LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Announcements
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Distributions

CeroWrt: Bufferbloat, IPv6, and more

By Jake Edge
August 1, 2012

The CeroWrt project is an effort aimed at helping to solve a number of different problems in current home router distributions, but its primary focus is on bufferbloat. The problem of excessive buffering of network packets is endemic on the Internet as a whole, but it is much easier to start addressing the problem at the home router end, especially considering the easy availability of Linux-based firmware distributions. Beyond bufferbloat, though, CeroWrt also enables experiments with two "next generation" Internet features, IPv6 and DNSSEC.

CeroWrt is built atop the OpenWrt project's router firmware. It uses the OpenWrt development version ("Attitude Adjustment") with extras added by the CeroWrt team. Unlike OpenWrt's extensive list of supported hardware, CeroWrt focuses on supporting just two router devices: the Netgear WNDR3700v2 and WNDR3800. Both are capable devices with free driver support for all of the hardware and, importantly, the wireless networking hardware.

The most recent release is 3.3.8-10 from July 9. There is a 3.3.8-11 version available, but project lead Dave Täht suggested that people steer clear until a problem with the 5GHz wireless AP is resolved. Installing CeroWrt is fairly straightforward, either through the web-based GUI by uploading the "sysupgrade" image, or via tftp using the "factory" image.

Once the device has been flashed, one can connect to it on its default address, 172.30.42.1. CeroWrt specifically chose to avoid the other blocks of non-routable IP addresses (10.0.0.0/8 and 192.168.0.0/16) so that it can be experimented with in existing networks. Most home networks live in 192.168.x.y space and the 10.x.y.z addresses are often used by Internet backbones. The web UI is hosted on port 81 (and only available on the inside of the network, not via the WAN) so that users can use port 80 for their own router-based web site if they wish.

[CeroWrt status]

The web UI is very similar to that of the current OpenWrt "Backfire" (10.03.1) release that I run on my venerable Linksys WRT54GL. The UI is built using LuCI, a Lua-based tool for building web interfaces for embedded devices. LuCI is noticeably snappier on the WNDR3700v2 that I used for CeroWrt testing than it is on the WRT54GL—presumably due to a faster CPU. The interface provides a great deal of status information, as well as allowing users to change various configuration settings. Everything from updating the firmware and checking firewall rules to changing DNS settings and examining system logs is available through the interface. In addition, there are various realtime graphs of system load, network connections, bandwidth usage, and so on.

The first steps after connecting to the router are some predictable things like setting the root password and adding wireless passwords, but there is another important step: enabling and configuring Active Queue Management (AQM). Essentially, one must determine the download and upload speeds (using something like SpeedTest.org) of the Internet link to plug into the web form and enable AQM. Testing bandwidth that way is static, so dynamic changes are not reflected, which is sub-optimal and the project is looking at better tests and ways to set those values automatically. It should also be noted that in limited testing, no real difference was apparent (even when copying large files while doing something interactive) with AQM enabled or disabled—more study is clearly required.

[CeroWrt traffic graph]

The wireless networking setup is rather different than what OpenWrt (at least for Backfire) provides. There are four separate SSIDs for various kinds of WiFi access. CEROwrt and CEROwrt5 provide normal access for 2.4 and 5GHz respectively, while CEROwrt-guest and CEROwrt-guest5 are for guest access. By default, they all act as open access points and do not require a password, but enabling WPA2 for the non-guest SSIDs (at least) is suggested. There are also two babel SSIDs which are there to support mesh networking.

The guest SSIDs correspond to the guest zone in the firewall configuration. By default, guest traffic can only go to the Internet, so it does not have access to other devices on the local network. That allows one to give access to visitors (and neighbors) without risking unauthorized access to systems behind the firewall. The 172.30.42.x address space is broken up in to separate sub-networks such that each SSID gets its own set of 30 IP addresses, as does each set of wired, mesh, and DMZ devices.

But the main focus of CeroWrt is to experiment with solutions to the bufferbloat problem. To that end, it uses the 3.3.8 kernel (the CeroWrt release numbering follows that of the underlying kernel) with the addition of the controlled delay (CoDel) AQM algorithm. CoDel requires the byte queue limits feature that was added in the 3.3 kernel.

But there are additional goals for the project, and IPv6 support ("make IPv6 networking in the home as simple as IPv4") is near the top of the list. While it isn't as "simple" as IPv4 (yet), the instructions are pretty easy to follow to have the router use a 6in4 tunnel, as well as to provide IPv6 on the local net. That makes CeroWrt a nice choice for experimenting with IPv6 as well, though some UI support to configure it would be welcome. There are other features to experiment with as well, including DNSSEC and the mesh networking, though I didn't try those out.

Overall, the experience of switching over to the CeroWrt-powered router was done with very few hitches—other than a balky router "authentication" web application at my ISP. The addition of 5GHz WiFi is welcome (though my ISP is typically the bottleneck anyway), as is the availability of a guest zone. In fact, I haven't moved back to the old router, though I probably will at some point so that the WNDR3700v2 can be used for experiments without upending "Words with Friends" in the other room. The router is cheap enough that getting a second (or more likely a WNDR3800 at less than $150) to replace the WRT54GL is certainly a possibility. Though messing around with mesh networking between them might still result in spousal complaints.

Täht's 3.3.8-10 release announcement outlined the way forward (or a way forward) for CeroWrt. There is lots of work to be done, but the bufferbloat projects, including CeroWrt, are not funded, currently. That is clearly making it difficult for Täht to continue working on CeroWrt—at least to the level he would like. While it appears that there are lots of volunteers and companies helping out, the overall project maintainer role is languishing to some extent.

But, as he points out, all of the CeroWrt work is being pushed upstream to OpenWrt (and CeroWrt frequently merges back as well). The two projects are focused in different areas, but there is clearly some synergy between them, which is likely to help both. It is a bit unclear when a "stable" CeroWrt release might be forthcoming, but it is pretty usable in its current form. What it most needs, perhaps, is some developer time and, possibly, some funding.

Comments (2 posted)

Brief items

Distribution quote of the week

There are a ton of reasons why Debian may have an older version of an upstream release. For example, and I hasten to point out that the following list is by no means exhaustive, and not all of the possibilities are common:

* The Debian package maintainer is dead, but nobody noticed it yet, and nobody has wanted an update badly enough to do an NMU or to adopt the package.

* The upstream release is actually a fake. It's a trojan, which was put there by the NSA in order to infiltrate the CIA mainframe. The Debian package maintainer noticed this and uploaded that version of the package to non-free instead of main, since the trojan code does not come with proper source.

* Upstream has moved the RSS feed for new releases without notifying the old feed of the move, so the Debian package maintainer missed that, and doesn't actually know about the new release. Due to a complicated series of happenstance involving rainbows, midget unicorns, and the ongoing rewrite of the Netsurf web browser, the Debian package maintainer is not able to find the new feed because it would require doing a web search and their browser doesn't have working form support now. No other browser is available on the Amiga they're using as their only computer, either.

* The new release is requested by insistent Hurd porters, and the Debian package maintainer absolutely loathes the Hurd, and will refuse to upload any packages that work on the Hurd.

* The Debian package maintainer suffers from mental problems cause by reading debian-devel too much, and now has a nervous breakdown every time they recognize a name as someone whom they've seen on the list.

* The Debian development process is being sabotaged by Microsoft sending people to the developers' houses pretending to be TV license checkers or Jehova's witnesses every time they detect, using the hardware wireless keylogger embedded in every PC, that the developer is trying to run any Debian packaging command.

* Apple is also sabotaging Debian by paying me to write snarky e-mails on Debian mailing lists to distract everyone from working on the actual release, so that we can get past the freeze and start uploading things again without having to worry that it breaks things in ways that makes the freeze longer.

-- Lars Wirzenius

Comments (1 posted)

Distribution News

Debian GNU/Linux

Debian's new draft trademark policy

The Debian project is attempting to rewrite its trademark policy to be "as free as possible" while still protecting the project's identity; project leader Stefano Zacchiroli has just announced a new draft for consideration. "The objective of this trademark policy is to encourage widespread use and adoption of the DEBIAN trademarks, styles, and logos (hereinafter ``trademarks'') while ensuring consistent usage which avoids any confusion in the mind of the users. The goal of this policy is to encourage use of the DEBIAN mark in commercial or non-commercial activity based around DEBIAN."

Full Story (comments: 5)

Bits from the nippy Release Team

The Debian release team reports that wheezy still has far too many RC bugs; "As mentioned in the freeze announcement [RT:FRZ], the number of RC bugs in wheezy is still significantly larger than would normally be expected at the start of a freeze. Please feel encouraged to fix a bug (or three) from the list [BTS:RC] to help get issues resolved in testing." They also tell us that Debian 8.0 (wheezy+1) will be known as "Jessie".

Full Story (comments: none)

Fedora

New features for Fedora 18

The minutes from the July 30 meeting of the Fedora Engineering Steering Committee show than an impressive list of new features has been approved for the Fedora 18 release. New goodies in F18 will include Samba4, the GNOME2-based MATE desktop, the Linux Trace Toolkit next generation (LTTng), OwnCloud, the Federated Filesystem, and more.

Full Story (comments: 16)

New Sponsor of Fedora Infrastructure

Colocation America is now a sponsor of Fedora Infrastructure with the donation of a server in their Los Angles data center. "We have put this server to use as a proxy and application server, so if you are going to any fedoraproject.org sites and you are in North America you will likely be accessing us from there."

Full Story (comments: 1)

Newsletters and articles of interest

Distribution newsletters

Comments (none posted)

SUSE Linux powers 147,456-core German supercomputer (ars technica)

Ars technica has brief look at the world's fastest x86-based supercomputer and Europe's fastest supercomputer—not to mention the 4th most powerful in the world. The SuperMUC, which runs SUSE Linux, is located at the Leibniz Supercomputing Centre (LRZ) of the Bavarian Academy of Sciences. "A statement issued by SUSE says that the supercomputer has a unique cooling system inspired by human blood circulation that significantly reduces energy consumption. The supercomputer is reportedly designed so that some of the energy can be recaptured and used to heat buildings at the LRZ campus. The statement also says that the SuperMUC has 155,000 processor cores capable of delivering a total of 3 petaflops of processing power. A report on Slashdot indicates that the computer has 324 terabytes of memory."

Comments (1 posted)

Page editor: Rebecca Sobol
Next page: Development>>

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds