Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
Can anyone speculate why the FCC has banned foreign-made routers?
As mentioned below, there seems to be a wide exemption for anything not marketed at the consumer level. I will be very curious to see how that ends up being applied to hardware leased or provided to end users by their ISP. I'm guessing the exemption will apply to those units even though the hardware and firmware is of foreign origin, because the ISPs plausibly have access to/control over the firmware.
The bulk of my employer's (major US cable company) current generation of leased routers are white label units with our branding and custom exterior shell but manufactured by a subsidiary of Asus based on a generic router board that they also supply to other ISPs in a similar arrangement, at least from what I've gathered looking at the manuals and the Asus website counterparts.
The other major OEMs that made our previous gen routers/modems (and still make our current gen standalone modems), Hitron and Ubee, are also both Taiwanese. Arris was nominally American, even after their acquisition by Commscope (also American), but their manufacturing was overseas and they were recently divested to Vantiva (French, f.k.a. Technicolor, which is also where Cisco/Scientific Atlanta's coax division ended up).
A side note, it would probably be better for our reputation if we just told customers we were giving them Asus hardware rather than using our own branding. Cable companies are funny.
More options
Context Copy link
The cynical possibility is just Buy American focus, using whatever tools are available. There are American-'manufactured' and non-Chinese manufactured network infrastructure, this rule gives a very easy tool to make it extremely risky to sell the banned routers at a storefront in the US, tada.
((The really cynical possibility is that, plus some stock trades or donations, and maybe a little fucking over of international shippers for funsies.))
The more charitable is that router vulnerabilities are Pretty Big Deals, and a lot of the ugly questionably legal tools to use against domestic manufacturers to get them to turn of uPnP or implement randomized default passwords or maintain a five-year support period with automatic updates is not available for manufacturers that get 99% of their sales through Amazon as CE-marks.
More options
Context Copy link
Huh. I thought we did that ages ago with Huawei.
That was originally just for carrier-grade network equipment iirc, then later expanded to cover basically everything made by Huawei. I think ZTE was also included in the expanded ban (another Chinese telecom vendor).
This is kinda the opposite, apparently targeting consumer-grade hardware only. Which is kinda weird.
More options
Context Copy link
More options
Context Copy link
You can take the stated reason at face value; it's not like it's false. But it's a bit hypocritical if you consider that it is quite certain the US has either intentional backdoors and/or undisclosed vulnerabilities to achieve surveillance on its domestic networking equipment, but they aren't wrong to be suspicious of chinese made routers.
And on its own, this measure is not gonna achieve much as the horse is already out of the barn when it comes to consumer network security. What normies even keep their router updated? When people keep their 10 year old router that's never been updated, has tens of known exploited vulnerabilities and is configured with a WAN facing admin panel, who even cares where it was built?
Sadly, the realistic solution is to incentivise people to let their ISP take charge, which as someone who prefers personal responsability, I hate. Subsidize ISP sold/loaned equipment, enable auto-updates. I'd even make it so that the router has a hardware switch enabled VPN to let the ISP in to the LAN-facing management if they need to do some work (I'd make a hardware switch so that clueless customers can be reasonably certain when it's on or off). Convenient but security nightmare networking options need to start being disabled by default and users should not be encouraged to enable them ever (I'm looking at you UPnP). I'd probably ask or heavily incentivise ISPs to have all of their customer facing techs to have a security certification. If you had all of this taken care of, then banning hardware backdoored (by state adversaries as opposed to domestic intelligence agencies) might have an effect.
Heck, Cisco has a major vulnerability approximately every five minutes, and I don't doubt that USGOV is aware of most of them and doesn't disclose under NOBUS.
More options
Context Copy link
Hah, (some of) the ISPs are way ahead of you. We'll lease you a router for $10 a month where the only available settings are SSID, password, port forwarding, and a UPnP toggle switch (thankfully off by default). Management is cloud-based (no local GUI) and updates are automatic. People HATE the lack of setting availability, and I don't blame them for it. Can't change the subnet from the default 192.168.1.1/24, and no we cannot override it in tech support, we have the same options as those available to the end user.
The company line is to buy your own router if you need access to other settings, but that's about to become a lot harder.
At the same time, this is probably Good For The Normies overall from a security standpoint.
Me using OPNsense on commodity hardware with an Intel NIC PCI-e card
I actually use UPnP because it makes building direct-connect tunnels over tailscale easier (and my ISP offers symmetrical fiber, but no IPv6, riddle me that), but I monitor it and have some restrictions in place. Most users shouldn't use it though.
Actually my ISP puts IPoE on a VLAN, but none of their techs know anything about it and I had to reverse-engineer it using reddit. Their loaned-out gateway (which is bundled in the price, apparently?) can give you a WAN link for your own router on VLAN 1, but that's another device you have to put in the path. Maybe breaking up Ma Bell wasn't such a good idea, they at least had "One Policy, One System, Universal Service" instead of the hodgepodge of nonsense that passes for telecommunications in this country.
My girlfriend's ISP-provided router let me change the subnet, but not the DNS IPs distributed by DHCP, weirdly enough, and they're locked to the default ISP DNS. (She at least gets v6 though, God Bless American Telephone & Telecom.) I could go through the effort to run a DHCP server on her network, but I'm really only freeloading on her network for my backup server, so I just gave all my devices their own manual DNS servers set to my preference and we're good to go.
Well, at least your American Intel hardware is safe from this regulation.
If you think that ipv6 arrangement is weird, ours is weirder. Ipv6 is bog standard for our residential service but completely and utterly unsupported and undocumented for business class service (which is what I support and does run on separate infrastructure for the relevant parts). All I can say is try /56 and if that doesn't work try /64. They give us nothing as far as docs go and implementation varies by region. Certain areas still don't have it at all. This may be intentional so they can upsell ipv6-ready enterprise DIA/FIA, but it's probably more corporate incompetence/fragmentation (we are made up of many dozens of independent cable systems bought out over the years after all) than anything else. Officially, we cannot offer any assistance for ipv6 on business class connections. Most of my coworkers barely know what it is, and I'm embarrassingly rusty on it myself.
We can set custom DNS on our provided CPE though, at least.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link