CeroWrt: Bufferbloat, IPv6, and more

The CeroWrt project is an effort aimed at helping to solve a number of different problems in current home router distributions, but its primary focus is on bufferbloat. The problem of excessive buffering of network packets is endemic on the Internet as a whole, but it is much easier to start addressing the problem at the home router end, especially considering the easy availability of Linux-based firmware distributions. Beyond bufferbloat, though, CeroWrt also enables experiments with two "next generation" Internet features, IPv6 and DNSSEC.

CeroWrt is built atop the OpenWrt project's router firmware. It uses the OpenWrt development version ("Attitude Adjustment") with extras added by the CeroWrt team. Unlike OpenWrt's extensive list of supported hardware, CeroWrt focuses on supporting just two router devices: the Netgear WNDR3700v2 and WNDR3800. Both are capable devices with free driver support for all of the hardware and, importantly, the wireless networking hardware.

The most recent release is 3.3.8-10 from July 9. There is a 3.3.8-11 version available, but project lead Dave Täht suggested that people steer clear until a problem with the 5GHz wireless AP is resolved. Installing CeroWrt is fairly straightforward, either through the web-based GUI by uploading the "sysupgrade" image, or via tftp using the "factory" image.

Once the device has been flashed, one can connect to it on its default address, 172.30.42.1. CeroWrt specifically chose to avoid the other blocks of non-routable IP addresses (10.0.0.0/8 and 192.168.0.0/16) so that it can be experimented with in existing networks. Most home networks live in 192.168.x.y space and the 10.x.y.z addresses are often used by Internet backbones. The web UI is hosted on port 81 (and only available on the inside of the network, not via the WAN) so that users can use port 80 for their own router-based web site if they wish.

The web UI is very similar to that of the current OpenWrt "Backfire" (10.03.1) release that I run on my venerable Linksys WRT54GL. The UI is built using LuCI, a Lua-based tool for building web interfaces for embedded devices. LuCI is noticeably snappier on the WNDR3700v2 that I used for CeroWrt testing than it is on the WRT54GL—presumably due to a faster CPU. The interface provides a great deal of status information, as well as allowing users to change various configuration settings. Everything from updating the firmware and checking firewall rules to changing DNS settings and examining system logs is available through the interface. In addition, there are various realtime graphs of system load, network connections, bandwidth usage, and so on.

The first steps after connecting to the router are some predictable things like setting the root password and adding wireless passwords, but there is another important step: enabling and configuring Active Queue Management (AQM). Essentially, one must determine the download and upload speeds (using something like SpeedTest.org) of the Internet link to plug into the web form and enable AQM. Testing bandwidth that way is static, so dynamic changes are not reflected, which is sub-optimal and the project is looking at better tests and ways to set those values automatically. It should also be noted that in limited testing, no real difference was apparent (even when copying large files while doing something interactive) with AQM enabled or disabled—more study is clearly required.

The wireless networking setup is rather different than what OpenWrt (at least for Backfire) provides. There are four separate SSIDs for various kinds of WiFi access. CEROwrt and CEROwrt5 provide normal access for 2.4 and 5GHz respectively, while CEROwrt-guest and CEROwrt-guest5 are for guest access. By default, they all act as open access points and do not require a password, but enabling WPA2 for the non-guest SSIDs (at least) is suggested. There are also two babel SSIDs which are there to support mesh networking.

The guest SSIDs correspond to the guest zone in the firewall configuration. By default, guest traffic can only go to the Internet, so it does not have access to other devices on the local network. That allows one to give access to visitors (and neighbors) without risking unauthorized access to systems behind the firewall. The 172.30.42.x address space is broken up in to separate sub-networks such that each SSID gets its own set of 30 IP addresses, as does each set of wired, mesh, and DMZ devices.

But the main focus of CeroWrt is to experiment with solutions to the bufferbloat problem. To that end, it uses the 3.3.8 kernel (the CeroWrt release numbering follows that of the underlying kernel) with the addition of the controlled delay (CoDel) AQM algorithm. CoDel requires the byte queue limits feature that was added in the 3.3 kernel.

But there are additional goals for the project, and IPv6 support ("make IPv6 networking in the home as simple as IPv4") is near the top of the list. While it isn't as "simple" as IPv4 (yet), the instructions are pretty easy to follow to have the router use a 6in4 tunnel, as well as to provide IPv6 on the local net. That makes CeroWrt a nice choice for experimenting with IPv6 as well, though some UI support to configure it would be welcome. There are other features to experiment with as well, including DNSSEC and the mesh networking, though I didn't try those out.

Overall, the experience of switching over to the CeroWrt-powered router was done with very few hitches—other than a balky router "authentication" web application at my ISP. The addition of 5GHz WiFi is welcome (though my ISP is typically the bottleneck anyway), as is the availability of a guest zone. In fact, I haven't moved back to the old router, though I probably will at some point so that the WNDR3700v2 can be used for experiments without upending "Words with Friends" in the other room. The router is cheap enough that getting a second (or more likely a WNDR3800 at less than $150) to replace the WRT54GL is certainly a possibility. Though messing around with mesh networking between them might still result in spousal complaints.

Täht's 3.3.8-10 release announcement outlined the way forward (or a way forward) for CeroWrt. There is lots of work to be done, but the bufferbloat projects, including CeroWrt, are not funded, currently. That is clearly making it difficult for Täht to continue working on CeroWrt—at least to the level he would like. While it appears that there are lots of volunteers and companies helping out, the overall project maintainer role is languishing to some extent.

But, as he points out, all of the CeroWrt work is being pushed upstream to OpenWrt (and CeroWrt frequently merges back as well). The two projects are focused in different areas, but there is clearly some synergy between them, which is likely to help both. It is a bit unclear when a "stable" CeroWrt release might be forthcoming, but it is pretty usable in its current form. What it most needs, perhaps, is some developer time and, possibly, some funding.