CeroWrt II - would anyone care?

All: I have been contemplating doing "cerowrt II", or at least, another iteration of the "make-wifi-fast" project from bufferbloat.net. It would have roughly the same scope as cerowrt had had in trying to push the future of open source networking technology forward. That said, I'm not sure what the world needs anymore!! as nearly all my main goals for the Internet at large were met by the ipv6 work, fq_codel and cake, and portions of the homenet project that made it. Those ended up wildly influential outside the openwrt world, and until recently ate all my time.

The project would run for 2 years or so. I'd try to get some research funding to carry it. (anyone know of any good sources?)

So I'm asking here - what blue sky, innovative things do you think would be useful to prototype in a separate branch of openwrt for a while? What hardware would be best for it?

I have my own private list of things I, personally, would like to work on (which I'll post in a week or so), but no clear idea as to what others might think of as important, unsolved, issues openwrt has going forward that we could make a dent in!?

Suggestions highly welcomed.

I haven't looked into the state of networking things for a few years. Not because I've been happy with my current setup, but more because I got frustrated that there wasn't any decent all-in-one hardware or an easy to piece together set of devices. Not an insurmountable problem, but one I didn't have the time/attention to work on.

Here's some high level networking things that I think could be worth investing time in, but are likely not in scope for cerowrt. Most are focused in spreading adoption or simplifying better network options for average users. Some of these might be solved, I haven't checked yet.

-Simplifying cerowrt on-boarding, starting with hardware choices. This could come from much wider device support (say by reverse engineering broadcom drivers), or very specific device support by curating an adoption guide to funnel new adopters to a known platform that supports community goals (maybe with an end-goal of having tiers of "cerowrt compatible" certification).

-Automating secure network setups for everyday users. This could come from the development of a trust system starts everything in separate DMZs then moves devices to trusted vlans over time. Or maybe a GUI that helps users build networks based on templates & device relationships without needing to know the technical details.

-Tools to help non-technical users to troubleshoot network issues related to bandwidth or router hardware. Particularly things that most users might shrug off or blame on something else. "Hey, your router has noticed that has been having difficulty accessing the wifi. Consider moving the router or setting up a mesh network" Or "From 7-9pm we notice that 4 devices are streaming at the same time and the [router wifi/internet] can't keep up. Here's some possible fixes" "There's 20 nearby networks using the 2.4 spectrum, the following list of devices will likely have connectivity issues until they're connected to the 5ghz network."

-Fallback networking to allow for experimentation without impacting other users or quick recovery. Particularly on a single device/mesh. Something that allows someone to build a test configuration, deploy it, allow users to bypass it when it breaks or when reset the router to boot into a known good configuration without losing what the test configuration setting were. (Too many times have I been prevented from cool networking setups because other users didn't have a reliable failsafe when I wasn't home if something broke.)

-Bandwidth/connectivity/usage tracking and reporting that understandable to an average user. Something to help them better understand their usage in comparison with what their hardware and ISP are providing them.

-Device location tracking and/or home mapping. "Hey router, I misplaced my tablet. Your tablet isn't connected to the network, but was last seen on the far side of the living room." Also an improved input into home automation.

-Abnormal traffic detection for every day users. Particularly for IoT devices. "Did you know that your voice assistant hub has been sending hour long streams for the past week", "I see you're setting up a pet webcam. Would you like me to notify you if someone starts connecting to this device while you're home?", "This device has started uploading multiple gigs of traffic a day which is 5000x normal."

-Home lab gateway setup for the new techie. Something for the tinkerer. Here's a curated recommended hardware list with enough compute to both run a networking stack in a VM with enough resources to try out other small VM projects. Here's the configuration changes to the primary home router needed to set it up. "My highschool kid wants to run a minecraft server for their friends and do weird things to the wireless network that I don't understand. What's a safe way to let them experiment without them bringing down the network while I'm teleworking?"

-cerowrt hotspot?

-All things mesh related.

-Bufferbloat for bluetooth or IoT protocols?

Unfortunately I haven't kept up with the state of things well enough to suggest improvements or projects at a low level. I fully expect all of these to be out of scope. Honestly, I just wanted to chime in as a way to say thanks for all your efforts so far and to encourage others to chime in.

As a parent (and hopefully later also a grandparent) I’d welcome security, isolation, recognition and control for wired and wireless clients. The majority of Internet connected users (with multiple client devices) don’t have the same understanding like we here do. I see the same at young childhood, my parents and many in between those years that struggle to understand what they need to do with a device. Once they get the hang of it, they stick to what they know and repeat their actions until they fail. With the increase I see on security issues, but also on what we should let our children get to learn first, I would focus on a single subject; security.

Now that subject alone can be as vast as you want to make it. But I love it when complex things are easy to use. So; I’d propose “security, made easy” as a start with our children and (grand)parents particularly in mind. For that to start with, we might need to start with security, isolation, recognition and control for wired and wireless clients?

As a former CeroWRT(-I) user, I really enjoyed using it. The saner firewall configuration was great, until I had to upgrade and relearn the "old way".
There are many projects that need work, but I'm not sure that another side branch would be good.

yes, I thought the firewall was not only cleaner and easier to think about, but scaled a lot better than openwrt's default. How is nftables these days? Or are people moving to bpf?

(keep the other ideas coming, folk!)

nftables is the way forward. An nftables based firewall is imminent (fw4) as I understand it, but we should absolutely be using nftables everywhere! (bpf will be by having the nftable frontend compile to bpf on the backend if anything, the nftables script language is what we're going to be using for firewalls, and don't let anyone tell you otherwise). I'm already using nftables on my firewall and it performs well and is super flexible (non-openWrt router)

I think it's pretty clear to me that the world needs ipv6 only overlay networks. I want to type in some unique UUID type identifiers of all my friends, and immediately have a wireguard tunnel between our houses using our ULA addresses. Obviously with firewall controlling what's actually accessible. I want this wireguard tunnel to keep working regardless of what happens to my friend's ipv4 or ipv6 allocation from their ISP. I want to play games or music with them without any 3rd party involved (except as transparent encrypted transport).

Also, I want an overlay network that gives me a /48 of publicly routable IPv6 that is totally independent of my ISP. Perhaps a nonprofit organization with some kind of mesh routing should provide these tunnels.

I want ipv6 multi-homing so that I can easily have the above overlay network, a commercial VPN, the ULA addresses, and two or three different ISPs all providing me connectivity, and via policy routing type considerations my router does NPT to get 1-1 prefix mappings that make everything "just work". (for example I want to use my fiber network normally, but when it goes down I want to fallback to a cable or LTE network connection without anything on my network even knowing about it, and I want to on my router using policy make all packets coming from my cell phone MAC go out over the VPN network without the phone needing to know anything).

Just some thoughts.

Keep adding them.

@kong @ACwifidude IF I were to go insane and try to push openwrt forward again, what would you want to see?

There is an open source version of tailscale now, does that essentially do what you want?

Thanks, I will take a look, hadn't heard of it.

Easy 802.11k and 802.11v support. 802.11r is one click and good to go. All assistive tech should be that easy.

@dtaht

a package for a video game setting a bit like the script for using dlakelan, it would be a great idea to develop, sqm is good for the bufferbloat but too generalist I add custom iptables to make my game more fluid, but if we would have something to push a bit like netduma does it would be great dave

I am really impressed by https://github.com/rchac/LibreQoS having got inbound shaping to work better than everything we've tried. (It just needs ipv6 support) I note also I've had some thoughts towards a smarter policer.

One click mesh with wired or wireless backbone with support for several lan/guest SSIDs and VLANs.

That is something I had in mind too, some sort of ML based traffic classifier that dynamically adjusts.

Besides that, a proper freeradius server webif module would be great, there used to be a simple one, but it has been dropped. DD-WRT has a pretty good webif page for freeradius, where you can generate server/client certs setup users and their account lifetime etc. This is handy if you want to give someone access to your wifi e.g. for 3 days or so. It can be done by hand in the configs, but that is rather cumbersome

Since home labs were mentioned I'd love to see a focus on making high speed (10gb/s+) networks work well in the home. My network in a sentence can be described as "idiot builds a 10gb/s network on a budget" and I have it working pretty well right now but I've had to learn a lot of things to get it to this point and I'm sure there's things I could be doing better.

That would be orthogonal to this thread. The biggest problem with 10 GBit/s networking is finding (affordable[0]) hardware that can be supported (x86_64, ARMADA 8040, maybe ipq807x, maybe rtl93xx).

--
[0] "idiot builds a 10gb/s network on a budget" still feels like an oxymoron, as I don't really see any way to achieve this on a home budget (capable router, switch (at least 8 ports), >=3 ethernet cards - mixture of copper, fibre and SFP+ DAC cables), yet. Sadly I'd still rephrase that as "idiot blows budget on building a 10GBit/s network", although I've been keeping my eyes open for the last ~5 years at least.

You don't need 8 ports, at least I didn't (I don't have that many devices that could benefit from higher speeds). When I say "on a budget" I really mean it. My budget was mostly blown on a switch and 3x of the cheapest 10-gigabit NICs I could find. OpenWRT is running on an X86 mini-ITX PC I built with parts I already had lying around so I'm not counting that towards the budget.

I had a lot of issues making this work reliably though. I feel like there's a research opportunity to try something here even though I'm not exactly sure what. I've done a lot of research into why TCP congestion control sucks at these speeds and cubic kept exhibiting all sorts of weirdness, eventually I came across "Data Centre to the home" and got inspired by this and my network is now running DCTCP on the router, DCTCP on Windows desktops (thank you Microsoft for allowing this to be changed in PowerShell instead of locking it to Windows Server like you have done in the past) and BBR2 on my Linux home server and desktop. I don't really know what I'm doing though, I just experiment with things and break things and eventually I come across something that works for me.

Nerds. How do y'all feel about LIFI?

802.11ax on 6 GHz should cover that base (yes, there's 802.11ad on 60 GHz, but let's be honest - no client devices, non-existent wall penetration).