbloat.net</a>> wrote:<br>
> <br>
>> <br>
>> In case it's not clear. I am NOT happy with how device manufacturers ship old<br>
>> code and never update it.<br>
>> <br>
> <br>
> I was unhappy about my home network and my paying job is to provide<br>
> components for such.<br>
> <br>
> My home network wasn't resilient enough to carry entertainment,<br>
> productivity (including distance learning) and medical traffic.<br>
> <br>
> The fixes so far have been:<br>
> <br>
> o) Don't use an all in one AP anywhere, just use it for wireless bridging<br>
> o) Use a fronthaul architecture (2.5G - will go to 100G when Fi-Wi is ready)<br>
> o) Use a dedicated firewall & dhcp server with AQM such as fq_codel (I<br>
> use a protectcli vault)<br>
> o) Connect the APs (4 for me in 100 sq ft) configured in bridge mode<br>
> and optimize spacetime, allow for proper RF overlap - not too much,<br>
> not too little, but just right like the story says.<br>
> o) Use AP's that support the 6G band<br>
> o) Use keep connect devices to detect AP failures and power cycle them<br>
> (hammer approach)<br>
> o) Use separate ethernet switches where 802.3 switching is needed<br>
> (don't use the AP integrated switches, they go down per the crappy<br>
> gateway sw you're likely talking about)<br>
> o) Implement DHCP guard to protect against rogue DHCP servers<br>
> <br>
> Then for monitoring<br>
> o) Install rpi 5bs with INTC BE200 and pcie Wi-Fi adapters in the<br>
> rooms that need monitoring<br>
> o) Install kismet and integrate with kismet to monitor<br>
> o) Turn on firewall & WAN port monitoring services<br>
> <br>
> Only access to devices is ssh with encryption keys, and configure ssh<br>
> passwordless access.<br>
> <br>
> Now, my family can be entertained, do their work and learning, and use<br>
> their medical instruments with high in-home reliability.<br>
> <br>
> It's a thankless job we Dads must do. The home frustration level goes<br>
> way down and the complaints of "Dad, the internet isn't working again"<br>
> have gone away - except for when the OSP goes down. The OSP provider<br>
> tends to send information to me when that happens so my family can<br>
> work around it.<br>
> <br>
> Bob<br>
> <Medical-Devices-with-Wi-Fi-03-15-2025_10_41_AM.png>_______________________________________________<br>
> Nnagain mailing list<br>
> <a href="mailto:Nnagain@lists.bufferbloat.net" target="_blank" rel="noreferrer">Nnagain@lists.bufferbloat.net</a><br>
> <a href="https://lists.bufferbloat.net/listinfo/nnagain" rel="noreferrer noreferrer" target="_blank">https://lists.bufferbloat.net/listinfo/nnagain</a><br>
<br>
_______________________________________________<br>
Nnagain mailing list<br>
<a href="mailto:Nnagain@lists.bufferbloat.net" target="_blank" rel="noreferrer">Nnagain@lists.bufferbloat.net</a><br>
<a href="https://lists.bufferbloat.net/listinfo/nnagain" rel="noreferrer noreferrer" target="_blank">https://lists.bufferbloat.net/listinfo/nnagain</a><br>
</blockquote></div>