【Demand Collection】Research on Router Demand of Small and Micro Enterprises

Hello, small and micro enterprise users!

Recently, we received a consultation on the function upgrade of enterprise routers. In order to accurately adapt to the trend of WiFi 7 technology, we are now collecting demand for small and micro enterprises. Please check or supplement the requirements according to the actual business scenario, and your feedback will directly affect the next generation product design!

Demand List (multiple choices are allowed)

1. wifi 7 standard support
   It is necessary to support 320MHz bandwidth, 4096-QAM modulation and MLO multi-link aggregation technology to improve transmission efficiency.
2. Multi-device high concurrency capability
   Support stable connection of 100+ terminals (including smart devices and office terminals) to avoid network congestion.
3. Enterprise network management
   Internet behavior control (application speed limit/ban), multi-VLAN division, traffic priority scheduling.
4. Cost-effective WiFi 7 solution
   Full Gigabit /2.5G network port, cost-effective, supporting subsequent firmware upgrade.
5. Anti-interference and stability
   6 GHz band support (policy opening is required) and intelligent channel avoidance ensure low delay in complex environment.
6. Simple deployment and remote operation and maintenance
   Mobile APP configuration, cloud management, and one-click Mesh networking reduce the technical threshold.
7. Enterprise-level security protection
   Built-in firewall, VPN encryption, black and white list of devices to prevent network attacks.

Other demand supplementary column
(Please describe special scenes, such as branch networking in different places, 8K video conference support, PoE power supply, etc.)

Participation method: reply to this post and check the serial number (such as: 1,3,5) or add specific requirements.

Look forward to your participation and jointly build a more efficient small and micro enterprise network!

4. 10G please on both WAN and LAN.

Add complete ebpf and kprobe

CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_CGROUPS=y
CONFIG_KPROBES=y
CONFIG_NET_INGRESS=y
CONFIG_NET_EGRESS=y
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_CLS_ACT=y
CONFIG_BPF_STREAM_PARSER=y
CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
CONFIG_DEBUG_INFO_BTF=y
CONFIG_KPROBE_EVENTS=y
CONFIG_BPF_EVENTS=y

Ok, thank you for your reply. We received your comments.

Ok, thank you for your reply. We have received your comments, and we will evaluate adding complete ebpf and kprobe functions.

For being enterprise and/or even mid-grade enterprise the devices need less “special” functions (like VPN, AdGuard Home, etc.) and more “real” functions:

• like a true mesh (with all available Wi-Fi uplinks used for aggregation between the mesh routers)
• better monitoring (bandwidth, traffic, interferences) via SNMP / reporting
• way better cloud management with fallback (so you can't break your network)
• cloud backups
• cloud logging (syslog)
• cloud reporting
• guest portal capabilities
• better “firewall” (app blocking, maybe even DPI)
• PoE support if an Wi-Fi AP is the thing you want to build
• RADIUS possibility (with or without Entra ID, Active Directory, LDAP)
• Voucher possibility (good for hotels, etc.)
• 2FA login in UI, different users

From my perspective, all current features (VPN, AGH, Tailscale, and so on) are totally useless for any bigger business where you run your firewall anyway because the OpenWrt firewall isn't a smart one. You will see Sophos, Palo Alto, SecurePoint, R&S and whoever is in the game as well.

Spoken for German companies.

Consider building a smarter and more powerful firewall and packet filtering system based on ebpf?

Thanks for your feedback, I've noted your needs down.

The project of open source network monitoring application you shared seems to have many security functions, and we will include it in the reference scope. Thank you.

Considering the use cases (micro/small business use, branch offices and remote workers):

• Re 3) For better network management, priority traffic, application speed limit per client, and application (as well as domain) whitelisting (per client) as standard. These features are more important and useful than blacklisting, as they provide more granular control over network traffic and security. Application/domain whitelisting done right could be used for parental control as well so this could become a standard across all your devices.
• Re 4) If we're discussing cost-effective solutions and WiFi7, then offering two pricing tiers would be beneficial: a standard 2.5G tier and a high-end 5G or 10G tier. Particularly important with WiFi7 which could be bottlenecked by 2.5G Ethernet, especially in applications that require high-bandwidth traffic (since you mention 8K video).

Some of the additional features:

• PoE (Power over Ethernet) as a standard or optional feature for all routers/access points, excluding travel routers/APs, for greater flexibility and convenience for deployment.
• Guaranteed firmware upgrades for a minimum of 5 years, ensuring that devices remain secure and up-to-date.
• On configuration, comprehensive documentation on GLiNET-specific configuration files and CLI for all customized features, rather than relying on web-based wizards. This allows for more efficient and automated deployment using tools like Ansible.
• For monitoring and management, there is a growing demand for M2M applications, system integration, and automation. Features like the following would be beneficial:

• SNMP (Simple Network Management Protocol) as a standard
• RESTful API + webhooks for integration
• potentially MQTT for integration and IoT applications

• Security features like 2FA (Two-Factor Authentication) for web UI and user management with controllable access are essential, especially for remote workers who may require limited access to some configuration options and basic diagnostics.
• Finally, the firewall implementation needs improvement. Implementing eBPF, as suggested by others, would be a significant enhancement, but it's appreciated that this is going to be a bigger task. In the meantime, it would already be an improvement to expose available nftables/fw4 features while reducing configuration complexity. Additionally, it's essential to ensure that all features are using a single framework, currently nftables, rather than a mix of nftables and iptables (we've noticed that some GLiNET features appear to still utilize iptables, whereas the underlying system is based on nftables - this is calling for trouble, as it can lead to potential issues and security vulnerabilities)

Hello @Lun

It is nice to see GL is exploring entry to the enterprise hardware market. You would know better than me, but I suspect most of your current sales are to tech-savvy people, tinkerers, people who spend an extraordinary amount of time living in a mobile house, digital nomads, and resellers selling customized devices/solutions. None of these market segments are “micro and small enterprise.” Resellers offering a customized solution is probably the closest you are to enterprise clients.

If GL wants to grow the micro and small enterprise market, there are critical issues that must be addressed rather than focusing on WiFi 7.

First, firmware stability is a long-standing issue. GL is actively hostile toward firmware customization, making it difficult for resellers to tailor solutions for their clients. Resellers, including myself, have had to provide extensive post-sale support because your firmware is riddled with bugs and inconsistencies. Frequent unfinished implementations, poor package management, etc make it difficult to recommend GL devices as a serious “enterprise” solution. Unlike individual users or hobbyists who might tolerate tinkering or unreliable firmware & packages, enterprise clients demand solid performance, long lifespan, and minimal downtime.

Second, GL reseller support is abysmal - practically non-existent. Resellers are indispensable for entering the enterprise market because these businesses rely on trusted vendors for hardware recommendations and full lifecycle support. Yet, GL treats resellers as an afterthought, offering no real support. If GL wants resellers to push its products into businesses, there needs to be reseller support, clear product roadmaps, and actual engagement with resellers beyond just selling hardware in bulk.

Finally, how does GL intend to compete with actual enterprise solutions? Small businesses don’t often buy Cisco, but they do buy Ubiquiti, MikroTik, and other brands that have strong firmware, strong reseller support, and real enterprise features. Right now, GL devices feel like hobbyist tools - because that is what they are. They are not serious, mission-critical business solutions. What commitment is GL making to long-term firmware support (aside from its hostility toward firmware customization)? What about security updates and actual enterprise-grade reliability? There is another thread here where a GL staff member downplays CVE vulnerabilities marked “critical.” As a reseller, do you think I can sell devices from a manufacturer that openly dismisses security risks? It doesn’t matter whether a CVE is actually critical or not - what matters is that I can’t recommend that product to a serious client because the moment they see a “critical” CVE being brushed aside by the manufacture, they will lose trust in my recommendation (and the manufacturer).

In short, I am curious - how does GL see itself transitioning from a brand that serves tinkerers into one that businesses can genuinely trust? Because right now, that leap seems vast, and the current product quality does not inspire enterprise-level confidence.

I would like to see GL make the leap. But there are foundational problems that need to be addressed first.

Thanks!

Sure, CVE ratings are not binding. But they matter to @eric they matter to me and they especially matter to enterprise and other serious hardware buyers.

IMG_09271815×1760 339 KB

Stuff like this can’t ever happen if you expect to graduate from the hobbyist market:

And finally, if I am not mistaken, Puli AX (GL-XE3000) is your most expensive, fanciest hardware offered today. The current GL flagship device. Alas, as a reseller, I am already working with my Puli AX clients to deal with this:

As reseller, I am the one tasked with salvaging my relationship with the client who bought your flagship device on my recommendation.

Even as a hobbyist, I’ve moved on from the farce that is GL.iNet’s firmware process. It was problematic five years ago, and in response to one of my posts, @alzhao promised improvements, including fewer firmware bases and a better release process. Fast forward to today, and things have only gotten much worse. Inconsistent Product Firmware - #2 by alzhao

Until GL.iNet learns how to properly release firmware, and understands that QA isn’t about flooding users with beta versions in the hope they’ll do the testing for them, they will never succeed beyond the hobbyist market. The small enterprise space demands reliability, professionalism, and trust, none of which are currently part of GL.iNet’s firmware development strategy

As your company started and remains more renowned for it's travel routers, I think that the best strategy would be remain laser focused on perfecting this, somewhat unique, line of products to eventually integrate them into the micro and small enterprise eco systems as more and more people are working away from their office base. New products like the Comet are excellent steps in that general direction (please do not get me started on things like the router with the photo frame!). Trying to get into a space that is already occupied by big players will likely to result in a slow and painful demise. Just try and Google search best travel routers and see how many times GL.iNet name comes up (almost always on top). My own experience with your attempt at conquering home router market with the Flint line of products have unfortunately not been very successful and I cannot see your attempt to crack the enterprise market to have better luck for all the reasons that others have articulated superbly well on this thread although I continue to wish you all the very best for your future development.

Completely agree with this.

They need to improve releases, also check upon them rather than blindly unchecked check on the community, it's not feasible to expect from consumers to be beta testers, consumers/software need to be safe guarded.

As a example:

To me it's free, so I'm not hurt that it is cold bricked, but this shouldn't be expected from normal consumers who paid the full price, it is extremely unresponsive behaviour.

Sure every PSA is fine, but the PSA also needs to be tested before posted / released as in software.

I assume with my example it isn't tested with the Brume by GL-iNet, but maybe my assumption can be taken away if they give a awnser if theres a hw difference in the beta test model, with the given steps this would be a very unresponsive u-boot release.

Here reply to your question and suggestion:

Thank you for your attention and feedback on GL.iNet over the years.
We attach great importance to your suggestion, related to the firmware release process, quality management and user experience.
Your criticisms and suggestions profoundly reflect the challenges we face in technical iteration, and also clarify the direction for improvement for us.

As the core component of network equipment, firmware must be guaranteed through strict internal QA processes, rather than relying on user trial and error. The "SME need reliability, professionalism, and trust" you mentioned hit the nail on the head, which is the key area we need to break through at the moment.

We have established a hardware compatibility matrix to clarify the firmware support cycle and upgrade strategies of each model of equipment.

Established a rapid feedback channel through official forums and work order systems, and the technical team will directly follow up to avoid information fragmentation caused by "blind feedback from the community".

For enterprise-level users, "firmware customization support" and "delayed upgrade options" are provided to meet the reliability needs in different scenarios.

The Brume uboot brick issue you mentioned may be related to the difference in the early beta uboot software version, but it is not sure yet, so R&D would like to collect this device for inspection.

Before the release of the v4.7.4 firmware and uboot of MT2500/X3000/XE3000, the uboot was tested comprehensive through in batch devices, because the uboot upgrade is highly risky, and we will be very cautious about it.

Your continued attention is the driving force behind our progress.

We will continue to work hard to provide our users with safe, stable and unique feature software and hardware.

Thanks for your suggestions again.

@Lun First of all, I don't understand what's the concept. In general, Wi-Fi router means mostly consumer products. And business routers mostly don't come with built-in Wi-Fi.

2. Multi-device high concurrency capability
   Support stable connection of 100+ terminals (including smart devices and office terminals) to avoid network congestion.

If this means 100+ wireless stations, it would be a decent AP or a pretty good Wi-Fi router. It'd be good for commercial places which coverable by a single device. But there are very few "business" Wi-Fi routers on the market. ER605W? ER706W? None of them seem to be selling well.

If includes wired devices, probably it's already capable with current models. And for offices with 100+ terminals, I don't think built-in Wi-Fi is necessary for a router.

In my experience, not many people prefer a multi-in-one network equipment. Not only about Wi-Fi integration. It's a bit different story but I'd recommend to take a look why ER7212PC failed in the retail market.

One of the reasons is that it have to rely on its built-in controller which has horrible performance, and it doesn't allow somewhat complex or advanced configuration. But the biggest reason I guess is people don't prefer multi-in-one devices.

1 . wifi 7 standard support
4 . Cost-effective WiFi 7 solution
6 . Simple deployment and remote operation and maintenance

I don't think 1, 4, 6 are essential for business customers.

Life cycle of Wi-Fi devices is getting longer and longer. And Wi-Fi 6 is not only the first to break 1Gbps, but also already has achieved 2–4 Gbps of actual throughput. Moreover, most business customers wouldn't necessarily need range-limited 6GHz or DFS-required 160–320MHz width of 5GHz. So I guess there would be less replacement demand than before.

At the same time, even tech-savvy early adopters are unhappy with current level of Wi-Fi 7 performance. Pretty many people say they will skip Wi-Fi 7 and wait for Wi-Fi 8.

In fact, Wi-Fi 7 is still half-duplex in non-MLO, the performance improvement is only 120% compared to the previous Wi-Fi 6 which 10-bit 1024-QAM even though it's 12-bit 4096-QAM now, since it remained under 29Mbps per bit at 800ns GI in 40MHz width of single spatial stream.

So I doubt that considerable ratio of customers will want to invest more money for a fancy feature-rich Wi-Fi 7 router, both business and consumer market.

5. Anti-interference and stability

"Anti-interference and stability" sounds too good to be true, but you know, it really is, like an achieved impossible mission.