One common complaint in my home is the quality of the internet connection.
Working as a network engineer I get embarrassed for this situation, so I decided to solve this in a professional way.
First of all, I took some notes to identify the most important problems:
- Freezes in movies
- WiFi signal lost in some rooms
- Too many advertisements into webs
- Adult content in some webs, dangerous for children
This is the platform I designed:
I want a cloud measurement platform, because I want to alert me if the connection is lost (electric problem, ...) This way I can monitor other networks too (parents, brothers, new projects, ...). You can use a VPS from Amazon, OVH or whatever provider you want.
The router connects to the monitoring network through an IPSEC tunnel, using IKEv2 and tunneling IPv6 over IPv4 so I don't have to use NAT when I have to monitor more networks.
I use fluentd for syslog processing because it has a plugin architecture with a lot of inputs/outputs, so I don't need to reconfigure too much things in case I need/want to change something in the platform. Splunk is used to store logs because it has a free service Splunkstorm that's enough for my needs at the moment.
I have a decent cable connection with a upload/download of 2/20MB, but the ISP doesn't permit me full access to the router, so I decided to buy a new one.
I have played with OpenWRT before so I decided to use it. I look for a modern, cheap and fully supported router. I bought a TP-LINK TL-WDR3600 for 45 € in Amazon:
- 8 MB Flash to install all the stuff I need
- 128 MB RAM so the processes can run fine
- Dual Band 2.4 & 5 GHz to avoid WiFi interference. The spectrum space is over-crowded in my building
QoS management is critical to avoid freezes in movies, lag on games and to feel a good response in webpages. You can read a lot about QoS in home networks here Bufferbloat. I used this script to control the traffic in both the Uplink and the Downlink.
I use dnsmasq for content management, you need to modify the file dnsmasq.conf :
server= <<IPS OF OPENDNS OR NORTON DNS OR ...>>
There are a lot of scripts to block advertisement networks, I used this (https://gist.github.com/Cybso/bf9b69c6a638ffd68281)
Don't forget to add this pair of rules in iptables, so nobody can use other dns server:
iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53
- get more out of Riemann
- make better dashboards in Grafana
- start to monitor more things, maybe with sensor for humidity, temperature, ...