Last year I spent some time upgrading my home network, ditching the router provided by my ISP in favour of something a little more DIY. Naturally, I documented very little of what I did, leaving myself with a difficult task should I need to troubleshoot any issues in the future. This post is my attempt to rectify that mistake, digging into what I did, and the contextual knowledge necessary to setup your own “Router on a Stick”.
A basic router topology
The simplest way to build a router requires a device with at least two ethernet ports (which rules out a number of cheap consumer devices like a raspberry pi). The ethernet cable connected to the WAN (wide area network, or “the internet” outside of your home) is plugged into one of the ports, and the other is connected to a switch. You would install routing software on the device, and devices on the switch would represent your LAN (local area network). The router would do what a router does, route traffic inside the LAN, and between the LAN and the WAN.
What is a “Router on a Stick”?
But what if you want to use a device with only one ethernet port, such as the aforementioned raspberry pi? Without introducing the issues that can come about from using a usb-to-ethernet adapter? That’s where the more complicated “router on a stick” topology comes in! There are a few other topics we should visit before we can properly understand how this works though.
What is a VLAN?
VLAN’s are a mechanism for dividing a network into distinct parts. This is done by modifying frames, adding and removing tags to the frame to serve as an identifier. It is worth noting that these tags render a frame incompatible with devices that are not programmed to handle them. If frames were sent to your phone with a tag, it would not know what to do with them and would end up discarding them.
VLAN’s can serve a variety of purposes, such as the creation of a guest network that is separate from your primary network. In this case we are going to leverage them to allow traffic from both the WAN and LAN to travel over the same cable to the router.
Untagged Port
A port can be marked as either “tagged” or “untagged”, although different companies sometimes adopt their own unfortunate naming conventions for this concept. An untagged port receives frames for its VLAN tag, and strips the tags before sending it to the connected device. Likewise, when it receives frames from the connected device, untagged, it will add the tag corresponding to its VLAN. As such, this entire process is transparent to connected device, allowing it to communicate with the switch as if it was a simple, unmanaged switch.
Tagged Port
On the other hand, we have tagged ports. Frames that are sent to these ports do not have the tag stripped, and said tag is forwarded to the connected device. Likewise, the device is expected to send tagged frames back to the switch. This means that the connected device needs to know it is connected to a VLAN, and how to interpret the tags it receives.
Tying it all together
As we mentioned above, a router has to be capable of routing packets within the LAN, and between the LAN and the WAN. If we consider the simple case, where the LAN is represented by a dumb access point plugged into port 3, we would mark this port as untagged. We would do the same for the WAN, which in this example we will plug into port 2. And the router we would plug into port 1, marking this as a tagged port. In common routing software such as OpenWRT, you can associate a network with tags. This will cause the routing software to associate incoming tagged frames with the corresponding network, and tag outgoing frames during routing. This means the router can receive traffic from multiple distinct networks via a single ethernet connection.
And that’s it! I realize that I left out some pretty significant details, such as how to actually configure the routing software, but perhaps that is something I can rectify with a follow-up post someday.