a companion discussion area for blog.codinghorror.com

Because Everyone (Still) Needs a Router


I personally would never buy a device which is just a router. I think it’s very pointless to have a modem and a router sitting next to each other while you can buy a single device which does the same. Sure, finding a proper modem with gigabit ethernet can be a bit tricky, but they’re there.


I suggest anyone who thinks QOS is the solution to their laggy internet read up on Buffer Bloat: http://www.bufferbloat.net/


Like Sandy McArthur just indicated, there is a problem with Buffer Bloat, and QOS alone won’t solve it for you. It looks like Tomato doesn’t have any AQM options, which would mitigate some of the problems. OpenWRT on the other hand does. For me, this is a dealbreaker on Tomato.


I’m using Victek’s Tomato RAF (mod) and I highly recommend it:

I’ve been happily using Tomato since v1.25 (2009) but after upgrading to v1.28 I started experiencing a higher rate of errors and connection drops. As a result I had to reboot the router almost every day. That’s when I found Victek’s RAF mod and after installing it all the problems were gone - after using it for about an year now I never had to reboot the router due to a bad performance yet.

The advantages of the Victek’s mod over the original Tomato firmware are:

  • updated more frequently;
  • various performance optimizations (on WRT54GL runs noticeably better than the original one);
  • contains some additional features.


$200 for a router? Ok, maybe. Unfortunately they’re asking nearly $300 for it in Australia… what the shit?

Consider that 1AUD = 1USD for more than half a year now.



do you have any suggestions on how to improve the exeprience?

Sure. To fix it, you need to look at what the intent of all these hurdles are. I’d say with about 99.9% probability it’s to prevent blog spam. Unfortunately the way it’s implemented it’s also going to exclude most users who aren’t hardcore geeks from making any comments.

The way to make it relatively painless is to do what most other sites do to counter blog spam, use a captcha (Recaptcha is nice), or simple heuristics to whitelist most posters (MSDN does this, they use some sort of Javascript probing to determine whether you’re a human posting from a web browser or a roboposter, roboposters by their very nature can’t perform enough browser emulation to circumvent any but the simplest checks). By all means keep the existing stuff, but at least don’t lock out anyone who isn’t capable of, or prepared to, jump the proxied-auth hurdles.

As a general response to authentication, http://www.scs.carleton.ca/%7Epaulv/papers/Persistence-authorcopy.pdf is hard to beat.


Power usage! On my kill-a-watt, the ASUS RT-N66U takes 5w at boot, ramps up to 7w, then stabilizes at 9w/10w while running.

That is the latest and greatest state of the art though so I expect older routers or lower end routers would pull less.

update: I also took out the old routers (yes, I still have them…) and tested them as well to full boot, but nothing connected:

ASUS RT-N16 – 5w
Buffalo WZR-HP-G300NH – 3w

They weren’t actually doing anything, so I’d add 1 or 2 watts to account for actual load in use.

So yes, there are some surprisingly big power consumption jumps as we move into more capable (better CPU, more memory, more wireless bands) routers!


I’ve just picked up an RT-N16, installed Tomato, and am comparing it to an Air Port Extreme.

My experiences with the RT-N16 so far:

Better range.
Numerous advanced features (netmasq is amazing!)
Better UI for somethings they both have (static IPs suck to setup on Apple’s router)
Slightly slower 5 Ghz wireless
MUCH slower 2.4 Ghz wireless (1.2 Mb down versus 11 Mb down)
No way to dual band 2.4 and 5 Ghz.

On the airport, you can enable both 2.4 and 5Ghz for a single wireless network and clients auto-pick whichever they think is faster. In my house that varies based on distance for most devices.

Is there any way for Tomato on the RT-N16 to use that kind of dual band instead of two separate networks and making me pick between the two?


Thought I’d throw this in: since the manufacturer-supplied firmware upgrade utility is Windows-only, I wrote up some instructions on how to upgrade the RT-N16 to Tomato using a Mac: http://blog.isaach.com/2012/06/tomato-macintosh-and-asus-rt-n16.html.



@Anon anon: The latest Tomato builds from “Toastman” DO have inbound rating limiting; I’m no really happy with my QoS setup, apart from the fact that the L7 filters are utterly incapable of recognizing Youtube videos.


After their latest Privacy Policy change and forced firmware upgrades, no more Linksys/Cisco routers for me: http://www.extremetech.com/computing/132142-ciscos-cloud-vision-mandatory-monetized-and-killed-at-their-discretion


I have to add a note here to say that Draytek ( http://www.draytek.com/ ) make (IMHO) the best routers currently available for an “affordable” price. You do pay something of a premium - a quick poke around the internet tells me the 2820n I am running is 20-30% more expensive than the ASUS box Jeff is singing the praises of (here in the UK, at least) but I think it’s worth it.

You get all the stuff you’d expect from a premium-ish product like this (QoS, VPN server and client, extremely granular firewall etc) plus, depending on the model, a couple you maybe wouldn’t - multiple WAN ports (ethernet, DSL and/or a mix thereof), and a USB port to which you can connect a 3G modem for additional WAN failover or a HDD for network storage.

In terms of reliability, I have now in my professional capacity installed 70-80 Draytek boxes, only one of which has ever been properly bricked and that was entirely my own fault.

Draytek are a German company and the firmware is closed source - very much nicht für der fingerpoken - but they maintain updates well with regular firmware updates, sometimes until long after the product has been retired from the market.

I know many of you here will be avid SO/SF/SU members and will like the idea of using open source firmware because it gives you the option to… well, let’s be honest, bugger about with it and find new and interesting ways to break it. While you can’t pull the firmware source itself apart, you can bugger about with all sorts of don’t-touch-me-or-you’ll-break-stuff type settings through the (admittedly not very intuitive) telnet/SSH interface.

All-in-all I love these things, but here is a more or less complete list of stuff I don’t like, just so no-one can say I didn’t warn them.

  • The web interface can be very slow. This is just the built in web server being a little bit crap, the routing functions themselves leave nothing to be desired.
  • The wireless on some of the older (b/g) models could be a bit flaky. I have not had any problems with anything since they started supporting 802.11n. Personally I use separate APs as I don't like to give my routers too much to think about - I'd rather they just be left to get on with the job of routing.
  • Similarly VLANing on some of the older models was flaky. Again, no complaints in this respect on recent devices.
  • You can't configure a full set of custom DHCP options. There aren't many (any?) SOHO routers on which you can do this, I just remember the good old days when everyone (I) used Netgear DG834s and you could just hack them and configure them however you wanted because they were running dhcpd underneath.

OK, gush over. Now go save up your pocket money for a few weeks and buy a Draytek!

On a side note, @Dummyacctforsso I’m willing to bet that at least 50% of new arrivals to codinghorror are either coming from StackExchange or at least have an account with SE. And since SE is an OpenID provider ( http://blog.stackoverflow.com/2011/05/stack-exchange-is-an-openid-provider/ ), I had no problems whatsoever signing in for the first time within about 20 seconds. I am sorry to hear you are so disenchanted with OpenID and I agree that there are currently far too many providers and not enough consumers, and a lot of those consumers are making life a lot more complex than it needs to be for their users. Still, I hope you’ll get on board with the OpenID idea, it certainly can work and I think the biggest challenge is probably education rather than implementation.


Thanks for knowing me and your other readers know your power consumption results.I would never buy a what is only a router. I think it’s very unnecessary to have a modem and router sitting to you can buy a single device which many be the same. Sure,so find the modem with gigabit ethernet can be a bit tricky.mmorpg


There are some easy steps to follow outlined in this article http://heresjaken.com/home-router-setup/ i found.


Thank you so very much for this post. I’ve had a flaky router for a while and was looking for a replacement. My RT-N16 arrived this evening and I had it flashed with tomato and up and running in less than an hour.

The QoS has been a dream (I’ve been looking for this for a while) – my Roku didn’t miss a beat tonight watching Sherlock on Netflix while I was downloading something on my desktop in the background.

Tomorrow I’ll try getting my OpenVPN stuff moved off my desktop and onto the router (I flashed the ASUS it with the VPN version of Tomato). I’ve already verified that my dyndns.org account is being correctly set by the router, and the rest looks straightforward.

Thanks again!


Interesting post. It’s funny reading how much of an impact the hardware setup can have on everything. Last year I went to a router review site (http://www.bestwirelessrouter.com) and ended up getting one of the most expensive routers available (noob mistake) only to have to be disappointed with performance.

I wish that your approach to increasing performance was more of a priority for the companies selling this hardware since most people don’t have the tech savvy to do what you were able to.


Anyone who has an Asus RT-N16 should check out EasyTomato (www.easytomato.org). It makes the install process a breeze and is a great way to ease into running Tomato (plus it has all of the advanced features of regular Tomato)


So it’s 2014 now, I’m wondering if anyone has an opinion on how things have changed since this post in 2012.

Are the models here still recommended? Is there a cheaper way to get 5+ devices on wifi throughout a large house?

Is there anything in this post that was true when it was written, but is just false now?


Minor nitpick: Tomato isn’t fully FLOSS. The backend is free, but the frontend seems to be propietary (at least according to wikipedia).

That aside, I tried a few of these firmwares back in the day, and IPv6+NAT64 (and DNS64) seemed to be inexistant in any of them, so I went with a very small, dedicated OpenBSD box as a router, and just kept an OpenWRT router for AP.