So my Starlink kit is finally here! A number of folks have asked for first impressions so I’m going to break it down. Long story short, it’s a breeze to setup but operationally, definitely a beta service. Let’s explore.
I was first struck how efficiently everything is packaged. The first thing you see is the 3 panel pictogram of how to set this all up right on top. You know what, it pretty much was this easy. When you lift this page and the top molded plastic panel that holds everything in place up, you get to the goods. The form fitting molded plastic on the top and bottom holds the kit in very snug, it’s really well executed. In the box:
- Starlink Dish with attached mast
- Ground base to attached to dish mast
- Starlink Power over Ethernet (PoE) Injector – Model UTP-201S – Output towards dish maxes out at 90W (x2), output towards router maxes out at 17W. Total wattage this guy can produce is 180W.
- Starlink Router – Model UTR-201 – PoE input 10W – Has built in 802.11a/b/c/g/ac Wifi over 2.4Ghz & 5Ghz and “AUX” 10/100/1000 Ethernet port.
- Pre-connected cables, 100 foot black cable for dish to PoE injector, 6 foot white for PoE injector to router. The cables were already plugged in.
With everything pre-cabled, assembly really comes down to:
- Snap the dish and it’s attached mast into the base
- Plug PoE brick into the wall
- Connect the pre-terminated and weather proofed black cable from the dish into it’s black color coded port on the PoE brick
- Plug the white cable already hanging off the included router into it’s color coded port on the PoE brick.
From a physical standpoint, that’s all you really have to do! A lot of time was obviously spent on making this very easy to deploy. Mission accomplished. I literally got everything up and running within 10 minutes. Once plugged in, the dish points straight up at the sky and with it’s built in motors starts to tune it self to receive the strongest signal possible. If you want to see these motors and the guts of the dish, check out engineer Ken Keiter’s tear down. It’s quite impressive, I highly recommend checking it out. The dish iterated through a few positions and it eventually settled on a position somewhere in the sky NNE of my house.
First thing to do after plugging everything in is to get the Starlink app on iOS or Android. All configuration, control and documentation is really within this app so it’s definitely a requirement. This process is relatively straightforward and is a lot like any other consumer IoT devices you may have picked up recently.
The Starlink UTR-201 router comes with a default SSID which is printed right on it by the “AUX” port on the back of the unit.
The iOS/Android app connects to it over Wifi and adopts the router so now you can adjust some basic settings via the app. Not really much you can configure there other than the wireless SSID, more on that later.
Here are some notes on what things look like after we get it all plugged in and up and running. I have to say it’s definitely “better than nothing” as they state. That said, there is room for improvement.
- Once connecting to the Starlink router via Wifi or wired via the AUX port, you will be DHCP’d a 192.168.1.x/24 address. This is not optional and there is no way to reconfigure different addressing or other DHCP options that I can find.
- There is no management interface to the router and the options are very limited. There is a rather nice statistics dashboard you can see through the app or surfing in your browser to 192.168.100.1 when connected to it.
- Your DNS server will be the router at 192.168.1.1 and the search domain is just “lan”.
- There is no configuring port translations but the router is running Universal Plug n Play (UPnP, see below in the next section) so maybe there will be plans for that later?
- The WAN interface on the router is behind Carrier Grade Network Address Translation (CG-NAT). More on this later, but this will make port forwarding impossible and having a public IP address for specific applications (things like old school IPSEC VPNs or accessing your own server directly) not currently possible.
How’s the latency? Pretty good actually.
jg-mbp:~ jason$ ping 220.127.116.11 PING 18.104.22.168 (22.214.171.124): 56 data bytes 64 bytes from 126.96.36.199: icmp_seq=0 ttl=58 time=37.909 ms 64 bytes from 188.8.131.52: icmp_seq=1 ttl=58 time=43.383 ms 64 bytes from 184.108.40.206: icmp_seq=2 ttl=58 time=40.946 ms 64 bytes from 220.127.116.11: icmp_seq=3 ttl=58 time=39.343 ms 64 bytes from 18.104.22.168: icmp_seq=4 ttl=58 time=37.811 ms ^C --- 22.214.171.124 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 37.811/39.878/43.383/2.091 ms
This in the same neighborhood as RTTs over my Spectrum connection which is impressive! This is my Spectrum RTT to the same address.
jason@rtr01-jghome:~$ ping 126.96.36.199 PING 188.8.131.52 (184.108.40.206) 56(84) bytes of data. 64 bytes from 220.127.116.11: icmp_req=1 ttl=53 time=34.4 ms 64 bytes from 18.104.22.168: icmp_req=2 ttl=53 time=32.2 ms 64 bytes from 22.214.171.124: icmp_req=3 ttl=53 time=31.0 ms 64 bytes from 126.96.36.199: icmp_req=4 ttl=53 time=29.5 ms 64 bytes from 188.8.131.52: icmp_req=5 ttl=53 time=34.3 ms ^C --- 184.108.40.206 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 29.513/32.314/34.454/1.910 ms
Next question, how much bandwidth are we getting? This is typically in the neighborhood of around 70Mbps down / 10Mbps up. It’s good, but not great. I was most surprised at the upload bandwidth, I wasn’t expecting to get this much.
Now as far as stability goes, that’s all over the board. Here’s a My Traceroute (MTR) which trace routes the path then pings the hops repeatedly. I let it cycle through 100 times here.
Oof. That’s not pretty. Standard deviation is up there, there’s 3% packet loss all the way through and we are getting upwards of 300ms RTTs right out of the gate. More detail will be below in the next section after I plug it into my VMware SD-WAN appliance.
The Geekier Stuff
The previous sections were the basics that most people want to see. This section will be more of the fun details I observed while playing around.
One thing that I thought was interesting was the router’s hostname resolved via DNS off itself.
jg-mbp:~ jason$ host 192.168.1.1 220.127.116.11.in-addr.arpa domain name pointer OpenWrt.lan.
So it looks like it’s based on OpenWRT. To be honest, this is not uncommon and I know of many other commercial products based on this as well.
I tried to see if there is a web management interface on the router but no such luck. Here’s what a port scan looks like.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-28 11:33 EST Nmap scan report for 192.168.1.1 Host is up (0.24s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 5000/tcp open upnp 9000/tcp open cslistener 9001/tcp open tor-orport
When you go to port 80 on it, it just redirects you to https://www.starlink.com. Boring!
The router is listening for DNS queries on port 53 and answering them pretty quickly. It appears to be proxying and caching DNS entries which certainly helps speed things up. It’s all about optimizing performance where you can when delivering internet from space and I think this was a smart way to go. Here’s a dig query against the router for a cached entry vs against an internet name server. 2ms vs 63ms is a big improvement!
jg-mbp:~ jason$ dig google.com @192.168.1.1 ; <<>> DiG 9.10.6 <<>> google.com @192.168.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9561 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 212 IN A 18.104.22.168 ;; Query time: 2 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Mon Mar 01 20:40:03 EST 2021 ;; MSG SIZE rcvd: 55 jg-mbp:~ jason$ dig google.com @22.214.171.124 ; <<>> DiG 9.10.6 <<>> google.com @126.96.36.199 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41035 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 117 IN A 188.8.131.52 ;; Query time: 63 msec ;; SERVER: 184.108.40.206#53(220.127.116.11) ;; WHEN: Mon Mar 01 20:40:10 EST 2021 ;; MSG SIZE rcvd: 55
TCP/22 aka SSH is open! But good luck getting in there. Their SSH server uses key based instead of user based authentication which I have to say is refreshing! Definitely a step in the right direction when it comes to IoT device security.
jg-mbp:~ jason$ ssh firstname.lastname@example.org The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. RSA key fingerprint is SHA256:owxzwYXb/xsrqqDmR1YkIaAIR6AS1t+iwE0mMvoymYM. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts. email@example.com: Permission denied (publickey).
Universal Plug n Play (UPnP) is running on TCP/5000. Perhaps this is for future application? If you think you know what this is for outside of the standard UPnP application, let me know. Seems weird to have it when there’s another layer of CG-NAT beyond it. Also curious about TCP/9000 and TCP/9001. The most common uses for these are PHP-FPM and The Onion Router (ToR) but I doubt that’s what they’re for. If anyone has ideas I’m all ears.
I wanted to see what happens when you bypass the Starlink router and plug the dish right into a different device instead. It turns out, this works! You get an RFC6598 IP address which is what you do for CG-NAT. Makes sense when you are working with very little IPv4 space and you need to conserve as much as you can.
While in the SD-WAN Platform, let’s check out how well it thinks Starlink would do for real time applications like voice compared to my Spectrum circuit.
Hmmm… have a little ways to go there it seems. There are a lot of instances of packet loss, jitter, high latency and just plain no connection.
How about IPv6? Turns out, not ready yet.
One thing I really love is the support section. It has some really great insights and commonly asked questions like this one in it.
So that’s it for now! As mentioned before, an amazingly simple setup experience and it really is a remarkable offering considering they are blazing new territory here. I think the services will only improve over time and you will see greater stability and performance with each software update/improvement SpaceX makes. That said, this is usable and much better than many of the alternatives those in the boonies suffer today. If you would like to read my thoughts on why I think LEO satellite internet access is more significant in rural areas than 5G, check that out here.
I’m going to write a follow up but wanted to get something out for folks to check out. Please do contact me for things you would like for me to try or tell you about! I would absolutely love to share my experiences and learn more by answering your questions.