Solving the Hostel Router Problem
There’s a few other things to say here for full catharsis, such as describing the hostel and / or the client management issues from a consultant’s perspective, but for this article we’ll focus solely on the Internet problem. By “client management” I’m referring to issues such as the fact that although the owner does want the Internet problem to be resolved, there may be a part of him that wishes the Internet did not exist and people would just talk to each other more.
Choosing a router and a cable modem are topics we have previously discussed on this blog; however, at that time our focus was on VoIP, which requires low latency and good streaming performance. This time we shall focus on how to choose the router that deals best with multiple simultaneous connections, which is what seems to be the choking point of router performance with institutional (i.e., commercial) usage patterns of this kind. A single bittorrent download could create hundreds if not thousands of connections, all potentially saturating the bandwidth, causing difficulties even in the latest generation of routers.
The hostel owner has unsuccessfully attempted on a few occasions to resolve the very low reliability of his network and this has become critical now, as they have finally moved from a paper-based registration system to a cloud-hosted one. Internet connectivity has become very important to their ability to function. Nonetheless, the network often slows down to a crawl and / or the router crashes and becomes unresponsive. Their provider is Blowgers and they’re paying for a business connection but the results in a regular afternoon (2pm EST) are pathetic and far below network potential, causing guests to get frustrated. Here’s their network vs. others in the neighbourhood, for comparison purposes.
dot: (CISCO SE5200 or RV180W ?) | underscore: (DIR615_E1 v5 ?): |
rooftop didn’t work, so Campus Co-op (WiFi): | U of T (New College residence): |
Most people he had consulted were unable to provide a reliable, time-tested solution for numerous reasons. In particular, asking a computer shop salespeople for advice is a bad idea, as their job is to make their customers happy about buying a router they carry, which may not necessarily suitable for this particular task / situation. And that is assuming they have the networking knowledge to understand their customer’s problem; after all, most customers have far less stringent requirements as they purchase routers solely for their homes.
At least one of those who attempted to solve the problem may not have had sufficient time to assess the situation and test / refine their solution.
Other “specialists” might try to push their favourite brands, which they may have heard of or even worked with. High quality commercial routers, however, are an overkill and can cost more than it would cost to retain a good expert who can solve this issue with much cheaper, commodity hardware. They also require significant expertise to set up and manage and this does not come cheap. Furthermore, the “brandscape” is changing very rapidly in this industry. For instance, Cisco had acquired Linksys a while back to beef up its router product line in the home / SOHO category, only to sell it to Belkin at the beginning of 2013. The same M&A feverish moves and new product launches take place at the top of the product line, quickly rendering brand affinity obsolete and futile.
Blind faith in a brand is a very poor substitute for due diligence and requisite work.
current situation
In this particular situation we did not have a chance to perform any real-world testing on the network (except for some summary, low-key investigation as a user), nor did we have physical access to the network equipment, so we are forced to “speculate” based on educated guesses.
It appears that the hostel is using one router connected to the Blowgers cable modem to do all the heavy lifting – NAT / IP masquerading, DHCP server – with a few other routers acting as WiFi extenders / repeaters or bridges (ddwrt-linking). This router is currently a Dlink DIR615 which wasn’t very well suited for this job even a few years back when it was purchased. A new Cisco router was recently purchased but this one doesn’t even appear on the chart below – all we can find in the chart is a model with an S in front of its model number, and that one is at the bottom of the chart below as well.
One solution previously tried was connecting the cable modem and the routers via a Gigabit switch and get the routers to each pull independently a DHCP lease from the cable modem. This would make more sense as long as Robbers’ TOS does allow for more than one IP (it typically does not). If it doesn’t and Blowgers is actively monitoring for such “abuse”, the network reliability would definitely suffer. The solution needed to be tested to ensure that there are no IP conflicts and that it performs as it should, but the person implementing it lacked sufficient time.
solution
Assuming that the problem is multiple connections caused by torrenting or other similar uses of the Internet, we find a chart on a website that tests and ranks routers according to this measure (see below in Sources for link):
As stated in their explanation, the absolute values can be safely ignored; what we really want is to exclude routers that are significantly below in ranking (such as the existing routers). The “top” router in the chart is there most likely due to a data entry error, as that result could not have been obtained through the described testing methods (one extra digit, perhaps?). An interesting feature of this chart is that hovering with the mouse over each router link provides the approximate price, but that’s not a major concern at this point. It is also unclear if they have started testing for UDP streaming; nonetheless, that would only be useful for other services.
The next step would be to find a router (or more), not below 30069 that is also supported by DD-WRT, the OSS firmware that can greatly expand the features and what a router can do and has been tested and installed on a very large number of routers. There is also the TomatoUSB project which is rumoured to be more user-friendly than DD-WRT, but suffers from serious fragmentation to the point where is quite difficult to determine what fork supports which router.
We find that the popular Cisco Maximum Performance Linksys E4200 is supported by dd-wrt:
Incidentally, this is the updated version of my old and trusty WRT610n on which I had already installed DD-WRT. I haven’t looked at the hardware on the new beast, but I would not be surprised if most of the updates consist in the firmware / web interface, which I would anyway replace with DD-WRT.
Once the router is purchased, I would recommend installing DD-WRT right away with the setup described previously:
- restrict torrenting during business hours via the dd-wrt router interface; this should not be banned completely as it does have some legit purposes
- institute WPA (WiFi) password changing on a daily, weekly or at least monthly basis with the current password written in the rooftop (or the kitchen) to prevent unauthorized users such as neighbours from freeloading; an analysis is needed to determine if this is an issue (it might not be a problem), but nonetheless such a rule would get precisely the people who are less likely to socialize (heavy Internet users) to discover the rooftop, which seems to be one of the hostel owner’s wishes
- set up QoS rules so that downloading / torrenting receives a much lower priority over business or VoIP use, allowing all uses to coexist without negatively interfering with each other; covered by : lh, dd-wrt-faq, cringely, td
- set up the other routers to act as wireless extenders, repeaters or bridges (ddwrt-linking) and test for uniform building coverage as well as channel interference, or use dedicated Wi-Fi extenders (see link to top 8 below); efficiency on this front is particularly important in a green hostel, considering a recent Dutch study that found this radiation to be harmful to trees and possibly humans
- force OpenDNS (the router can be set to intercept DNS calls to other servers and route them to OpenDNS); this should increase network resilience, prevent attacks such as DNS poisoning which ISP DNS servers are often wide open to, and allow fine grain control of the traffic via an easy to use interface
- setup OpenDNS with the following restrictions (the sites selected below are often used to disseminate malware / botnets and as such are a major security risk which can result in network takeover for flood / DOS purposes, causing the network to become unresponsive)
- further customize OpenDNS, if desired, by blocking specific domains (i.e., blacklisting), allowing specific domains that may be part of the wide categories above (i.e., whitelisting), and customizing blocking / error messages with the hostel logo + additional info, such as the hours when torrenting is allowed
- ensure that the cable modem is high quality and DOCSIS 3 compliant – this should be a last step, if all else fails, as the ISP-provided cable modem should be, in most cases, sufficient
- set up OTA / HDTV on the network in order to minimize streaming from the Internet and the implicit extra load on the router by people who need their entertainment fix; this is mostly a bonus service
- An FTA satellite dish would allow the reception of free and legal satellite channels such as BBC World service and many other international channels that are purposely beamed unencrypted. This would make many international guests happy and, together with the local networks now accessible via OTA (as described above), would render the current Blowgers TV cable subscription unnecessary. Satellite feeds may be made available on the network in parallel with the Blowgers subscription – this service could only be added after the network resilience has significantly improved.
Looking at the suggestions above, perhaps the most sensitive action in improving user satisfaction is setting up QoS properly on a router that isn’t total garbage, as that allows the most services and uses while simply prioritizing what is important and what is necessary and pushes torrenting and other uses to lower priorities without denying them. Unfortunately, QoS requires knowledge that not all “network specialists” have and most importantly, testing to ensure that the set rules perform as expected.
Sources / More info: ddwrt-linking, snb-chart, pcm-extenders, snb-rc, dd-rdb, eweb, tomato, opendns, odns-settings, cnet-rtest, th, snb-how
Comments