This post was originally planned as a rant about how Apple’s AirPort Extreme base station with 802.11n draft capability still hangs and drops all NAT port mappings after about 24 hours of use (see my previous post). I was going to call it names. However, it turned out differently, read on for some interesting observations...
The NAT breakdown is more than a minor annoyance for me because my web server runs behind this router. If the problem occurs and I don't immediately notice it and restart the base station using AirPort Utility, the web site is not accessible and my mail doesn’t work.
It was very annoying but I didn’t do anything about it because I thought that Apple would fix this pretty quickly. Unfortunately I was wrong and after the last two firmware updates it’s still broken. I also sent it in for repair and got a replacement unit (still the fast ethernet version though, not the new August 2007 version with Gigabit ethernet). It has the same problem so I guess it really is a firmware issue.
To stabilize the web site situation, I finally bought a different wireless router. Since I was really hooked on the higher 802.11n draft throughput, I again bought one with this feature, the WNR854T from NetGear. After playing around with it for an evening, I think I know what a real POS is.
I could not believe how many technical features I knew from the Apple product were completely missing, and how awkward the web based administration used by NetGear and many other vendors still is. I realized how incredibly good the setup and configuration experience of Apple’s AirPort Utility is (the new one, not the old one for the old round Extremes). Here are just a few examples on the administration side:
- Every single port mapping requires a restart?!? I have lots of port mappings, and each restart takes almost a minute. Seriously, WTF??? I want to configure them all, then commit them together.
- The logging is a joke. No syslog, and the only events it reports are when someone hits the content filter? I am interested in a lot more information, like the Apple base station provides.
- Port mappings seem to be possible only on the same port. I can’t map the incoming port x to the port y on the internal machine. I have two hosts I need to reach with SSH from outside, how am I supposed to do that when only one mapping for port 22 is possible? The Apple base station allows me to configure two different ports on the WAN side.
(And the web interface is ugly! You’d think they could hire a web designer to freshen it up a bit.)
The NetGear product is also technically inferior. Examples:
- No 5GHz Band??? I could not believe this, and I could not believe I didn't check this before buying it.
- No USB port for attaching printers or harddisks. I don’t care about the disks, but I do use a printer.
- It’s slooooooooow! I compared throughput before and after the switch, see below...
After setting everything up, I was in for a surprise: The wireless network throughput sucked badly. Here is a measurement from before the switch:
Average Dload Speed is the interesting number. Four megabytes per second which feels fairly snappy.
I didn’t touch the computer, and the router was in the same location as the AirPort Extreme before it. The download speed is almost 10 times lower!
I played around with some of the settings, but that didn’t help. The AirPort Extreme was operating in the 5 GHz band and the NetGear can only use the 2.4GHz band, which is pretty full in my neighborhood so that might explain some of the difference. However, when I first set up the AirPort Extreme, I also tried it in the 2.4GHz band and it was much faster even there.
To be fair, 802.11n is not yet a final standard and things could (and hopefully will) improve, especially in the area of interoperability between equipment of different vendors, like the NetGear base station and an Apple laptop in this case.
Because this throughput was not acceptable, but going back was not an option either, I ended up using both devices: I completely switched off the NetGear’s wireless system and use it strictly as an (expensive) NAT router. On the AirPort Extreme, I switched off all routing features, it is now a simple wireless-to-ethernet bridge. When I measured the throughput again, I was in for another big surprise, this time a nice one: The download speed almost doubled!
It seems that the Apple base station performs much better when NAT/DHCP is deactivated. It’s a bit strange because the connection to the peer host does not even involve NAT, it is connected to one of the router’s LAN ethernet port.
Either the Extreme’s processor is under-powered or its firmware is really in a bad shape.
All this made me realize that Apple does make the perfect wireless network equipment for home use. The whole experience, provided on one hand by technical features like USB and digital audio ports (on the Express) and by their administration software on the other hand is great. It’s funny that Apple’s product is the one providing far far more technical options. They are usually the ones being accused of dumbing down the user interface and limiting options, but in this case there are way more options and features, enabling me to handle even complicated and unusual network configurations (especially regarding NAT/WDS/DHCP/port mapping).
Now if they could please fix the hangs and crashes in their firmware!
Yeah I also had that experience. Just after I installed the NetGear router in the hope that it would handle the port mappings properly, the web site was offline for another day because it too stopped forwarding traffic from the WAN to the LAN side.
After some clicking around in the web interface I guessed that the stateful packet inspection (SPI) feature might be the cause because it sees lots of incoming traffic and treats it like a DOS attack.
After switching off SPI, everything works fine.
I've yet to see a usable and convenient web interface for a router. Neither Zyxel nor Netgear nor anyone else seems to be able to pull it off.
Especially Zyxel is bad: Undocumented features which show up on the interface but nowhere in the documentation indicated that these devices are probably more powerful than they let you believe.
Heya Marc,
I too noticed the same results you did with NAT/DHCP off. We have a Xincom X-16R router and two of the new Extremes at our office. Doing all routing and NAT (as well as some virtual hosts) on the router, and simply letting the Airports be a (costly) mindless connection endpoint has slightly more than doubled throughput of data.
For those that are setting up wireless office access points, I highly recommend disabling all of these settings on the Airport, and handling all of your routing somewhere else int eh chain.
I use wireless routers in bridge mode as wireless access points as they just aren't are reliable or feature-rich as what I can get from a wired router. I always use the Linksys RV042 VPN router with an Airport behind it in bridge. Not only is this stable, but you get so much functionality. 5 PPTP VPN connections and 50 router-router tunnels. But the better functionality is the one-to-one NAT across a range (killer!), great firewall, port management (make one port more important than others), bandwidth shaping (limit/guarantee bandwidth to a service and Dual WAN capability. This last is great as you can have one main connection and a second cheap/slow, but fail-over or you can specify traffic to use a particular connection.
David: Thanks a lot for the tip, I was looking around for a wired router with really strong features.
Too bad the Airport doesn't work with our VOIP telephone system. Damn Apple.
Thanks for the thorough run down - I don't know if you have any opinions about other manufacturers but I am a D-Link whore for all of the reasons you stated above. I would highly recommend the DIR-655 (Wireless N with Gigabit Ethernet, QoS, etc.). I think it will do everything u are looking for and more. The only negative is its a bit expensive. Oh, and no USB... I use it for a couple dozen clients and I have never seen one hang, crash, or otherwise not work perfectly. I swear by them.
In the end I threw away all my AirPort equipment and got myself a Cisco router instead. You might hate the interface at first (prefer to use the command line anyway) but regardless of that: It works. It also keeps working, there's a possible tweak for every situation you could find yourself in and considering the price, you can buy one with wireless for € 250 nowadays, the same amount of money you'd pay for a router 3 years ago.
Sander: That is more or less what I am about to do: Buy the Linksys RV042 someone else mentioned above, it has good reviews, nice features and is even a Cisco product :-)
However, I am not ready to throw out the AirPort Extreme because of its 802.11N throughput as well as the USB port features. I don't think any Cisco product can match the throughput or the features.
The reason I'm replacing the Netgear with the Linksys is that the Netgear’s UPnP implementation does not seem to work with Leopard's new Back to my Mac feature, and that is the final straw. Anybody want to buy a crappy wireless router? :-)
Marc,
I bought my AirPort Extreme with 802.11n (Fast Ethernet) when I was at MacWorld back in January and it's been great until I applied the 7.2.1 firmware update. Now it refuses to do any port mapping, no matter how much I reconfigure it. And I can't back to my mac working with it either. So frustrating.
:(
I have a major issue with the Airport product line. It doesn't work with many IPSec VPN clients. There are even some that crash the router to the point where if you try to use them the router has to be rebooted because it crashes and drops all connections. I've read of other users with the same experience on Apple's user forum (http://discussions.apple.com/thread.jspa?messageID=5547501) and Apple has done nothing to address the issue. Until it does I could never recommend this product to anyone.
|
I had 3 Netgear routers, and they all had severe problems. They would hang regularly during normal use, and were always crashing when editing specific settings in the webinterface. Only a hard reset-delete-all could get it to "work" again.
Those routers are the worst crap of hardware ever!
Replaced it with an airport express :)