I wish. I own my own modem and router, but Comcast won’t let me use them unless I pay a whole bunch of extra fees or accept a stupidly low monthly data cap. I’ve got my router downstream of theirs which is a bit annoying, especially considering their modem-router combo overheats and needs to be rebooted via unplugging power at least once a month.
Sadly I have no other options here in San Francisco. My house is not wired for phone service so I cannot get DSL. The various fiber services that are becoming more available in San Francisco are generally only available downtown or large apartment buildings. My freestanding house can’t get any of that. AT&T‘s new fiber doesn’t connect to me either. And webpass doesn’t have a good line of sight from my location to any of their microwave towers so I can’t get that. It is Comcast or nothing. It always amazes me that San Francisco is supposedly the tech capital of the world but internet connectivity here is worse than rural China. (And that’s not an exaggeration, I’ve spent plenty of time in rural China and in the mountains there, both the cellular and hardline service is infinitely better than San Francisco, aside from the firewall issues of course)
…I guess that turned into a bit of a personal rant but holy crap how is it 2025 and this is still a problem in a major tech city?
This is why the market needs some regulation. Here in The Netherlands, ISPs are required to offer free (as in freedom) modem/router choice. Not only can you replace the router, you can even use your own XGS-PON/AON/etc. SFP(+) module.
For a while I had fiber running through an XGS-PON SFP module in my own Fritz!Box. Now I use the provider's ONT (which is just a fiber <-> ethernet media converter) hooked up to a Unifi Cloud Gateway Max.
Plenty of folks here that have their UDM or OpnSense box hooked up directly to fiber with a Zaram XGS-PON module.
Also, I am sorry you have to deal with caps. Data has been unlimited here ever since we switched from 56k6 to ADSL. (I also have unlimited 5G for 25 Euro per month.)
You could also solve this with competition. If there were 10 ISPs it would be disadvantageous to give your customers reasons to leave you. Why aren’t there more ISPs? Maybe too many regulations. It is trivial to lay cable, except of course all the permits.
Or maybe it's an oligopoly where the incumbents have carved up the market and stopped competing, milking their customers instead.
Broadband is then extra special if you let the ISP also own the infrastructure as everyone has to reconnect their service to every house instead of one company (or forbid, the govt) owning the pipes and several companies competing for providing services over those shared pipes.
Imo the competition model doesn't necessarily (always) work that well for infra.
Because it's illegal to dig up the road without a permit and they won't give a permit to install new fiber when the road is already full of perfectly good unused fiber. They only grant one of those the first time.
Here in Germany ISPs are also required to let you use your own router for free.
So instead of making you pay for that option they increase the base price and the provide discounts if you use the provided router. In the end you still end up paying more with your own router than with the provided one. And will probably have a worse support experience if there are ever any issues.
Do the laws in the Netherlands have teeth against such shenanigans?
Best to ask in some local forums. E.g. the Zaram XGS-PON SFP+ module is popular among Dutch KPN users. There is also some cooperation between e.g. KPN (Dutch ISP) and Zaram to make it well. Also popular is the Fritz!Box Fiber 5090, which comes with a module (though currently max. 2.5Gbit). For other modules, AFAIK they need to be set up with the right slot ID of the provider, etc. But the locals will know.
If you happen to be in the Netherlands, some of the KPN tech staff hang around on the Tweakers.net forums. They help a lot of users there who want to go down this road.
Manwhile i live in a rural area 10kms away of a little town in the south of Chile with FTTH with 1gbit symetrical with Static ip address really unlimited (no CAP of anytype) with one deco for my tv for 24 usd a month with an installation that cost me 30 usd. Should i add i hace to use rainwater because no potable wáter Is available?
Same here (except Chile). It's weird/sad/expected because of Comcast & others that the US are still not reliably connected everywhere. From the country that brought us the internet!?
In my (European) country, you have to live in a swamp far away from everything to not have FTTH legibility, in the same ballpark prices as the comment above.
Static IP as a (free) opt-in.
That explains why you can't get decent service in rural Montana, but not in San Francisco! The best fiber services around (other than Google) tends to be the municipal ones that don't give one of the big operators space to pull their bullshit though.
I live in SF and Comcast doesn't charge me to have my own router.
I pay $130 for 1.4gbit and unlimited data. It's expensive but I also have no other choices. Sonic stops only one block over and we haven't been able to convince them to wire up my block.
I'm guessing a 5G mobile option is too expensive. In the UK I have a 3Mobile (Smarty unlimited data) 5G connection, using an MC801, for £20/m and I get around 1gb/100mb with it - until the tower hits a busy period, then it drops to about ~500mb/20mb
I'm in the Bay. My only reasonable options are Comcast cable and T-Mobile 5G. I had enough problems with Comcast that I went to 5G, and it's ... fine. The bill is $5/mo worse than the alternative, but there's been zero extra billing bullshit, so my actual internet expenses are slightly less than normal and don't involve 20hrs on hold every year.
The quality of service is the real problem. When the tower is busy (happens at least once a week), I usually drop to 30Mb/30Kb or so, which is little enough upload that even download-intensive applications often struggle. Plus, the jitter is terrible, latency is slightly worse on average, and 3 times so far I've had internet effectively down (spotty connections in the 1Kb/1b range) for days at a time.
Interestingly, "predictable uptime" is something I care about and is much better with T-Mobile. With Comcast I'd have at least one hang every 10 minutes or so for multiple seconds on an otherwise perfectly functional connection. With T-Mobile, it's either down for days (tower maintenance) or up (perhaps slow, but definitely up). That makes all sorts of near-real-time activities easier to coordinate.
I'd probably do it again (I don't think I actually have any options unless I get off my ass and finally sue Comcast), but it isn't a clear win.
I have 5G for home internet, and it's $55/month, including taxes. I get 100 to 300 mbps, though during lunch on weekdays that can slow to 50.
There are two other 5G Home Internet providers in this state. One wants $100/month for 5-100 mbps. The other won't let me sign up because it doesn't have the capacity where I am.
I live in San Jose and Comcast shouldn't charge me for my own router, but every couple of months the "equipment hire" charge appears on my bill again and I have to go through the song and dance of calling them again and getting it removed.
I also pay a little more than $130 for gigabit with a 1tb limit.
Ouch, I think a limit would drive me crazy. I pay $110/mo for FTTH, 1Gbps symmetrical, unlimited bandwidth, static IP (by default you get CGNAT), ISP (MetroNet) provides the modem, and I use my own router.
For fiber is it popular to use your own modem? I always bough my own cable modems (Surfboards) but once I switched to fiber I didn’t really investigate it. As long as the ISP gives me a “clean line” out of the modem then I’m happy.
I use about 4TB of download and 4TB of upload a month on average so a 1TB limit feels incredibly limiting.
I’m in Lexington, KY which can account for it being cheaper but if you told me 5-10 years ago that KY would have better internet than SF/San Jose/etc I would have laughed in your face. I also can get 2Gbps/1Gbps for an extra ~$30/mo but all my equipment is 1Gbps max so I haven’t considered upgrading until I do a more general refresh of my network hardware. I think they have 5Gbps (not sure the upload speed) coming soon but I haven’t followed it closely. And yes, I realize I could benefit some from having 2Gbps Internet, even if most of my equipment doesn’t support it because I could use some of it over Wi-Fi and the rest of it hardwired. My eero does support 2.5Gbps, just nothing else in my house does more than 1Gbps.
That’s also insane to me, I’ve spent quite literally my entire life chasing faster internet speeds and always paid for the best plan available (aside from 10x priced business plans) and now I’m passing up a 2x download upgrade because what I have works great.
I'm surprised by this, is Comcast super regional with it's restrictions? I have a Comcast 1gig plan in the Bay Area, and last I checked I get a small ($5?) discount for using my own modem. I've been on the plan for a least a few years now... so alternatively maybe I'm grandfathered in or something? Or maybe some Comcast sales person was lying to you about your options?
My experience in the Bay Area - if you rent the gateway from Comcast ($25/mo) then you have no data cap. If you use your own modem and want to remove the data cap it costs $30/mo, more than renting the gateway. The data cap is 1.2TB per month in my area.
I think that is what the commenter meant: "...unless I pay a whole bunch of extra fees or accept a stupidly low monthly data cap"
(edit: I initially thought it was $15/mo for the gateway + no data cap but just checked and it is $25/mo. They are called "Xfinity Gateway" vs "xFi Complete").
Tell them it's a home office and get comcast business. There's no data caps on any of the tiers and they allow use of any modem on their approved list.
My current residential price is $65/mo for 500mbps/20mbps. Business is $120/mo for 500mbps/200mbps ($105 for first 24 months). I wouldn't mind getting a bit more sweet sweet upload. Maybe I will!
There is also "gigabit pro"/"gigabit x10" where they run fiber to your house. That is $350/month for symmetric 10gbps. Lots of limitations on availability and a big install fee, though. Gotta get the other half on board with that ;-)
I always wonder what are some ways to put 10 Gbps (well, even 1 Gbps) to good use in a home setting, beside marginally lower ping times. I'm not saying such uses don't exist, I'm just curious to know.
For me, the big win is everything being snappy and never having contention on my Internet connection. Maybe I could do with 500Mbps up and down just fine instead of a gigabit but I almost never hit the limits of my connection and that’s an amazing place to be. When I do hit the limits, it’s when I’m downloading a huge file and I’m very grateful for the speeds I have.
I’m not the first one to say this, but often it seems that faster Internet speeds have enabled completely new use-cases and applications that sometimes weren’t even obvious until a critical mass of people had the faster speeds.
Competition matters. Comcast/Xfinity was my only "choice" in Cambridge, MA. It cost about $70 per month for 100Mbps service.
My building in Oakland, CA has multiple options, including fiber. The Comcast folks setup tables at least once per quarter to help customers/residents. The cost was much cheaper. I now have gigabit fiber from Wave, and pay less than I did back in MA.
The crappiness of national ISPs is a feature, not a bug. ISPs have lobbied at state and federal levels to get their way. In many states, they have lobbied _for_ the ban of municipal ISPs.
Then between major ISPs they have under the table agreements to avoid competing in certain areas. This impacts all types of residential areas - suburban, urban, and rural. I believe it’s much worse in rural areas.
Why bother with providing good customer service or improving? They know you have no other choice.
Cellular networks functioning as ISPs have provided _some_ relief in this aspect but comes with its own drawbacks (congestion can get bad and you get throttled, and latency tends to be shitty all around).
The ideal municipal ISP I have seen is in Chattanooga TN. They (EPB) offer _residential_ customers symmetrical access starting at 1000 Mbps, up to 25,000Mbps. [1]
The 1gig plan is cheaper than GFi er and 2.5G plan is competitive.
Plus this money is kept within the ecosystem of this area. Creates high paying jobs. Profits reinvested into network rather than stock buybacks or some C-level executive that “super commutes” in a private jet.
I remember, they took the money for delivering fast internet then lobbied to change the definition of “fast internet” to specs they already provided. So the government investment became profit instead.
It kindof depends when a country did its investment into Internet infrastructure. More western countries did it first and are now stuck with older technologies that limit speed and capacity, where as the less modern countries put that investment in later and therefore have newer technologies like fibre.
Once an investment has been made it's hard to justify making another large investment, or if one is being made it becomes very political and captured by vested interests.
More western countries did it first and are now stuck with older technologies that limit speed and capacity, where as the less modern countries put that investment in later and therefore have newer technologies like fibre.
This is not necessary. These countries are also very rich and can afford to upgrade infrastructure. I am in The Netherlands and have 4Gbit fiber. At the end of 2024 there were 8 million fiber connections, whereas there are 8.4 million households. Heck, even my parents who live in a small remote village can get multi-gig fiber (though they are happy with their 100MBit).
Germany? We lived in Germany for five years and internet-wise it felt like going back to the stone age. We paid extra to get 20MBit upstream, but on Saturdays, you'd often only get 1MBit (more downstream of course). Cellular reception was crappy in much of the country (even inside larger cities).
We left Germany in 2018. We have unlimited 4Gbit synchronous fiber and unlimited 5G.
It's better now in Germany.
My parents life in the country side and got fiber about one year ago.
600/300 MBit/s for 60€.
Not cheap but very stable and always delivers.
I use Vodafone Cable 250/50 MBit/s for around 25€ (discount for new customers).
Not very stable but good enough.
1000/50 MBit/s is available but costs 50€.
If you live together with someone you can always switch the contract taker and thus always get the "new" customer benefits to save some money.
I don’t think there is any such law, not that I could find. Telekom refuse to make the connection. They say that if it isn’t there when the apartment is built a new one can’t be added. I live in an attic conversion
I just checked.
There is no right to a land-line but a general right to being connected.
So somebody has to provide you a connection.
If nobody does you can message the "Bundesnetzagentur" and they will oblige a provider.
In Germany you sign a contract and it is hard to get you out. The rent increases very little while you are there. When you move out they do a quick renovation and charge double or triple the rent you paid.
We used to be stuck with Comcast, but we had no trouble using our own modem and router.
We moved from lower Nob Hill to Russian Hill and were finally able to get fiber from Sonic. We went from ~300Mbps down to 1G (more like 750Mbps) and from $137/month to $50/month. Oh and it’s symmetric, very much unlike cable. So happy to get rid of Comcast.
I had a similar problem with having to deal with an ISP provided modem, and solved it in the stupidest way possible: xmas light timer to reboot it in the middle of the night. It's set to go off for 30 min then come back on. Sadly, I've had this up and running for years...
Just accept that xFi, the $30 additional fee or whatever it is, is just part of the price. If you’re not a normie you should probably just pay it and get a decent experience. Comcast is a monopolist but there are worse experiences out there than 1.4Gbit down/50Mbps up.
Interestingly, in my part of Los Angeles, the single family homes all got fiber well before the apartment retrofit. It took me joining the hoa board and a year to jump through the hoops for Frontier fios retrofit.
> needs to be rebooted via unplugging power at least once a month.
This (or a memory leak, anyway, something) is why I have my ISPs modem (I luckily can disable the router part; I think that might actually be EU mandated) on a smart plug. When my internet fails, I check to see if the modem is reachable, if it’s not, I go to Home Assistant, turn it off for 10 seconds and then turn it on again.
I guess I could automate it, but every 1-1.5 month is not enough to make me bother.
I have my own router, but use the ISP's modem. The modem is also able to act as a wired router and Wi-Fi router, but I set it to "bridge mode" to disable the wired NAT so that I could use my own router instead. (When they replaced the modem, I did tell them to enable bridge mode, and they did that, so that is not a problem.)
I just moved to Oakland and pay $50/month for 10 Gbps fiber with Sonic. I thought that was just the norm here after staying in a few SFH BnBs in the area that all had the same. I’m kinda surprised SF doesn’t have better connectivity.
Is the issue just a matter of different regulations increasing cost of installations between the bay?
Check out MonkeyBrains? It's wireless broadband and they have LoS to many parts of SF. I used them back when I lived there (admittedly some time ago) and I had no complaints. Very much a small ISP with personalized service.
It can be fiber speeds! I had symmetric gigabit with MonkeyBrains for 3 years.
It just depend on the size of their install; I was in a relatively large apartment complex so they invested more in bigger(?) antennas.
starlink has the opposite for ipv6, if you want to assign your own ipv6 addresses, you have to bypass the starlink wifi-router. ipv4 is still cgnat, but having a real-life routable IP (v6) address is nice.
Have you considered Starlink? You might give up some speed, but it is a fantastic bypass for monopolist bullshit. All the providers in my hometown wanted to charge my parents five figures to run something that wasn't 20-down copper, so they bolted a Starlink dish to the roof and got ~250 symmetrical (IIRC) pretty much constantly.
The part about a cockroach colony is a bit unfair.
Insects love electronics, with the heat and noise they generate. And when electronics sit in storage for a long time, the critters can crawl in from neighboring items.
This is just as likely to happen with a non-ISP router.
Ok, in all fairness I don’t have any stats to back up that claim. But nobody else does either.
That open source router you love so much may have been sitting in storage even longer.
I have mixed feelings about ISP routers, and ISPs in general.
But insect infestation is a serious issue in consumer electronics and has nothing to do with ISPs.
I agree with the take, unfortunately the new construction with Fiber to the home, this becomes less and less feasible, since ISPs expect to have routers with the fiber cable input as WAN port.
This is the case of Iliad in Italy.
In Germany you have FTTH installations where Telekom puts a mini Fiber Gateway in your home and an extra router dials with the credentials to access the internet. In this setup, you can use OpenWRT or other routers, rather than the Fritz!Box or the Speedport routers.
As long as there's a reasonable way to get an SFP module, there's a good amount of routers with those sockets and I can get a gigabit media converter for $20.
The linked article is about a live cockroach colony in the package when it was delivered from their ISP. If that went unnoticed, what would you think about their supply-chain security?
If you get insect-infested packages from wherever you get your electronics, you should switch suppliers. It is not normal.
I once got a Sprint magic box full of cockroaches (not a router but a sort of femtocell that used another tower for backhaul). Thankfully UPS threw it out in the snow and I didn't discover it for a few days so the roaches froze to death.
So yes, ISP routers and associated equip I do not recommend!
In similar news: The German regulator (BNetzA) just re-confirmed two weeks ago [0] that passive optical networks are not exempt from § 73 (1) of the TKG (Telecommunication law) which mandates that the interface between provider and customer is required to be a passive interface (i.e. mandating an ONT is already in violation of that).
And that is fine. The different PON standards are reasonably well standardized and can operate in these standard modes for most equipment manufacturers. The NSP may lose some proprietary features, but the past has shown that equipment manufacturers have adapted for the German market accordingly.
The law does allow exemptions, mainly if required for access technology reasons, but clearly states that even in that case the device that connects the end-user devices to the service (i.e. router) cannot be mandated by the ISP. They can provide one, but they cannot prevent you from connecting your own.
Some of the comments here about ISP behaviour are crazy. Australia has had our fair share of fucking up the national internet infrastructure but at least I can pick pretty much any ISP and use any router I like. Haven't used an ISP supplied router in something like 15 years.
All over the US I have always been able to use my own cable modem and router. OPs situation is unusual, I am guessing its some bundle they have for a discount but if they were paying standard (ie ripoff) rates they could use their own equipment.
This thread made me realize dslreports.com has "closed".
Used to be you could find out there what works and what doesn't down to the chipset variations. My experience was same as yours, as long as I matched provider capabilities, it worked.
> This thread made me realize dslreports.com has "closed".
Yeah. I saw it mentioned in a response to Karl Bode (TD). Sorry to see it gone.
I joined in DSLR in 04 and dumped more hours there than anywhere else, ever. It wasn't the same after the database crash in the mid 10s. When they shuttered the new-music thread, I finally moved on.
I've never had an issue with using my own hardware here. It's definitely one of the only good things about australian internet.
Regionally is a total crapshoot as to ISP choice, in my experience. Even in the massive regional cities it's often appalling. People living in rural or remote areas might as well not exist. If I moved somewhere that only telstra serviced I'd seriously consider just not having internet at all. It's roughly equivalent in internet access as paying telstra but it sure is cheaper!
> Some of the comments here about ISP behaviour are crazy.
It depends on the ISP. Over 25 years of IT support I've had to fight with about 30% of them to bring in my own device.
Most notable screwery was with Verizon DSL. They'd lease a new public IP every time we tried an incoming connection. As fast as I could record the new IP in the remote config and reconnect - my IP would change. I was able to push it past six changes/min.
I mean technically in Australia these days the nbn box is the "modem" for all intents and purposes, if you have fttp.
You don't actually need a secondary modem and can plug your pc directly into it, takes a lot of the pain out of it and reduces the need for ISP supplied modems.
AT&T Fiber's routers have, in the past, had a tendency to overheat, offered false promises like "DMZ Plus" mode and have had a host of issues that led to a black market of people selling stolen AT&T certificate files [0] on the internet so you could bypass them, because they use 802.1x between their "Router/gateway" combination device and their ONT, when they're separate devices. The AT&T XGS-PON network is mostly coupled now, which has led to another group of people now creating compatible SFP+ modules to replace the entire GPON stack because of this.
I could be wrong, but I think AT&T Fiber is the only US ISP that doesn't even allow you to directly connect to their network. If you use any of their provided routers, they only offer "DMZ Plus" mode that still leaves their router/gateway managing state tables, which is vulnerable to hardware and software issues from the ISP. This leads people down the path of programming SFP+ modules and spending a lot more time than they should have learning about ISP networking, just to have a safer router/modem.
[0]: Due to security issues in the router/gateway firmware, various people have published guides and/or run actual businesses shucking routers/gateways from AT&T by exploiting them, grabbing the certs and private keys, and then re-selling them to people who need them. These don't get you free access to the internet or anything, they just let you authenticate to the network with your own device.
As someone who has done this I take issue with characterizing the certificates as stolen. I exploited a security vulnerability in the device's web UI to extract them, from a piece of equipment I paid for. Its my equipment the provider required me to buy it for service, I can do with it as I please.
I would be in agreement with it if we were using all this to steal service, we just don't want to use their unstable and unacceptable equipment.
Having recently cancelled AT&T fiber service, their router (Arris BGW210-700) was definitely still AT&T property and they seemed to have every intention of collecting it from me. They had been charging $10/mo "equipment rental" fees for the entire time.
When the prepaid shipping box never arrived, I called them and inquired. The representative told me that, since it was 5+ years old, they didn't want it and I should throw it out as e-waste. I still have it in a closet somewhere.
Might be a regional difference, but in my case I never felt that the box was mine.
Oh, absolutely. Even on just that last issue of cost, buying my own cable-modem paid for itself long ago, compared to the "rental" cost from my ISP.
On that note, it's better to buy a router separately from the modem. All-in-one devices are harder to diagnose and you can't reuse the router with a different connection type.
> The ability to update the firmware may also be locked down. You should have full control over firmware updates.
Bizarrely, for DOCSIS modems, even if you buy your own modem, the ISP has control over firmware! They can (and do) push any arbitrary firmware to your modem. The manufacturers go along with this for some reason.
So make sure to separate your modem and router too.
Yes it's key to separate both, but regardless they know DNS queries + can see all http traffic and TLS handshakes will reveal (in plaintext) the name of sites connected to. So basically... they know very well where you go, they just don't always know (sometimes they do) what is being transferred there.
Conversely, by using their router and modem you move the demarc to the Ethernet port on the inside of the router, which makes getting support significantly easier. I care about that more than control. And I know damn well they ain’t got time to spy on me. Just because appeals to authority are fun, I spent decades as a network engineer and then architect.
> move the demarc to the Ethernet port on the inside of the router, which makes getting support significantly easier. I care about that more than control.
> I spent decades as a network engineer and then architect.
As an engineer, you've no interest in hosting your own services?
I used to run my own DIY router setup for about a decade until I realized it wasn't adding much value anymore.
Anything that needs to be visible publicly I just throw on a VM in the cloud these days. Keeps my home network "normie proof" and calm. Anyone visiting can find the modem, locate the password and get online without forcing a 45 minute IT change order circus in my own home.
Not at this point. Because it’s not _my_ service. This home network is also used by my wife, by visitors, and by my kids if I had any. Earlier in my career I was using home labs to learn and that was fine. Nowadays I really don’t want any more weekends where I had intended to do nothing or something not related to technology and find myself having to fix something that’s broken for others.
I’m fortunate enough to have fun at work, that may well be part of it.
If only someone standardised a router layout with customer-owned and provider-owned modules and a neutral, state-owned, bridge hardware. Similar to how TVs deal with conditional access. And no, SFP ports are not a solution to this problem, because they only have 1 plug each side.
My ISP sent over a Fritz!box (though they offered a "bring your own" option as well). It came preconfigured for my ISP.
I turned off remote access and TR-069 through a toggle in the settings, then changed the admin password. Really, that's all you need to do to take control of one of these routers.
There are good reasons to dislike the AVM routers, but their software is actually pretty solid in terms of customisation and network security. It's not a bad device, and the large scales ISPs can order them at they can be had for a significant discount as a rental compared to buying your own in a store.
One of my employers once ordered a pallet of Huawei routers. They turned up with a custom firmware provided by a different ISP. It was completely locked down, and only configurable via TR-069 and some proprietary Huawei ONT magic.
I also had a customer once that deployed a series of routers that were cloud managed only via the ISP. Not even TR-069 but they just did DHCP and phoned home via a proprietary protocol. Magic my customer said, he can just reboot customer routers remotely. The company that manufactured that router went bust 8 months later, leaving a bunch of preconfigured routers without a cloud portal and no path forward. Surprised I havent seen a DNS hijack published for them yet.
> Really, that's all you need to do to take control of one of these routers.
All major ISPs in the US do not do this, e.g., AT&T, Verizon, Comcast, Frontier, etc. You might be right for some ISPs that are nicer, but this advice is completely ineffective for most US consumers.
There are some hacking tools for Fritzboxes out there but Avm themselves are pretty good at supporting their hardware for a long time.
The 7490 was released in April 2013 and just received another security update (January 2025).
Quite a long support time.
To me they seem to be the best standard solution that can also be setup by a "beginner" user.
I run my own homelab and have a Ubiquiti gateway (UDM). I would have loved to have the fibre connection come directly into my box uninterrupted but the ISP's modem is required to associate the connection with my account (or something to that effect). Deeply disappointing.
More and more I see articles and videos about programmable SFP modules which can be used to directly connect devices like UDM to GPON/XG(S)-PON networks, completely bypassing the ISP provided ONT.
You may well find something that fits your situation with a little searching.
I have looked into it but I'm a little nervous to touch the hackjob fibre install they did and they cut the cable WAY short. I even asked the tech to leave cables as long as possible but
FWIW their box isn't bad once you put it in bridge mode. I have 10gig on my lan and 3gig to the edge and the connection is impressively stable at 3gig. I get 1 ping sometimes when playing Fortnite -- I'm on Vancouver Island. Comical if not inaccurate.
My only real issue with having their box is it sucks maybe 30watts ... Removing it would give me an extra 20 or so minutes on my UPS.
Funnily or tragically enough I opted for the 3gig service from my provider and they require their modem however the same provider on the 1gig service supports using your own ont so long as you use their gpon / SFP whatever.
They tried this with me once. I told him to get a modem from the truck and try it. The issue remained, so the excuse was busted.
That said, I have run into issues where the ISP will upgrade the speeds and it will be beyond what the modem or router can handle, and as a result the speeds dropped dramatically. In those cases, I did need to hardware, but was still able to get my own.
You have to be careful with that too. I had a tech come out to fix what ultimately ended up being a faulty ONT and doing the same thing, hooking his test modem up to the line to make sure it wasn't my router causing the packet loss. Next month my bill was double because Verizon claimed I had a second line attached, apparently the tech's router registered as a second device. Thankfully tech support was able to reverse that charge, but it was annoying.
The median consumer for an ISP is someone who pays for a service and asks for the wifi password printed on the back. Thats about it. Maybe they change the password through the app (TR-069) if they want to change it later. Having something like this working 24x7 while also being able to afford to run a cable to the home is quite challenging. I hate pretty much most ISPs for having a good service but terrible equipment. But I know most of my friends and relatives really don't care. They just want to use it for work or browsing / binging and thats about it. With fiber this is more messed up because now they are being sold gigabit plans when in reality a 100-200mbps connection would be enough if the home was wired correctly and all devices received a good wifi connection with a good router connected to some APs / mesh with maybe something like SQM.
Getting rid of a GPON router can be challenging now that everyone is moving to fiber.
-For one, you could get banned for having a problematic transceiver.
-You might be able to spoof the SN and even MAC and PLOAM password but even then there is a GPON ONU and OLT incompatibility problem. Nokia OLT for example can be notorious while some OLTs only work with their own brand ONUs.
-Finding the correct VLAN is also tricky and sometimes different VLANs are used for different services like POTS which means your GPON bridge needs to be able to do correct pass through after registering instead of registering on just one VLAN.
ISPs should just provide a GPON SFP bridge to consumers with the router it plugs into that has a TR-069 configured so that the ISP can also swap routers as and when they get upgraded while keeping the SFP bridge constant as the cost of router would then decrease without having to need a GPON ONU to be built. Not to mention the software gets less complicated without GPON on the router end.
Unless they come up with a BS security excuse, like cert based auth to their network, which means they claim they cannot offer people to BYOE. I bought an old DSL modem off eBay some years back and tried to get AT&T to waive the rental fee (honestly thinking I was in the clear).
They were not having it. I filed an FCC complaint and in a few days got a call from the office of the CEO saying the equipment was still technically theirs and "gray market" and they could sue me if they wanted. I did get that rental fee waived.
I got off AT&T as soon as humanly possible after that. I used to think they were less shady than Comcast, but now I know otherwise. Comcast, for all their egregious nonsense, at least lets you BYOE.
I still have to the use the Verizon Fios ONT, and as far as I know there's no way to avoid that, but at least Verizon hasn't given me any shit for providing my own router. I still get the advertised speeds and it makes me happy to own my own stuff.
My ISP here in the UK is pretty good, they have fibre going into a little box on the wall which has an ethernet port on the bottom, I've got a Ubiquiti Dream Machine Pro connected to that on the WAN port and it's worked solidly for years.
I had to fight with Cox (Fiber to the home) to be able to use my own router, if I wanted unlimited data for free.
To my understanding this is partially for them to push their crowdsourced WiFi, and maybe an easier way to sell you an all-in-one security/internet/TV package.
When I explained that I would just their device as a passthrough, and that it would be a waste to have the device here, she removed it from my account.
Now, what I don't know is HOW they check whether I'm using their device. MAC? Easily copied. Them sending some commands that only their devices can respond to? Yea, that's a bigger problem.
Xfinity (Comcast) is uploading their own firmware to my netgear which I have purchased on amazon. So one may (rightfully) assume that they have their own backdoors there too; otherwise why would they bother doing that.
But how do they do that? Doesn't this require basically root access to the router? If you give it to your ISP, then the router is ISP's as much as yours, until they cut your root access off %)
I’m quite happy with the openreach setup in the UK - using a very simple ONT and whatever you want going into it router wise. They’re very close to just being a media converter, and the ONT SFPs are basically the same thing in a different form factor. I understand why they’re controlled given the topology of gPON.
If you’re worried about security of the device on the WAN side, then you’ve got bigger issues.
Verizon's FiOS routers have been decent. I used theirs when I last moved, and it automatically setup a separate IoT network, in addition to the normal and guest networks.
I've been meaning to buy and setup a mesh, but they sent me an extender for free, and they haven't charged a modem rental fee either like Cox/Comcast did, so I've been living with "free" for awhile until I see a good mesh router on sale.
Owning your own router also helps avoid lock-in. I just switched ISPs and it was relatively painless since I could just plug my router into the new box, maintaining all my config. (At least in theory; since all ISPs are terrible, they misconfigured their own modem, so I had to figure out how to log in and switch it to bridge mode. But after that, painless...)
What's the ISP's motivations towards preventing BYOD?
If they're desperate for the $10 per month box rental, I'm sure they could just levy a $10 per month BYOD "support fee" to make equal, but it sounds like in some places they're charging way more as a penalty.
I know some of them were very aggressive about using home routers to provide coverage for roaming Wi-Fi, but that doesn't seem as big a push as it was. I suspect this corresponds with a lot of them getting into the MVNO business lately.
Do they result in a disproportionate volume of support inquiries, or maybe ones that they can't just dispatch by trying to send a remote-reboot signal down the line? I could see addressing that by moving towards a fee-for-service-call model if you need to call the "custom configurations" hotline.
Any desktop computer + Intel dual GB NIC + opnsense and you have an amazingly powerful router. Add in a Raspberry Pi running the Omada controller software and some Omada access points and you have an inexpensive and very robust WiFi network. Don’t forget to turn on auto updates for opnsense.
I moved away from the x86 box to Mikrotik after a late night spent debugging NIC issues in BSD/Debian (Proxmox VM)
They have inexpensive devices (Hex wired router will handle up to about 1 Gbps), and they receive software updates for longer than any hw manufacturer I can think of.
The main gateway router in my household has become something that needs to work reliably, not something I can (or want to) tinker with all that much. The MT devices are infinitely flexible, but rock solid and cheap.
I recently switched to opnsense on bare metal on an N105 with dual 2.5g NIC, after having been quite happy for many years running a bunch of Asus routers on Merlin.
My main goals were to improve throughput and security. Opnsense seems to work well OOTB, but being a dilettante in these matters I must admit to having a nagging anxiety that I may have misconfigured something important.
Any recommendations for a reliable way to check that?
Do you have a particularly complex setup or a typical home LAN with Wi-Fi? If the latter, chances are you did not do anything bad as the defaults are sane and safe. Look over Firewall -> Rules to make sure you aren’t opening any ports that shouldn’t be. Put your phone on a cell network and try to log into your box using your public IPv4 and IPv6 address. Try to run nmap against the same from a remote server (you can get a cheap or free one from Vultr for example). If you have IPv6, try to for example access ssh running on a computer inside your network from the outside, or even just nmap that address.
well, me too. I "wrote the book" - dsl|broadbandreports forum post - on how to set up ipcop and later pfsense on a virtual machine. However the old pfsense (my iso of that version is from 2010) doesn't support ipv6 correctly (if at all) - and the new version is DRM'd and owned by "netgate" and requires connectivity to install - which is something i can't provide in my environment, so i am unable to test all of the "new and improved" versions of the tools we knew and loved.
Here in the UK, I'm using VirginMedia, but have been running my own router for ages. Unfortunately I still have to keep their router powered and connected to access the internet, but it has a "modem" mode where it just provides a dumb connection to one port and disabled WiFi.
My current router is a NanoPi r6c which is a marvelous piece of hardware - stick in an nvm drive and it's more than happy running a bunch of containers. (It's running FriendlyWRT at the moment though I think the next release of openWRT will support it).
As someone who just switched from an IPoE internet service to PPPoE, just make sure your device can cope. I have been using a trusty Ubiquiti Edgerouter Lite 3 for many years without issue. Unfortunately, the Cavium cpu does not support hardware offload for both ipv6 vlan and ipv6 pppoe at the same time.
If you do go down the general-purpose cpu (x64/arm) route and your ISP uses PPPoE, you may need to tweak so that the rx queue is handled by multiple cpu cores as they will default to the first core by default.
Most of the time I have seen fiber set up as a dedicate bridge device GPON to ethernet, the Optical Network Terminator(ONT). And honestly, I am fine with this. copper ethernet is much easer to deal. This makes a nice clear demarcation point, the copper past the ONT is yours, everything upstream of that is theirs.
Having said that It would be nice to have control over the ONT as well. there are PON sfp optics, that may be the easiest way to set up your own fiber capable router. I have heard it is tricky to to talk the isp into allowing your modules, you probably need to know a guy that works there.
There are stores like fs.com where you can buy affordable tranceivers for use in anything that'll take SFP+. The biggest hurdle is extracting the specifications you need from your ISP and configuring your own router for their weird quirks, and probably probably convince them to accept your serial number (or spoof a device of theirs if you can find the S/N).
There are also ONT/media converter boxes that'll spit out ethernet if you plug in a fiber and set the appropriate DIP switches. I found one hanging in my apartment when I moved in. I've also seen people sell them on second hand marketplaces (probably not realizing that they're technically property of the ISP). Buying newer ones that spit out more than 1gbps as a consumer can be a challenge, though.
There's a nice variety of small Linux router boxes available online that are relatively low power but still offer good connectivity through SFP(+) ports. Getting Linux running on those is easy, the challenge is in figuring out how to active the connection.
The bridge mode for AT&T's fiber plans is notoriously shitty at just being a dumb bridge... but it does at least pass the IP through so you can port forward like a normal person would (the built in port forward is so ass backwards). My connection became significantly better (marginally better in max throughput, significantly better in connections/s, QoS, and jitter) when I went from "bridge" mode to replacing the ONT with an unofficial device with a "real" bridge config.
The other thing you can run into is, even in bridge mode, there is a relatively low session limit. The exact number depends on the model you get but some were as low as 4,000 (which sounds like a lot until you start loading background apps on devices and connecting to webpages which are actually dozens of connections per in many cases). The newer boxes aren't as bad... but it was still worthwhile for the effort.
Terms of service, probably. Never bothered to read it, I'm sure I break their terms of service 6 ways to Sunday. At the same time I've been doing this type of bypass with AT&T for years and never heard of anyone getting blocked for it either. I'm sure someone somewhere has though but I suspect they are much more interested in those abusing their connection or causing legal troubles than someone paying but silently using a different modem.
I just got AT&T fiber installed and the gateway has 8192 conntrack slots. Two steam clients scanning for Counter-Strike 2 servers at the same time can chew through that many connections.
I joined the 8311 discord and will be doing a full bypass as soon as feasible.
Sometimes they just don't allow you to use it. In the past I've had ISP router that had a heavily restricted custom firmware on it and a "hidden" username password setup for authorizing with the ISP. I couldn't use my own.
In that situation I had to aim to use it as the modem and have a second router it unloaded to. Not ideal.
Now I can freely pick hardware with my current ISP. Just need to find the time/money to upgrade to fibre everywhere to capitalize on the 10Gb/s.
> Backup: an ISP will give one device. Should it fail at an inopportune time, you will be off-line until you get them to issue a replacement. When you own your own hardware, you can buy a second modem and/or a router for emergency backup.
This is nicer than it seems because "I've already tried a completely different modem" is a good way to short circuit ISP troubleshooting scripts IME.
Sadly I am not able to outright get ride of my ISP router. I am here in Canada on Shaw, well it recently was taken over by Rogers, and we can not just use our own. We can put the modem into bridge mode and connect to it but not get ride of it completely. I am not sure if bridge mode would stop much of the security concerns but my gut says no.
Once in bridge mode it's no longer acting as a router, so it should mostly be fine. The firewall on your actual router will be present between the modem/internet and your machines.
Great thank you for the information. I've held off on getting a half decent router as there is so much to know. I've always wanted to get one I can put my own firmware and the benefits they have but just not sure the best route. I also have lots of people in the house so want something that can handle many connections at once like 10 devices says. The isp router only has 4 Ethernet ports which a couple more would be handy so that is also a wish list. Anyways thank you I will look into it a bit more.
One thing worth noting is that you don't need the ethernet ports to be on the router itself. You can always add a switch for more ports. 2.5G switches are pretty cheap now, and if connected to a 10G port on your router should provide plenty of bandwidth. (Could even get a 10G switch, but that'd likely be overkill.)
This is my solution, although my ISP box has no WiFi, thankfully. Their box is a totally locked down, "business" service bridge. Behind that is my MikroTik RB5009UPr+S+in, doing packet filtering, NAT, VLAN, PoE to access points, etc. I don't really care about the ISP box.
Bit difficult to reconcile with reality in case you e.g. have to use the ISP's router or even just their SFP modules, which are really like a router in your router in a sense, and are common in fiber installations to my knowledge, as using a different one can cause issues for other subscribers on the same passive connection.
This is all well and good but unless you have networking experience and know what makes a good router you're still stuck.
What router should I be using in place of the ISP one? Can I trust it's manufacturer? How can I make sure it definitely is a one to one replacement and I don't need to use my isp router as a bridge?
One cannot trust manufacturers, it's common practice to put backdoors. That's why you simply get an OpenWRT compatible router and flash it.
It does not require networking experience, just a bit of curiosity and following a bunch of well documented steps.
Knowledge is required to build a decent setup. It doesn't end there for a proper environment, you also want a VPN, this can be configured at the router level. Oh, what about an ad blocker, blacklisting all known ads serving hosts perhaps?
Given the time we spent hooked online, worth gaining what really is vital knowledge for a decent internet access, or the internet will gain most of your precious attention.
Considering the audience: Get whatever x86 (arm if you have a more enthusiastic vibe and don't mind some independent research) hardware, install your Linux/BSD distro of choice (it doesnt need to be a "router" distro in case youre already handy with some other base system. setting up from vanilla can be easier than getting into idiosyncracies of openwrt/pfsense/etc) and configure it yourself. It will be valuable and useful even if your ISP requires their own gateway in the middle. Get 2 of whatever it is so you have a spare/staging ready if it becomes necessary later.
Intel NICs are generally preferred over Realtek if available.
My ISP does this as well, provides Huawei modems with hardcoded backdoor passwords that can easily be found online. So yup, I've got a dedicated firewall between my networks and the modem. With slow updates and backdoors, I'd include any ISP modem and networks as part of my personal threat model.
Often hard to use your own stuff with fiber systems. I get AT&T fiber which is pretty good service but no way to use your own “modem” (optical network terminal). I think their gateway suffers from some kind of buffer issue which affects me even w/ “ip pass through” to my own Synology router.
There are ways now (as in, very recent) to bypass the ONT for AT&T, people have developed custom GPON SFP module firmware that lets you connect directly. There are also multiple ways to bypass the gateway authentication, be it extracting the certificates or doing Ethernet proxying of the authentication frames.
> Often hard to use your own stuff with fiber systems.
This is the 2nd time I've heard this in this thread and it baffles me. Setting up a fiber connection is how I know I won't have to fight for control at the edge.
> I get AT&T fiber...
Okay, okay. AT&T excepting but that goes without saying. Wherever they are you want to be elsewhere.
Yep, I just run my own Linux build on any SBC with at least a single gigabit port, currently that's Quartz64-A. I've never been happier with my home router and flexibility of configuration/what I can do with it, than just running a regular fully fledged Linux distro on it.
The average consumer who uses teh internetz probably isn't all that savvy
So when an ISP borders (and often more than that) on criminal practices or being malicious - which is a lot of them - they're laid prone to all the upstream garbage
If you have a LAN cable, or fiber for WAN it can be done, but with cable modems it's not always possible to use your own device. I got a device which hasn't been updated since 2019 . :(
We have a cable connection, and the cable modem can either act as a router or a bridge. We set it up as bridge, and connected an opnSense router to it.
A friend of mine discovered a weird loophole at some Danish ISPs. Most of the ISPs doesn't allow you to use your own router, but they can open up your "port" to accept any router. Calling in, saying that you have a Cisco router than you can't get working, just playing dumb about the being locked to the ISP provided router, they'll then assume that you know what you're doing because "Cisco" and unlock your account.
OPNsense DECISO router on 2 Gbps symmetric Google Fiber for $100/mo. works great. Anywhere without GF, I'd look for co-op municipal fiber consortiums before megacorps.
if you live in “the hood” the lan is nuts and you can get by by just treating your local network as completely untrusted, which I personally believe is good practice anyway.
I have my own, because the idea of paying $5/month at the time seemed silly. It does seem like more and more, ISPs are trying to make it harder to bring your own modem, which feels like a cash grab.
Even 10 years ago with Comcast I’d have to call them and challenge their gaslighting to get it working. The model I had was listed on their website, but they would tell me it wasn’t supported. About once a year they would kill it and I had to call to get it working again, where they would again tell me it wasn’t supported, but with persistence on my part, they’d eventually register it and get it working again. I haven’t had as many issue with this recently with Comcast, but I figure it’s only a matter of time.
I have quantum fiber and am using a Dynalink WRX36 running OpenWrt. Needed the vlan 201 configuration but works well.
OpenWrt is pretty amazing, my router downloads torrents, blocks ads, runs a VPN client (enabled per-device) for watching geo-blocked streaming, serves content from a USB drive to my TV, among other things.
I use a Dell R530 rack mount server. I had to configure PPP over Ethernet, and a Vlan of 201, but I've not been forced to the "quantum" BS. I've heard you just do DHCP, No PPPoE for that.
Sadly I have no other options here in San Francisco. My house is not wired for phone service so I cannot get DSL. The various fiber services that are becoming more available in San Francisco are generally only available downtown or large apartment buildings. My freestanding house can’t get any of that. AT&T‘s new fiber doesn’t connect to me either. And webpass doesn’t have a good line of sight from my location to any of their microwave towers so I can’t get that. It is Comcast or nothing. It always amazes me that San Francisco is supposedly the tech capital of the world but internet connectivity here is worse than rural China. (And that’s not an exaggeration, I’ve spent plenty of time in rural China and in the mountains there, both the cellular and hardline service is infinitely better than San Francisco, aside from the firewall issues of course)
…I guess that turned into a bit of a personal rant but holy crap how is it 2025 and this is still a problem in a major tech city?
reply