In this article, Geoff Meads looks at the downside – and potential upside – of free ISP-supplied routers.

Premium or ‘enterprise’ networking equipment usually offers more features, greater reliability and a better profit margin over and above that of cheaper, ‘High Street’ products.

When it comes to devices such as switches and access points, it’s pretty easy to swap out basic kit for ‘Enterprise’ equipment. Compared to many AV products, networking gear is relatively cheap and, with so many systems now relying on the robustness of the local network, better kit is an easy sell to consumers.

However, there’s one piece of the jigsaw that’s not so easy to replace – the ISP-supplied router.

Why is it free?

While it’s possible to get ‘Bring Your Own Modem’ internet supply deals, most ISPs will prefer it if you take their modem too. Different countries favour different deals but, in most countries, the ISP prefers you to use their router. There are a few reasons for this situation:

1. It’s a known quantity – put simply, they know their router will work with their system.
2. They know how to support it – when you call with a problem, they know the right questions to ask to help you get it working again with minimum delay and cost to them.
3. They can upgrade it when they want – if their systems change, they can send you a new router to easily support them or update the firmware remotely.
4. They can remotely diagnose issues – often an ISP router has ‘back doors’, allowing the ISP to access and look at the status of your router without you getting involved.
5. They can control access – some ISPs use the router’s WAN MAC address to grant internet access or not. (The UK’s BT being a good example.)

Why swap an ISP router for something better?

This is a great question to ask yourself before ditching that ISP router but it may also be a question your customer asks of you. After all, why should they pay for something they already have?

Let’s look at a few good reasons:

1. Reliability – A ‘free’ ISP router will be built to a price. Probably as close to $0.00 as the ISP can negotiate. Enterprise equipment is designed to run 24 hours a day and with constant high usage. For a typical family of four people, with moderate smart TV use and browsing, then an ISP router might work just fine. However, with the sort of high-traffic IPTV, security and IoT devices that installers fit network traffic can increase to very high levels and reliability might be an issue.
2. Remote access – While a basic router will allow remote access to its setup menus and, using port forwarding,
   access to LAN devices, neither of these are recommended due to security issues. For secure remote access, a VPN connection is needed. VPNs can be deployed using dedicated server devices connected to a router but are
   more commonly deployed using technology built in to enterprise routers. It’s unlikely an ISP supplied router ill
   have this technology built in.
3. Profit – This is a simple one. There is no profit in a free router supplied by an ISP. There is profit in an enterprise level router that you supply. End of story.

No downsides?

It seems like a pretty simple decision then. Let’s go ahead and swap out that ISP router for a better, enterprise level model that we supply. It’s more reliable and offers more features, right?

Maybe not. There are a number of things to consider before we ditch that ISP router…

Firstly, there’s the question of support. When (not if…) the customer’s internet service goes down, they’ll make a call to the ISP support centre. As soon as the ISP figures it’s not their router on the end of the line, they’ll refuse support. The next call will be to you. From an angry customer. Possibly at midnight, or worse…

Secondly, many ISPs expect to ‘see’ their router’s MAC address on the end of the line. If you swap out the router, the
MAC address will change to that of the new router and service may stop, maybe right away but, maybe, some hours or days later.

Next, we have to consider security. When an ISP’s router is connected the ISP has the ability to upload new firmware
remotely to ensure their router remains secure. If you change out the router for one you’ve supplied, you become responsible for router firmware updates which may or may not be able to be carried out automatically or remotely.

Finally, we have to consider supply convergence. It’s becoming increasingly common for the ISP to supply other
online services, like, TV, for example. Depending on the nature of the service, it may not be possible to swap out the router without disturbing or disabling other services that the ISP is supplying.

The double NAT option

One possible solution is to use two routers. The ISP router stays as the main connection to the internet with one of the LAN connections on the ISP router used to connect the WAN side of the enterprise router. LAN devices are then connected to the enterprise router.

Before attempting this solution, consider the following:

1. The enterprise router will need an unmodulated WAN connection (usually on an RJ45 connector).
2. The IP range of the enterprise router’s LAN must be different from that of the ISP router. For example, if the ISP router has an IP ID of 192.168.1.0/24 the enterprise router’s LAN could be 192.168.2.0/24.
3. A pathway for VPN traffic must be set up through the ISP router (using port forwarding) for VPN connections so that inbound VPN traffic can reach the VPN server on the enterprise router unhindered.

Conclusion

For many integrators the choice here is still far from clear and will depend on their own circumstances or even on the budget of the customer. Either way, making an informed choice comes down to having the right knowledge.