Why one should do "Bridge mode" between Airtel Fiber router and a Different router?

[Boradbande]

Hi,
I am newbie and I want to use a powerful router instead of the router given by Airtel Fiber Broadband.

so I want to know, Can I simply just connect TP-Link Router via ethernet cable to ethernet port on Airtel Fiber router and then turn off wifi on Airtel Fiber router and use the wifi on the TPLINK router and get 300MBPS speeds as per my plan ? is not this possible?
Also my Airtel router does not have WAN Port, only ethernet ports are there.

Why does everyone here say to do "Bridge mode" between the router ? Why not I do the above process which I explained above and get 300 mbps plan ?

Could someone please explain?

also please suggest me the best router to connect to my Airtel network for best speeds / pings/ no speed drops or connections.

Thankyou all.

 

[abhishek.t]

the device provided by ISPs (airtel here) is kinda a combo device (ont+router+switch+wifi-ap), each of those functions can be delegated to separate specialised devices for customizability/performance or whatever the need be.

simply connecting TP-Link (set in access point mode) means you utilize it as a wifi-ap+switch.

in bridge mode, airtel device acts as a simple ont (optical to ethernet media converter), and tplink (set in router mode) acts as the router+wifi-ap+switch.

 

[abhishek.t]

if your goal is simply clocking 300mbps on second router/wifi, you don't need bridge mode and most good rated wifi 6 routers will do just fine

 

[Boradbande]

thanks for the information @abhishek.t . I want to enjoy 300mbps via second router like I want to stream 4k content on YouTube or Amazon prime or download any file on internet at 300mbps speeds without any delays or so?
so one question I want to ask, for these two things, I do not need to go for bridge mode or so , Correct ?

I have ZTE router from Airtel, I have a DNS leak on that. How do you perfectly setup dns on this Airtel router and which dns company do you recommend ?
thanks

 

[Boradbande]

also one more question, IF I connect my another router via ethernet cable to Airtel Router, Do I need to change any other setting part from giving a same ip for another router on Airtel router?

 

[abhishek.t]

yes, such setup will be sufficient.

you can't and shouldn't assign 'same' ip to your second router. just connect wan port of TP-Link with any lan port on zte, set tplink in access point mode. that's basically enough.

further you can set a static ip for tplink in either tplink webui or zte webui. (exclude that ip in dhcp server on zte, etc.)

for dns thing, do you see any servers apart from airtel in your dns leak test? isp itself can see dns traffic and that is not a leak. if there are other servers, you have many solutions like:

i)use dhcp on tplink instead of zte and assign dns servers there.
ii)set static ips on devices themselves and set dns over there.
iii)use native DoH/DoT/Private DNS settings on devices.
iv)setup local dns resolver with encrypted dns etc.
v)DoH in another router, after bridge mode.
vi)mention dns servers in pppoe itself if settings are unlocked.

and many more..

 

---

[pxgmr]

Your ISP router is actually a router + ONT combo. In the days before fiber, we would say router + modem combo.

For DNS leak:

It has nothing to do with the ISP router. The ISP router gets a DNS server from Airtel (which will be hosted by Airtel) and all devices are provided that DNS server when using DHCP to get an IP address assigned. Airtel can easily log your browsing history this way as they can map the IP from the DNS request and your customer ID.

You can prevent this by setting your DNS to 1.1.1.1 on your own router (which will act as the DHCP server) and not connect anything directly to the Airtel router (via Wi-Fi or LAN) except your own router, no bridge mode required. This will fix the DNS "leak" as the test will say Cloudflare instead of Airtel.

But that is not enough these days, as DNS itself is not encrypted and Airtel can still see the DNS requests sent to 1.1.1.1 and log them easily, just requires more effort.

To fix the unencrypted DNS issue, you have 3 options:

• Browser: Set up Encrypted DNS in Chrome settings
• Native OS level: Supported by most modern OSes (Windows, Android, iOS, macOS), look up instructs
• Fake VPN (OS level): Use apps like 1.1.1.1 that set up a fake VPN tunnel just to intercept the plaintext DNS requests and return the result via encrypted DNS)

However, all 3 of these options require per-device configuration. If you want ALL devices (e.g., some smart TV) to be covered then it's best to buy something like a Raspberry Pi and set it up as a DNS server, or you could buy a router that supports custom firmware like OpenWRT and run the server on the router itself. Then the devices will send unencrypted DNS to your DNS server (custom firmware router/Raspberry PI - something local like 192.168.0.10) but that DNS server will only send encrypted requests to the upstream DNS server (1.1.1.1).

Where the issues with the ISP router come in:

• As you noted, poor WiFi performance. Although if you are not even getting 300Mbps then maybe it is an issue with distance or your client device or simply because you are on the 2.4GHz band. Because even the low end ISP provided WiFi 5 routers can provide that these days.
• ISP router is completely locked, you can't change anything except WiFi settings. So, you can't change the default DNS server even if you set up a Raspberry Pi or something else as a DNS server. You're forced to configure DNS per-device and that leaves a privacy risk.
• ISPs have full access to the ISP router, can change settings or push firmware updates remotely. Don't put reuse or put any sensitive information in your Wi-Fi password please, as Airtel can see it.

Bridge mode isn't required to fix the above issues. You can simply connect your own router's WAN port to the ISP router's LAN port to fix those. The ISP router will still act as a router but only act as if 1 device is connected to it (your own router).

What bridge mode offers:

• Disables most of the routing functionality and mostly makes the ISP router act as a converter between fiber and ethernet. The router's crappy hardware is moved out of the way. It doesn't really improve ping or increase bandwidth but can help with issues like bufferfloat or network performance between 2 devices on LAN (which can use higher bandwidth than your internet speed). This is useful for gaming.
• Your own router gets a public WAN IP address as opposed to a LAN IP (192.168.x.x) from the router, and you have the freedom to enable port forwarding, UPnP and other locked settings on the ISP router without ever logging into the ISP's router interface. Again, useful for gaming and power users.
• Your packets go through one less device (1 less network hop), again, doesn't visibly impact latency but can help with jitter and other issues.
• Your LAN is protected from the ISP as your own router is the firewall, not the ISP's router.