What's new

Routers for Gigabit internet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

wayner

Regular Contributor
By the end of next year gigabit download speeds will be available from my ISP (Rogers cable). This service will likely require a Gateway device that acts as a modem and a router. Currently I have Rogers' 250/20 service that uses a Hitron CGN3 gateway. Fortunately you are able to put this device in bridge mode and only use it as a modem - I have done so anduse an Asus RT-N66u router.

But when we get up to faster WAN speeds what are my options for a router? Can high end routers from the familiar names (Asus, Netgear) handle gigabit LAN speeds? When I look at the LAN/WAN throughput charts the best I see is about 930 Mbps. Arguably this is good enough but I wonder how accurate this test result is as it seems to me like my router is already overburdened at 250Mbps although on this chart it scores a htroughput rate of 731Mbps.

Will I have to switch to a pfSense PC/router? What other options are there?
 
Our testbed maxes out at around 800 Mbps or so for unidirectional wired routing tests. We also test with a plain vanilla DHCP WAN connection.

If Rogers requires PPTP, PPPoE or L2TP connection, the encryption reduces throughput. Unfortunately we can't test in those modes.
 
To answer your initial question, the Ubiquiti EdgeRouter Lite or Pro should handle a 1 Gbps connection fine. They're wired only.

And before you ask about the low EdgeRouter Pro throughput shown in the charts, I believe that was due to a firmware problem that has long since been corrected.
 
Regarding the router being overburdened:

My modem/gateway is a Hitron CGN3. Needless to say the router side of this device sucks, so I put it in bridge mode and use my Asus RT-N66U as the router. When in bridge mode the max speed that I get is about 240 Mbps. When I bypass my router and use the CGN3 in gateway mode I get speedtest results of 320Mbps. Most other Rogers users with this service consistently get speeds of 320Mbps. So it looks like the router is slowing things down.

There is a discussion here of a similar issue: http://www.snbforums.com/threads/rt...expected-on-high-speed-fibre-connection.9425/

Here is a thread that I started on this issue six months ago: http://www.snbforums.com/threads/are-the-wan-lan-throughout-results-posted-at-snb-realistic.23224/

I guess that I am luck to have a "first world problem" as only those of us with internet download speeds above 250 Mbps will notice an issue.
 
I am also with Rogers. I also have a CGN3 in bridge mode 100DL/10UL. Moving to 250mb next month. Bit the bullet in the summer and purchased a UBNT PoE5 port, new, from a company of of Montreal. I like the idea of having extra switch ports, (ports 2-4 switching done in hardware - no need to bridge ports) as opposed to the ERL, which I will populate in a couple of months. I use a couple of 7000's as AP's, terminating on some NG Managed switches, which I will set up to run in PoE mode, off the UBNT PoE5 port, next month.
If you check the Ubiquiti site, there is lots to read. It is my understanding, from reading on the UBNT site, that the ERL does not perform well using OpenVPN. I have no requirement for OpenVPN, so can't comment. I use VPN clients for geo-viewing. The firewall feature on the routers works, and they have incorporated additional QoS features of which, I use some features. Have not seen any indication of performance issues at this time.

EDIT: Yes, Rogers uses DHCP.
 
That thread at the ubnt site relates to site to site, or router to router, VPN. What I need is running OpenVPN server on the router and OpenVPN client on iPhones, iPads, laptops, etc. I do this today running the OpenVPN in Merlin on my Asus RT-N66U.
 
I just remembered that i can already test PPPOE which isnt really difficult but what is difficult is organising all the tests so it wont take time.

There are 3 inexpensive embedded routers that i currently know that can handle gigabit and do things on the connection other than hardware NAT. They are the mikrotik CCR (theres a CCR1009 that is fanless), RB1100AHx2 and the ubiquiti edgerouter pro. Both the CCR and edgerouter pro have SFP so you can just get rid of your modem if there is a compatible SFP module. They have 2 SFP slots so you can load balance 2 ISPs but the CCR handle multiple gigabit NAT with QoS, firewall and load balancing via both firewall and QoS whereas the ubiquiti edgerouter pro will only do up to 2Gb/s. Again i think thiggins need to write this in his guide to choosing a router that the speed you need is both download + upload so if you have symmetric gigabit fibre internet that is 1Gb/s down + 1Gb/s up so you need 2Gb/s of forwarding capacity for NAT.

Other options involve using x86 hardware with something like a UTM, pfsense or even a linux server OS. Your choices simply depends on how much support and features you need based on your budget. Mikrotik will leave you high and dry when you have issues and can only be a router and not do anything else, ubiquiti can do other things so you have a 64 bit dual core MIPS system you can use as a server. Pfsense and linux have more support on forums from a lot of users but than they're all forum based. Paid UTMs should have a support line and if you decide to go with something like cisco or juniper that are very expensive you should be able to get support too. Make sure to avoid the cisco RV series. All the options support openVPN but the CCR or x86 is the fastest for it because of hardware encryption. The RB1100AHx2 and the ubiquiti edgerouters do have limited hardware encryption so they will only do certain things fast.
 
Piggy-backing off SEM's post, this will definitely require something more robust than a consumer all-in-one running on ARM, mostly due to wanting to run OpenVPN on the box at a few hundred Mb/s (or higher).

[Edit - I was going to suggest a UTM with support, but to the best of my knowledge none of the major brands actually support being an OpenVPN server]

One option would be re-purposing a few-year old or newer x86 box, with an Intel i3/i5, C2D or even Celeron, and adding a couple Intel NICs -- or doing a new build -- and installing pFsense, which is a very nice firewall OS that can run OpenVPN as a packaged install (see this vid for a quick overview). There are also prefab units that come with a bit of support at the pfSense store. Or you could roll the dice a bit and do something like this. One review indicated it can do 400+ Mb/s OpenVPN. Pretty low wattage at idle, too.

Lastly would be other embedded solutions like Mikrotik CCR or perhaps EdgeRouter Pro, but you've largely got to know what you're doing, as support is sparse with Ubiquiti and pretty much non-existent with Mikrotik, so I'm not sure that would be the best choice.
 
Last edited:
So what is the future for consumer grade routers? I am assuming that before too long that gigabit internet will be widespread. Will we be condemned to using the ISP's supplied device which combines modem and routing capabilities? Or will consumer routers be upgraded to handle the speeds. Most of the new features of consumer routers seem to be focusing on the WAP functionality of the device and not on the actual routing.
 
Consumer routers already support the speed via hardware NAT. Most home users only require basic functionalities such as supporting multiple wifi devices, multiple wifi protocols and just plain NAT with upnp. There are however some power users that require similar to what businesses and enterprises do such as QoS so there are devices, antivirus and advanced firewalls. It all depends on what you really need and for many consumer needs its cheap to build multicore hardware accelerated MIPS that many of the ISP default routers have when you use a fast package. Google's router for their fibre i think uses a dual core MIPS cpu with hardware acceleration.
 
Consumer stuff is already pretty much there -- for the bulk of users who only require very simple packet processing, allowing for NAT to be hardware-offloaded and/or done via stuff like cut-through forwarding. It's once you get into computation-intensive stuff like VPN that things all of a sudden grind to a halt on architectures that were never really designed for those purposes as the #1 priority (ARM, MIPS to a lesser extent, etc). For OpenVPN, there is pretty much no solution in that camp for speeds much above 6o-75Mb/s. You really need PPC/x86 level processing capabilities to generate performance consistent enough for hundreds of Mb/s of VPN to be provided in *software* (and not done through some less-reliable hardware-offload scheme). Otherwise, you're looking at multi-thousand dollar legacy-type enterprise boxes with purpose-built ASICs, but that's of course out of the question and quickly becoming a dinosaur approach, with much of that stuff now being virtualized...

The short of it: consumer stuff will probably break into the low hundreds of Mb/s with the next SoC revolution, whenever that is, but for the time being, if you want to get serious about doing encrypt/decryt on gigabit-level throughput, there are very few low-cost embedded solutions out there right now. An x86 with dual (or more) NICs is one of the more practical ways around this dilemma.
 
I posted a thread on this a couple months ago while waiting on my gig fiber install to the house. Now that I have it, for the moment I'm using CenturyLinks provided router. I'm still leaning towards a different solution that can do PPOE and VLAN tagging on the WAN side. My n66u shows a profile for IPTV, but that thing is a dinosaur in this day and age.

Here's my thread: http://www.snbforums.com/threads/ge...and-need-to-upgrade-router.26614/#post-199911

For a solution that would give good vpn throughput and do all of the above I still want to go with a: Mikrotik RouterBoard CCR1036-12G-4S Extreme Performance Cloud Core Router with Twelve-10/100/1000 ethernet ports, 4 SFP ports and RouterOS Level 6 license
http://www.amazon.com/gp/product/B00B1ZJ2VG/?tag=snbforums-20
http://routerboard.com/CCR1036-12G-4S-EM .

All those ports are sexy!
 
Over 900 Mbps - that is impressive. Have you found applications where you can use anywhere near that speed? That Microtik looks expensive compared to using a PC with pfSense and a separate gigabit switch.
 
That unit may look expensive with no other context applied, but considering the aggregate power of 36 Tilera cores (!!!!!!), many would call it one hell of a bargain, IF you actually know how to operate it and have an appropriate use-case. And again, I come back to the point of treating MikroTik with kit gloves... if you're a networking newbie or even intermediate and/or don't have much experience with RouterOS and the MikroTik culture (which is, to put it quite bluntly, one of not giving two sh*ts about end-user support), there's a high probability you'll be pounding your head against the desk very soon. Just a fair warning.

Not that doing your own pFsense box will be all that much easier or even that much cheaper, but they definitely are a little more "turnkey" for features that either lack wizards completely or are just not well-documented at all in MikroTik. Plus, pFsense is a bit more modular and extensible in certain ways, which may be of use in the long-run (just check out their package list for starters). For an embedded linux box, yeah CCRs look great on paper, and they do absolutely smoke a lot of stuff out there for a lot of things. But an x86 with a bit more approachable OS may still be the better choice for your particular goal set and use-case.
 
Last edited:
the mikrotik CCR1009 will handle gigabit ISPs and is much much cheaper. The CCR1036 is needed if you intend to do wirespeed NAT or if you need massive VPN speeds.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top