Wednesday, January 24, 2024

How to push data through the ether in 2024

A friend asked for what to look for in a new WiFi router. I figured other people might be interested in that answer so I thought I'd share it here.

First thing is, I VERY STRONGLY recommend that you not purchase or rent a combined cable modem/router, "home gateway"" DSL/router, or fiber adapter/router... As almost certainly offered by or provided by, your ISP.... Unless your ISP for es to use one, and doesn't let you put it into transparent bridging mode so you can use your own.

I think you should always buy your own discrete networking device to terminate your ISP connection... Cable modem, DSL adapter or fiber adapter... if your ISP will allow you to. 

Second, I generally recommend as best practice, but optional, that you use a separate hardware firewall, and wifi access point. However most people don't want to deal with the complexity, expense, and effort, of doing so. If you don't know enough networking and security to know how to do it yourself, why it's best practice to do so, and what to do when any component breaks; then it's probably not something you'll want to do.

Almost everyone is going to want the default these days, which is a combined secured router (some are actual stateful inspection firewalls, some are more basic) and wifi access point, aka a WiFi router.

Ok, so what should I look for in a WiFi router? 

Ok... first thing for Wifi routers, is that at this point (early 2024) I VERY STRONGLY recommend getting at least a WiFi 6, or better a WiFi 6e standard router (the first wifi 7 draft supporting routers are just starting to come out. They're experimental and expensive and not yet worth buying). I also strongly recommend tri-band, or quad band, with the 6ghz band (not just 2.4ghz and two 5ghz bands). 

Your devices might not support those extra bands yet, but newer devices will as you acquire them or replace older devices, and you don't want to have to replace your router again just to support them properly. 

Ideally you'll want at least 1x 10gbit port, and at least 4x 2.5gbit Ethernet ports. At the minimum, you'll want at least 1x 2.5gbit, and at least 4x 1gbit Ethernet ports. 

If you have an ISP service package that supports more than 1gbit speed, you need to make sure your routers WAN port supports the higher speed... Which is thankfully common these days. Most new WiFi routers support at least 2.5gbit wan, and the better devices support 10gbit wan. 

A dual core processor with at least 2 gigs of ram is just about the minimum, to support a half dozen active devices at 1gbit or more... Quad or Octa core, with 4gb or 8gb, is really nice to have, especially if you've got over 1gbit internet speed, and/or more than half a dozen devices connecting through it. 

Dual wan, with or without load balancing or failover, is also a nice to have feature, but not necessary; as is port bonding (using two or more ethernet ports to get higher Ethernet speed).

Mesh capability is optional, but nice to have. So are anti-malware and other advanced security options in the router itself.

VPN endpoint and server capability are nice to have, but not necessary, so long as VPN passthrough is properly supported. 

True stateful packer inspection firewall functionality is strongly recommended, but not absolutely required... And it can be difficult to figure out if a device has that capability or not. Many vendors don't specify if a device is SPI or not on their product description or packaging  Generally, if the router includes any advanced security capabilities, like content security and anti-malware, it's PROBABLY a true SPI firewall, but it may not be 

Changeable external antennae are nice to have, but not absolutely necessary. I strongly recommend a WiFi router with at least two external antennae however, and prefer at least four .. I strongly recommend against WiFi devices without external antennae, unless you're going to put one in every room or every other room, in a full mesh config. 

Finally, the ability to load alternate open source firmware is nice to have, but not necessary. 

Oh... And save yourself some pain, and choose a major first tier consumer networking device vendor... ASUS, NetGear, TP-Link, Ubiqiti, etc...  I used to include Linksys but their recent devices have been disappointing, and it seems that D-Link and Belkin are now out of the market entirely. 

Ryee is a brand that has only started appearing in the US for the last two years, so I have no experience with them... But they're a mainland Chinese company, which I generally very strongly recommend against, when purchasing networking gear (the companies I recommend are all either US or Taiwanese).