A requirement of Anyfi.net is you have to keep your home Anyfi.net wireless router or access point powered on and connected to the Internet. This makes sense, as the remote Anyfi.net wireless router or access point needs to tunnel your traffic back to your home Anyfi.net wireless router or access point, as shown below.
Using wireshark, it looks like Anyfi.net devices send small UDP messages to the Anyfi.net network every 60 seconds, as shown below. Anyfi says these keep-alive messages meant to keep the communication channel through the NAT open. The Anyfi.net device in the below packet capture is 192.168.199.124 and the Anyfi.net mobility server is 188.8.131.52.
I experienced inconsistent results remotely connecting my Windows 8 laptop and iPhone via Anyfi.net. In some tests, my laptop and iPhone immediately were able to connect to my home network. This is when the value of Anyfi.net was apparent. I was able to connect to my home Wi-Fi network even though I wasn't at home. I didn't have to enter a new Wi-Fi password or pay to join a hotspot, I was online without any configurations on my part!
In other tests, my laptop and/or iPhone intermittently could not see my home SSID, and thus could not connect to my home network. I contacted Anyfi.net about this issue, they reported it was likely a "NAT issue... 'disappearing SSID' is typically what happens when the visited AP fails to reach the home router."
In other words, my inconsistent results were likely due to my home firewall. I had installed the TP-Link behind my home router (a Linksys WRT310N), so the TP-Link was sitting behind another NAT (network address translations) router. For a remote Anyfi.net wireless router or access point to set up a tunnel to your home Anyfi.net wireless router or access point, an end to end connection must be setup between the remote Anyfi.net and home Anyfi.net wireless router/access point. Thus, a firewall between two Anyfi.net devices can interfere with the connection. Without a firewall between the remote Anyfi.net and the TP-Link, I had consistent connectivity to my home network with both my laptop and iPhone.
Depending on how you deploy Anyfi.net, a firewall may not be an issue. If you deploy an Anyfi.net-enabled wireless router directly connected to the Internet, remote wireless routers or access points should have no problem connecting to it. On the other hand, if you deploy a wireless router or access point behind a firewall as I did, that firewall can interfere with Anyfi.net connectivity. Anyfi.net is working on a solution they call their "supernode feature" that routes Wi-Fi tunnel traffic through a server with a public IP, which can possibly overcome firewall issues.
An interesting aspect of Anyfi.net is the Wi-Fi tunnel to your home network. Your Wi-Fi device gets an IP address from your home network and you have access to everything on your home network. Essentially, it works like a VPN tunnel. The security isn't as tight as an IPSec VPN tunnel, as it uses Wi-Fi encryption, but it is a simple means of connectivity to your home network.
I see pros and cons to this Wi-Fi tunnel. A pro is you have an easy tunnel to your home network without VPN hardware, software or configurations. Another pro is the remote network you are visiting stays secure. Remote networks allowing Anyfi.net connections are safe from those visiting clients, as those visiting clients only have access to their Wi-Fi tunnel.
The biggest con I see to the Wi-Fi tunnel is bandwidth. When connected to your home network, all your traffic goes through the Wi-Fi tunnel to your home network. When surfing the Internet while visiting another network, your Internet traffic is going through the tunnel to your home network. That means the web pages you download are first being downloaded to your home network, then uploaded from your home network to the tunnel, then downloaded by your laptop, smartphone, or tablet. The bottom line is the fastest you'll be able to surf while roaming is limited to the upload speed of your home network. In my case, I have DSL with 12 Mbps download and 600 Kbps upload. Thus, the fastest I am able to remotely surf via Anyfi.net is about 600 Kbps.
If you're deploying Anyfi.net on an access point, there are configurable Quality of Service settings to minimum and maximum bandwidth limits from mobile users for Anyfi.net access points, shown below. However, these QoS options don't exist on Anyfi.net wireless routers, which seems a bit odd. The TP-Link router I tested with Anyfi.net software did not have these options.
Out of curiosity, I measured throughput over an Anyfi.net Wi-Fi tunnel. I used my usual throughput measuring tool, iperf with default TCP settings. I ran iperf on two PCs running 64-bit Windows 7 with their software firewall disabled. My Anyfi.net Wi-Fi tunnel was between the Ubiquiti AP and the TP-Link wireless router, both connected to the same wired LAN as shown in the diagram below.
Anyfi.net tunnel throughput test setup
The best TCP throughput I measured in this optimal condition was 2.47 Mbps in either direction, shown in the screenshot below. 2.47 Mbps is not great, but it is fine for general web surfing.
[Note, running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC. Note also, the PC connected via Anyfi.net Wi-Fi was about three feet from the AP.]
To put this measurement into perspective, I also ran a reference wireless performance check and measured around 22 Mbps from the wireless client to wired client on the LAN. Wired throughput between the two machines used when both were connected to the Gigabit Ethernet switch was 359 Mbps.
Referrence Wi-Fi throughput test setup
I had the benefit of communicating with Björn Smedman, the CEO and Co-founder of Anyfi.net., who filled me in on Anyfi.net's security. Anyfi.net supports Open, WPA, WPA2 and EAP/RADIUS Wi-Fi security. Anyfi.net doesn't support WEP because they feel it's not sufficiently secure.
Open networks are allowed only on Anyfi.net carrier tunnel termination gateways, not on normal Anyfi.net wireless routers or access points. Encryption over the Wi-Fi tunnel utilizes the 802.11 AES (or TKIP) encryption, all the way from the mobile device to the home wireless router or access point.
Further, Anyfi.net's Mobility Control Server does not know your home Wi-Fi password, only your SSID and the MACs of devices that have already accessed your network. Thus, even if Anyfi.net's servers were compromised, there isn't any information in them that has the password to your Wi-Fi network.
I have two concerns with Anyfi.net related to the Wi-Fi tunnel. One, the issue with firewalls could be a concern if you're using a wireless router or access point behind another NAT/firewall as the home Wi-Fi device. Based on my tests, I recommend that your home Anyfi.net wireless router or access point(s) are not behind NAT/firewalls.
Two, Anyfi.net performance through a Wi-Fi tunnel isn't blazing fast. It can be sufficient for Internet surfing, but remember an Internet connection with a slow uplink can impact Anyfi.net download performance. Anyfi says it has a solution for the uplink limiting problem for service providers. When they integrate Anyfi.net software in residential gateways, the ISP can install a 1U rack mount box (the Optimizer) that can open Wi-Fi tunnels and break out Internet-bound traffic centrally.
There are multiple options on how to get a wireless router or access point with Anyfi.net software. If you want to purchase a router preloaded with Anyfi.net, Inteno offers the VG50 and DG301. Anyfi.net is working with Inteno on including their software in more models and is in discussion with other Wi-Fi vendors to include Anyfi.net.
Anyfi.net welcomes other vendors to integrate their software as well. According to Anyfi.net's website, Anyfi.net software is "available to all (wireless router and access point) vendors under a no-charge royalty-free license". Vendors are invited to follow Anyfi.net's step-by-step integration guide at http://anyfi.net/integration. Anyfi.net engineers are available to work with integration and licensing as needed.
Anyfi.net software is also integrated into CarrierWrt firmware. CarrierWrt bills itself as a stable version of OpenWrt firmware. The TP-Link wireless router I tested is an 802.11n Wi-Fi gateway router, loaded with CarrierWrt software based on OpenWrt 12.09. There are versions of CarrierWrt for other makes and models of wireless routers and access points available for free download on CarrierWrt's download page.
Even with my two concerns stated above, I like Anyfi.net's notion of having your "home Wi-Fi everywhere." I would love to not pay for both home Internet and a data plan on my smartphone. If Anyfi.net can increase the availability of Wi-Fi and drive down the cost of Internet/data access, I'm all for it!