The topic I run two routers at home, and it’s not for the reason you think is currently the subject of lively discussion — readers and analysts are keeping a close eye on developments.
This is taking place in a dynamic environment: companies’ decisions and competitors’ reactions can quickly change the picture.
The router my ISP installed sits where it always has, right at the edge of my home, plugged into the fiber ONT, doing the job it was designed for. Upstairs in my office sits a second router. It has its own SSID, its own subnet, its own firewall rules, and its own DHCP pool. For the casual home lab enthusiast who is just dipping their toes into more advanced networking, it might seem redundant or even a bit overcomplicated, but it adds a layer of true separation that allows me to do interesting things with my network.
The most foundational reason for adding my own router on top of my ISP’s router is simple. ISP gateways that come (often as a requirement) with the service you paid for are typically the combo modem/router units, and they’re designed for the ISP’s convenience, not yours. The firmware is locked down, firewall settings are often hidden behind support-only menus, DNS is frequently hard-coded to the ISP’s servers, and features like VLAN tagging, custom static routes, or proper guest network isolation simply aren’t exposed. My latest experience with one proved that they’re slightly better than they were a decade ago, but still lock users out of any useful settings.
You can’t always replace them, either. Fiber installs in particular tend to bake the routing function into the same box as the ONT, and even when separation is possible, the ISP may refuse to authenticate any hardware but their own. The cleanest workaround is to leave their unit in place and put a router you actually control behind it, which is what I’ve done in my home. The second router is now the actual boundary to my home network, and is the place where my configuration is applied.
Once you have your own router behind the ISP unit, the access to settings and features is valuable, but what’s more valuable is what you can actually do with that control. The ISP router’s network becomes a holding area for things you don’t fully trust, and your router’s network becomes the trusted side.
Smart bulbs, smart speakers, robot vacuums, smart TVs, and the long tail of IoT hardware are notorious for shipping with weak security, phoning home aggressively, and receiving patches inconsistently if at all. When all of those devices live on the same flat network as your PC and your NAS, any one of them that gets compromised has line-of-sight to everything else you own. Those devices get segregated onto the ISP router, where they can safely reach the wider internet, but with the use of firewall rules, cannot access my “real” home router. It’s not VLAN-grade segmentation, sure, but it’s a pretty elegant solution without needing a managed switch.
If your ISP router isn’t very locked down, or you’ve been able to use your own unit to connect directly to the ONT, connecting two routers still has utility. Anyone running Proxmox, TrueNAS, Docker stacks, or other self-hosted services is constantly building, breaking, and rebuilding things, and as a result, containers get exposed to things they shouldn’t. All kinds of things can become a serious security risk, and being able to isolate those things to their own physical network node can be helpful. A second router just for your home lab turns it into a sandbox. This is the configuration I used at my prior abode, and it was really practical for experimentation.
Using two routers in series does create double NAT if left at default configuration, and double NAT does cause a bunch of annoying friction. Port forwarding to a service behind the inner router requires forwarding rules on both devices, UPnP becomes unreliable, and certain VPN protocols, particularly older NAT-sensitive ones like PPTP or IPsec without NAT-T, can just flat out not work. The good news is, most of this is solvable just by disabling NAT on the ISP’s router, which is possible on most of them by putting it into bridge mode.
VLANs are also a valid segmentation strategy, and are often a lot cleaner than running an entirely different router on top of everything else. If you already know VLANs, or you’re heading in that direction anyway, you’re not wrong to view a two-router setup as a stopgap measure.
Two routers in one house isn’t a sign of a messy network or someone who couldn’t commit to a single piece of hardware. Done deliberately, it can be the exact opposite: a network with clear boundaries between ISP and home devices, which ones you trust and which ones you don’t, and a sandbox for experimentation. Even adding a single router behind your ISP’s unit, and moving your trusted devices to it, is a real upgrade over the flat network most homes ship with.