8mo ago

Getting Fiber - Please Help Me Understand Routers

Hi Folks,

I host a nextcloud instance, a NAS, and a few content portals for things like ebooks and music (internal only). I'll be migrating Smartthings to Home Assistant eventually. We're going to be upgrading to fiber soon and I have the opportunity to rebuild my wife's network with a long term outlook (we'll likely be here for years). Currently we have an older eero mesh system over cable internet. My desk is right where the cable currently comes in so all my Ethernet devices can live near the router.

My question is this:

What am I missing out on as a self-hoster by using whatever equipment metronet gives me?

What am I missing out on as a regular internet user by using the default equipment.

Am I likely to be annoyed about where the fiber comes into the house?

If it makes sense to buy my own router or access point(s), what is a reasonable balance between "daddy Bezos please read all my emails" and "you'll never be secure until you build a router from custom circuit boards you custom ordered and hand assembled in a secure area".

I'd like to avoid complex configuration, but if I can surface advanced options when needed, that would be great.

My Linux knowledge is intermediate. My networking knowledge is begintermediate.

16 comments

I would suggest getting a router that runs OpenWRT or OPNsense. That will let you configure anything you need to. It's open source firmware so it will respect your privacy.
If you go with OPNsense, you will need separate access points since it runs on a PC. The Unifi access points work well for that.
- I'm ashamed to admit I totally forgot about ddwrt/openwrt. It's been a decade or so since I messed with that. Good call.
  
  OpenWRT and dd-wrt are very different. OpenWRT is as open as can be and dd-wrt is designed to be more compatible with Broadcom though special licensing.
  Basically stick with OpenWRT or OPNsense. With OpenWRT you need to manually update to get security patches which can be inconvenient. I'm not sure about OPNsense.

You can strike a balance with higher-end (in quality) consumer or small business networking gear.
If it’s in your budget, I’d suggest buying a simple router like the Ubiquiti Edgerouter X, run some Ethernet and rely on a switch and access points for WiFi (I use Ubiquiti U6 Pro but I wouldn’t be too picky about it). I’ve never been into the “mesh” WiFi networking concept because it doesn’t make sense to use the air as your backhaul (if you can help it).
What I wouldn’t recommend is buying some beefed up consumer all-in-one router. It’ll cost a fortune, your coverage won’t be as good and once it’s time to upgrade you’ll be forced to replace the entire thing.
Hopefully this helps.
- What they say, plus I wouldn't recommend Mikrotik HW, which I went with based on Reddit recommendations for much the same use case as yours. Pretty clunky to set up, had to debug some idiosyncracies with the help of the forums, their wireless gear is slow, and it all runs hot AF.
  
  How recent is your experience with Mikrotik? How old is the hardware you tried out?

Metronet will be supplying an Optical Network Terminal, probably like this one:
This is basically the equivalent of a modem for cable networks. It does not provide routing functions. You're probably stuck with the ONT they supply, but it shouldn't matter much, definitely not for anything internal.
It looks like Metronet normally supplies Eero WiFi mesh devices for home networking - are the ones you currently have supplied by Metronet? They might just replace the modem with the ONT and leave the existing Eero gear, or they might upgrade the Eero gear to support the higher speed available on the fiber network.
In any case, if you are using ISP-supplied network devices then you don't control the router, which means you can't set up things like port forwarding to access your home network from outside, or configure VLANs to segregate devices on your network, or control things like DHCP.
Technically there's no reason you have to use the Eero devices from Metronet, you should be able to plug any router into the ONT WAN port and have internet service. If you don't want to get too deep into network config, then any modern consumer WiFi router will work (but not a modem/router AIO device). If you want to have a bit more control, look for one that supports OpenWRT.

Depends on how good the ISP router is. I've had one that had most of the advanced settings available, so I didn't feel the need to change. For a while I had offloaded DHCP and DNS and VPN to a Raspberry Pi. It's very much possible to make do with the ISP router. That ISP would let you passthrough the public IP to a box on your network which lets you do a lot of stuff without going into bridge mode, so I could make my server the target while still letting the router do the routing so if my server was down it didn't take the whole network with it.
Then I got a bad one where it won't even let you set up port forwards unless the device is registered over DHCP so my static stuff and VMs didn't work. Got my EdgeRouter X back online to get my stuff done.
I do use VLANs and stuff now so it makes sense for me to use my own router. With everything getting breached these days, I have a VLAN just for my computers, another one for smart but trusted-ish devices (the TV's gotta reach the NAS), one for IoT that's completely shielded off.
What you're missing out on depends a lot on what features you don't have you could make use of. If you have like 3 devices using the network like I did when I lived alone, yeah you're probably not going to miss out on the VLANs. But maybe you want to do ad blocking network-wide. Maybe you'd want to better prioritize interactive traffic like VoIP and video calls or games. Maybe you want a reverse proxy or VPN that works even if your home server is down. Maybe you want your kids to not hog all the bandwidth. There's a lot of things a router can do.
So if the ISP router does everything you want and you're happy with its performance, it's fine. Just keep it in mind, when you start being like "I wish it had X and Y features" maybe consider an upgrade then.
If you have the option of not getting a router from your ISP, I would definitely recommend bringing your own. If they provide it regardless and you'd be replacing it through unofficial means, eh, if it works well...

I went through this at the beginning of the year, it get 900/900 fibre, settled on openwrt running on a nanopi r4s. My other options were a nanopi r6s with openwrt, or nuc type hardware/server running something like pfsence/opnsence etc. The openwrt install took about 5mins then a couple of hours of exploring various menus options etc, which I didnt end up changing.
- I’m thinking about the RS6 a lot but really want to put Alpine Linux on it if I can manage it. My reasoning is I already know how to set up a router from scratch on the command line.
  OpenWRT is probably easier but I’ve had bad experiences with its UI (and the distro as a whole) in the past, but the version of it on my GL.inet travel router is pretty rock solid though the UI still annoys me and I’d rather do most configuration via SSH.
  Does OpenWRT support multiple WireGuard interfaces and VLANs? This is kind of what I’m wanting.
  pfSense (I know, it’s UNIX) looked good on paper too but after playing with it on a VPS the UI just seemed overly complex. I don’t want to learn the ins and outs of some weird UI.

Am I likely to be annoyed about where the fiber comes into the house?
That one depends on the company installing it. When I got it installed they asked me exactly where I wanted the fiber to terminate and ran it through the house to an outlet under my desk. So let them know and they might put it where you need it.
As for the router, I recommend buying a mini PC with at least 2 Ethernet ports and 4GB of RAM and running OPNsense. It's great and will give you all the control you need. Or you can repurpose any old PC you have lying around and just add some Ethernet ports on a PCIE card.

Typically a Fiber ISP will run Fiber optics only to your DEMARC (or Demarcation) point. This will be usually where your main cable (before any splits) or DSL line used to come in (in the US they've been using Orange tubes to indicate this and it will usually run to a panel in some closet or laundry). At the DEMARC they'll install one of two things: a basic fiber to ethernet converter which will provide you a single ethernet port and a pure tap to the internet, or a Gateway device that will convert the fiber to multiple eithernet with NAT (usually providing other capabilites like TV, Phone, etc).
If you have the latter, you may not get much say in what you can do with your connection, and would be limited to a DMZ mode that is configured on the Gateway. What you put behind the converter or gateway is up to you.

Performance and how configurable things are, plus ease of use.
For instance, my default router/modem device from my ISP was super clunky and confusing. I needed to set up some custom port forwarding and firewall rules. The aftermarket router I bought was faster, had way better wireless coverage, and the UI was so much easier to set up the configs I needed.
So it's up to you, from what you said, seems like you probably would be good with the default from your ISP.

What am I missing out on as a regular internet user by using the default equipment.
You miss an understanding about what your devices do. Including the devices you got from your provider.
As a consequence, you remain clueless when your devices get attacked and taken over.
What am I missing out on as a self-hoster by using whatever equipment metronet gives me?
You miss the chance of securing your network.
As a self hoster, you are a little bit more attractive, and there are more possibilities of attacking your devices, than a typical PC or mobile user.
My suggestion is an extra router with OpenWRT between the metronet device and all your other stuff. You will get some better understanding just by configuring your OpenWRT for the first time. Their documentation is very good.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
DHCP	Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network
DNS	Domain Name Service/System
IP	Internet Protocol
IoT	Internet of Things for device controllers
NAS	Network-Attached Storage
NAT	Network Address Translation
SSH	Secure Shell for remote terminal access
Unifi	Ubiquiti WiFi hardware brand
VPN	Virtual Private Network
VPS	Virtual Private Server (opposed to shared hosting)

10 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #852 for this sub, first seen 6th Jul 2024, 07:35] [FAQ] [Full list] [Contact] [Source code]

16 comments