project is an effort aimed at helping to solve a number of different
problems in current home router distributions, but its primary focus is on
problem of excessive buffering of network packets is endemic on the
Internet as a whole, but it is much easier to start addressing the problem at
the home router end, especially considering the easy availability of Linux-based
firmware distributions. Beyond bufferbloat, though, CeroWrt also enables
experiments with two "next generation" Internet features, IPv6 and DNSSEC.
CeroWrt is built atop the OpenWrt
project's router firmware. It uses the OpenWrt development version
("Attitude Adjustment") with extras added by the CeroWrt team. Unlike
OpenWrt's extensive list of
supported hardware, CeroWrt focuses on supporting just two router
Netgear WNDR3700v2 and WNDR3800. Both are capable devices with free
driver support for all of the hardware and, importantly, the wireless
The most recent release is 3.3.8-10 from
July 9. There is a 3.3.8-11 version available, but project lead Dave Täht suggested that people steer clear until a
problem with the 5GHz wireless AP is resolved. Installing CeroWrt is
fairly straightforward, either through the web-based GUI by uploading the
"sysupgrade" image, or via tftp using the "factory" image.
Once the device has been flashed, one can connect to it on its default
address, 172.30.42.1. CeroWrt specifically chose
to avoid the other blocks of non-routable IP addresses (10.0.0.0/8 and
192.168.0.0/16) so that it can be experimented with in existing networks.
Most home networks live in 192.168.x.y space and the 10.x.y.z addresses are
often used by Internet backbones. The web UI is hosted on port 81 (and
only available on the inside of the network, not via the WAN) so that users
can use port 80 for their own router-based web site if they wish.
The web UI is very similar to that of the current OpenWrt "Backfire" (10.03.1)
release that I run on my venerable Linksys WRT54GL. The UI is built using LuCI, a Lua-based tool for
building web interfaces for embedded devices.
LuCI is noticeably snappier on the WNDR3700v2 that I used for CeroWrt
testing than it is on the WRT54GL—presumably due to a faster CPU. The
interface provides a great deal of status information, as well as allowing
users to change various configuration settings. Everything from updating
the firmware and checking firewall rules to changing DNS settings and
examining system logs is available through the interface. In addition,
there are various realtime graphs of system load, network connections,
bandwidth usage, and so on.
steps after connecting to the router are some predictable things like
setting the root password and adding wireless passwords, but there is
another important step: enabling and configuring Active Queue
Management (AQM). Essentially, one must determine the download and
upload speeds (using something like SpeedTest.org) of the Internet link
to plug into the web form and enable AQM. Testing bandwidth that way is
static, so dynamic changes
are not reflected, which is sub-optimal and the project is looking at
better tests and ways to set those values automatically. It should also be
noted that in limited testing, no real difference was apparent (even when
copying large files while doing something interactive) with AQM enabled or
disabled—more study is clearly required.
The wireless networking setup is rather different than what OpenWrt (at
least for Backfire) provides. There are four separate SSIDs for various
kinds of WiFi access. CEROwrt and CEROwrt5 provide normal
access for 2.4 and 5GHz respectively, while CEROwrt-guest and
CEROwrt-guest5 are for guest access.
By default, they
all act as open access points and do not require a password, but enabling
WPA2 for the non-guest SSIDs (at least) is suggested. There are also two
SSIDs which are there to support mesh
The guest SSIDs correspond to the guest zone in the firewall
configuration. By default, guest traffic can only go to the Internet, so
it does not have access to other devices on the local network. That allows
one to give access to visitors (and neighbors) without risking unauthorized
access to systems behind the firewall. The 172.30.42.x address space is broken
up in to separate sub-networks such that each SSID gets its own set of
30 IP addresses, as does each set of
wired, mesh, and DMZ devices.
But the main focus of CeroWrt is to experiment with solutions to the
bufferbloat problem. To that end, it uses the 3.3.8 kernel (the CeroWrt
release numbering follows that of the underlying kernel) with the addition
of the controlled delay (CoDel) AQM
algorithm. CoDel requires
the byte queue
limits feature that was added in the 3.3 kernel.
But there are additional goals for the project, and IPv6 support
("make IPv6 networking in the home as simple as IPv4") is near
the top of the list. While it isn't as "simple" as IPv4 (yet), the instructions
are pretty easy to follow to have the router use a 6in4 tunnel, as well as
to provide IPv6 on the local net. That makes CeroWrt a nice choice for
experimenting with IPv6 as well, though some UI support to configure it
would be welcome.
There are other features to experiment with as well, including DNSSEC and the mesh
networking, though I didn't try those out.
Overall, the experience of switching over to the CeroWrt-powered router
was done with very few hitches—other than a balky router
"authentication" web application at my ISP. The addition of 5GHz WiFi is
welcome (though my ISP is typically the bottleneck anyway), as is the
availability of a guest zone. In fact, I haven't moved back to the old
router, though I probably will at some point so that the WNDR3700v2 can be
used for experiments without upending "Words with Friends" in the other
room. The router is cheap enough that getting a second (or more likely a
WNDR3800 at less than $150) to replace the
WRT54GL is certainly a possibility. Though messing around with mesh
networking between them might still result in spousal complaints.
Täht's 3.3.8-10 release announcement outlined the way forward (or a way
forward) for CeroWrt. There is lots of work to be done, but the
bufferbloat projects, including CeroWrt, are not funded, currently. That
is clearly making it difficult for Täht to continue working on
CeroWrt—at least to the level he would like.
While it appears that there are lots of volunteers and companies helping
out, the overall project maintainer role is languishing to some extent.
But, as he points out, all of the CeroWrt work is being pushed upstream to
OpenWrt (and CeroWrt frequently merges back as well). The two projects
are focused in different areas, but there is clearly some synergy between
them, which is likely to help both. It is a bit unclear when a "stable"
CeroWrt release might be forthcoming, but it is pretty usable in its
current form. What it most needs, perhaps, is some developer time and,
possibly, some funding.
to post comments)