I have fibre 100/100 Mbps WAN via my ISP, which has provided me a router of the brand "Technicolor". The router can create a Wi-Fi network, the 2GHz band uses 802.11/b/g/n and the 5GHz band uses 802.11a/n/ac.
I also have an older Apple TimeCapsule 2011 model with 802.11a/b/g/n on both bands.
I'm not proficient at networks, so I have for the past few years had the ISP router on the network at 192.168.1.1 where it does NAT and DHCP — and downstream I've had my TimeCapsule at 192.168.0.1 also performing NAT and DHCP to which I've had all my other network devices connected.
This configuration is Double NAT, which I have understood is bad or sub-optimal for P2P applications like BitTorrent, gaming, etc.
My reasoning has been that I don't trust the ISP/router manufacturer completely and that I would be safer with my devices behind the Apple router. But to be honest, this has been a loose assumption and I didn't have any facts to back up that a double NAT/DHCP configuration would be any safer than connecting all the devices to the first router.
Primary question:
Is there any benefit to having my devices connected to the second router; the Apple TimeCapsule? My primary concern would be security and any Apple "convenience" aspects such as Back to My Mac support, etc.
One disadvantage is of course that the TimeCapsule's Wi-Fi speeds are dated, and I have devices that can use ac speeds.
Secondary question:
If there in fact are advantages to having an Apple router behind the ISP router, how should I configure the network to avoid Double NAT? It seems that the ISP router can't be set in Bridge mode, and I think the ISP wouldn't like it bridged as they sometimes access it for diagnostics and pushing firmware updates.
Best Answer
If you don't trust the ISP router (I agree with this), use your own router. Also, your Time Capsule is dated as you guessed so I would recommend replacing it with something newer and more modern.
What you will need is the following:
Bridge Mode
This mode "bridges" two networks together, in this case, your network (which you will create with your router) and the ISP's network. This will require you to have your own router because it turns of router/firewall functionality of the Technicolor (including NAT).
It can, it's just a feature they would rather you not use (you take them out of the loop for your internal networking). As for diagnostics, they don't need it in firewall mode to service your modem - they work with it by addressing the MAC address, not the IP.
New Router
You could use the Time Capsule, but (IMO) you should get a new router with newer features, security capabilities and Wi-Fi protocols. The Time Capsule doesn't give you any benefit other than having an all in one solution for your router and Time Machine backups. You can still turn off the router/firewall function and just use it for network based backups if you like.
Which router? Pretty much any router you buy off-the-shelf will work fine.
My recommendation
I would use a pfSense router (open source and free) that's installed on a cheap PC. There's an excellent YouTube video on this very build which you can follow. Then for Wi-Fi, I went with a Ubiquiti access point.
Is this overkill for a home? Yes.
This is a more "enterprise" grade setup than a consumer grade setup you would get with a router purchased from your local electronics retailer. What I have found is that this is much more stable and reliable. The off-the-shelf stuff (like Netgear, Linksys, Asus etc.) would die within 18 months. I've been running my pfSense for 3 years now with no issues. Updates are about as easy as updating your Mac.