Avoid ISP Routers (2024)

Original Article ↗ Hacker News Discussion ↗

Cost, lock‑in, and BYOD obstacles

  • Many commenters say buying your own modem/router pays for itself versus monthly “rental” fees, but ISPs increasingly resist BYOD or make it painful (periodic de‑authorizations, gaslighting about “unsupported” models).
  • Some ISPs tie uncapped plans or discounts to using their gateway; using your own gear can mean higher fees or strict data caps.
  • In some cases, ISPs claim old or “gray market” hardware is still their property, threatening legal action while still collecting rental fees until challenged.

Technical workarounds and fiber/PON complications

  • Common pattern: keep ISP device but put it in bridge/“modem” mode, then run a real router behind it. This works but may still inherit limitations (low conntrack/session limits, buffer/jitter issues, DMZ modes that aren’t true bridges).
  • Fiber/PON is often harder to fully “own”: proprietary ONTs, 802.1x, GPON/XGS‑PON quirks, VLAN tagging, and OLT/ONU incompatibilities. Some users bypass ONTs or gateways with programmable SFP/SFP+ modules and spoofed IDs, aided by community guides and discords, but acknowledge ToS and ban risks.
  • Where ONTs are just media converters (e.g., some FTTH setups or UK Openreach), users are happy to treat them as the demarc and plug their own router directly.

Security, firmware, and trust

  • Concerns include: locked‑down firmware, TR‑069/remote management, cloud‑only control planes that can disappear, hardcoded backdoor credentials, and ISPs pushing arbitrary firmware even to customer‑owned DOCSIS modems.
  • Several treat ISP CPE as hostile: put it in front, then interpose a serious firewall/router (OpenBSD, OPNsense, Mikrotik, etc.) and isolate it.
  • One vivid anecdote of a cockroach‑infested ISP device sparked debate: some see it as a supply‑chain red flag; others argue insect issues are generic to electronics, not specific to ISP hardware.

User‑owned router setups

  • Popular DIY options: pfSense/OPNsense on x86 boxes (often virtualized under Proxmox), OpenWrt routers, small Linux SBCs with Intel NICs, Mikrotik, Ubiquiti, Firewalla, and commercial mesh systems.
  • Extra value from custom firmware: VPN per device, adblocking, torrents, file serving, VLANs, QoS/SQM, and better Wi‑Fi/AP architectures than ISP all‑in‑ones.
  • Advice includes separating modem and router, checking external exposure via Shodan/nmap, and not using ISP DNS.

Support, demarcation, and average users

  • Some prefer ISP hardware because it moves the demarc to the LAN port and simplifies support; for them, reliability and quick ISP troubleshooting outweigh control.
  • Power users counter that owning the router makes migrations and backups easy and avoids vendor lock‑in, but accept that most consumers just want “Wi‑Fi password on the sticker” simplicity.

Regional and regulatory contrasts

  • Commenters highlight big differences:
    • US: monopolistic behavior, caps, router lock‑in, bans on municipal ISPs, and especially restrictive players (notably AT&T fiber) versus more permissive ones.
    • EU (e.g., Germany, Netherlands): legal “router freedom” and even freedom to use your own PON SFPs, though enforcement varies and some ISPs compensate with pricing tricks.
    • Australia/UK: generally easy to use your own router, with ISP boxes acting as ONTs/bridges.
  • Municipal and co‑op fiber (e.g., one cited US city utility) are held up as models: high symmetric speeds, sane pricing, no caps, and customer‑friendly policies.