5 worst problems of home-grade routers


During our crusade for Home Server and Beta programs we faced a multitude of home network configurations. We learned a lot, and some of that we did not like. In fact, that’s our beta-participants who did not like that, it’s just they did not know what it is until we did investigations on the failing sytems. Now we know.


Let me share a few points on how the choice of your router can impact you, not just with Windows Home Server, but with any computers, Windows or not. Ever had a complain of a child that they need mom’s computer to print a school report, because their computer “does not print”?


Routers is the most important piece of home network infrastructure, especially because most people set it right after cable or DSL modem and allow all the home machine to be connected to it. Here are in my opinion the worst things the router may do or have:



  1. Rejection-based firewall
    Some routers allow all traffic and only allow block a few specific ports of addresses. To make this worse, they may have a limited space for rules, hence allowing to block only a few ports. Fortunately they are also too dumb to be able to route incoming traffic, which alleviates most of security pains, but still leaves the home network pretty open, compared to permission-based firewalls, where all traffic is porhibited and opened for specific ports, with most popular ports preconfigured.

  2. No name resolution or name resolution that does not include local DHCP-managed hosts
    Some routers give out IP addresses over DHCP but don’t bother to provide name resolution for them. As a result, home network machines cannot access each other. You can do a few tricks using workgroups with WINS or static IPs, but it’s so better when a reasonable local name resolution is available.

  3. Blocking some internal traffic
    That’s why UPnP may not work. Not just with WHS, but also with your Roku and other media streaming devices. Devices consuming media over network depend on UPnP discovery process. It may also interfere with file and printer sharing – a bad thing on Internet but very important inside the house.

  4. HTTP Proxy and HTTP Proxy configuration
    Looks like a cool idea, right? Especially, if you can configure parental control to restrict your child browsing with it. Parental control may be an important thing, but there are other ways to implemnet it on a router. As to the proxy, you need a real good implementation, which should be also bound with local name resolution for everything to work right. It occurs that some proxies in some routers out there are not implemented right.

  5. Limited bandwidth
    This one came as a surprise to me. Early in the game we decided that Windows Home Server will not be used as a boundary machine. Really, if you put a lot of sensitive data on it, you don’t want it be directly connected to Internet. To my surprise, on a Russian forum on WHS (yes, we have one, WHS Beta was surprisingly popular there), a lot of people were asking if they could do that. When I asked why, the truth revealed itself. It happened that Windows Server 2003, which is the base on which Windows Home Server is built, is sometimes 10 times faster as a router than off-the-shelf gigabit routers. Apparently, gigabit network cards is not the only factor that defines your Internet speed.

I probably missed some problems like UI configuration usability, but it feels to me these are the big five. What would you add t this list?

Comments (7)

  1. rthomas says:

    SmallNetBuilder does a great job comparing SOHO router performance

    http://www.smallnetbuilder.com/component/option,com_chart/Itemid,189/

    I would add poor reliability, I always need to restart my router once a week, more when I do some intensive networking.

    Remi

  2. w-g says:

    Get a home router hardware such as a Buffalo router and install OpenWRT on it. You’ll be able to configure *everything* inside it (it’s a Linux box where you have root account and a web interface): http://openwrt.org/

  3. Jules says:

    I have a router that ignores the configured gateway settings for the machines on the network.  It happens that one day I wanted to set up Internet Connection Sharing on one of the machines on the net (my DSL was down, so I had to access the external world via a 56K modem for a couple of days).  However the router, instead of forwarding the packets destined for the ICS machine to it, noted that they were addressed to an external IP address and tried to forward them down its disconnected DSL link instead.  

    Or at least I assume that’s what happened.  They certainly never got as far as the ICS machine.

    Also, reliability, as Remi says.  I have to reboot mine on an almost daily basis.

  4. Anonymous says:

    This is stupid.

    Home based firewalls aren’t. They’re usually NAT boxes, so they can block everything by default. In practice, people rarely need more than a few ports forwarded when they don’t want a full DMZ.

    If Windows supported Multicast DNS, it wouldn’t require an additional broken-by-design software service to find other machines on the network. Having the DHCP server register hostnames in DNS is stupid. Ubuntu nor OSX are affected by points 2 and 3.

    And no, HTTP proxy authentication in a diskless 25mhz box sounds like a stupid idea. The real way to restrict child browsing is to sit with your child.

    About the Russians: does it really surprise anyone else that if the hardware can run Windows, it’ll be faster and more powerful than hardware that can’t? What *should* surprise you Windows fanboys is that some hardware- that can’t run Windows, is faster than WHS.

    Finally, I have deployed over fifty OpenWRT-based routers this year personally, and *not one of them* requires rebooting. I think this has to do with the fact that low-end home-use routers are intentionally crippled to underperform next to their higher-end commercial routers. It makes sense: maintaining one router-software system is hard. Maintaining two would be twice as hard.

  5. JJ says:

    "It happens that one day I wanted to set up Internet Connection Sharing on one of the machines on the net"

    I had this happen before and I was able to work around it by plugging the uplink port of the router back into itself.  This is horrible network design, but somehow it worked and it was only a temporary solution.

  6. A_me! says:

    How about including the tendency for home-based routers to automatically clear their NAT tables after about 5-20 minutes of idle connections?  I’ve been connected via SSH or telnet to a remote server and had the connection simply ‘forgotten’ by the router because I had moved on to another task for a few minutes.

  7. The most valuable issue with network is… you’ll be LOL, the knowledge.

    Could you, please, list the links to the most fundamental technology used in the network and where I could find the learning info?

    Like: DNS ->,

    When you start to think about, it clear that we know part of this knowledge just by sparadic research and struggling with problems, which is… kind of strange.

    Give people ideas what are the UDP, forwarding, ports… all those terms and technologies that are in use in networks and routers.