What's new

EdgeRouter Lite Basic Configuration Template

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jeff Ridgel

Occasional Visitor
Hello SNB Forum,
First: Thanks ahead of time for the assistance.
I have just purchased two ERL routers. The advantages are clear over the standard "cheap" routers; however, for a non-router programming expert, the disadvantages have been costly in terms of time spent researching the basics of configuration. After three days of reading and searching, I have indeed uncovered some examples of configuration set-up, but these are always piecemeal and incomplete... and I am baffled why Ubituiti does not supply a set of configuration templates for download... this seems basic for promoting their product and assisting new customers. That said, can someone assist me with a downloadable text template (I can load with Putty to the router) that has the following characteristics:
* ETH0 - WAN, ETH1- LAN1, ETH2 - LAN2
* Eth1 has QOS for use with Prioritized VIOP traffic
(Prioritize UDP ports 5060-5070 for SIP  Prioritize UDP ports 10,000-20,000 for RTP
o Turn off/disable SIP ALG (when present)
o Turn off/disable consistent NAT Transformations (when present)
o Turn off/disable SIP Transformations (when present)
o Set UDP Connection inactivity timeout to 300 seconds (minimum)
o Disable Port Scan Protection (when present)
o Disable DOS protection (when present)​
* ETH2 for data;
Specific URLS given priority
Separate VLAN for Isolated (Customer) Internet access (and not able to communicate with computers outside the VLAN)​
*Proper Firewalls

I can change values if you have other templates already completed.
I greatly appreciate the assistance and recommendations.
Jeff

 
No such animals. Best bet is glean all you can from the Ubiquity site. There is some knowledge base stuff at the top of their web page. Ask questions, they will answer. As a starting point ensure you run the startup wizard.
 
Most of the things you want to do are not standard. If you follow the wizard it should set up the interfaces. The QOS, URLs given priority, isolated VLAns, etc are something you are going to have to program in. The best thing to do is to go to the Ubiquiti forums and ask specific questions and you will usually get specific answers on how to do something. The ERL is great for the price but the price is low for a reason. Something like a Zyxel USG40 can do all you want through the menu system (but cost a good bit more than the ERL). But no matter what you get there will be some learning curve. Its just the learning curve with the ERL is pretty steep.
 
Thanks for the advice. I have posted questions on the Ubiquiti forum. I attempted to use the wizard, and found that it simply lacked capability... As a novice, I am uncertain as to the fundamentals of establishing a QOS and isolating eth1 (for VOIP priority) from eth2 (data). I don't see how to do this with the wizard...
 
Last edited:
Thanks for the advise. I have posted questions on the Ubiquiti forum. I attempted to use the wizard, and found that it simply lacked capability... As a novice, I am uncertain as to the fundamentals of establishing a QOS and isolating eth1 (for VOIP priority) from eth2 (data). I don't see how to do this with the wizard...


As indicated above, the wizard provides you with a basic set up (bring up WAN auto firewall etc). The rest, you will need to configure separately. Focus on getting the basic router config up and running. Don't try and configure everything at once. Also as mentioned above, the learning curve will be steep, if you do not have a networking background, and are not familiar with CLI. You can't do everything in the GUI. Most, but not all.
 
Got it... I have run the basic wizard for WAN-2LAN2. ETH1 & eth2 both set as LANS wih dchp; the GUI QOS options are very limited, in fact, it only asks for the WAN port and doesn't specifiy a LAN option at all... and even in the programming examples found ( for example: https://community.ubnt.com/t5/EdgeMAX/VoIP-QOS-Help-with-8x8/m-p/1262743/highlight/true#M66486 ), the QOS is never isolating one LAN (ETH1) for strict VOIP operations.... how does one specify an isolation between ETH1 and ETH2 and give absolute priority to ETH1 for VOIP?

(I appreciate your advise to do a piece at a time... I was hesitating to do this for fear that I would be giving conflicting commands... (like setting a QOS for the "WAN" using the gui and then specifying a QOS with priorities and ports specificed via putty... seems like a clash and unknown outcome...??
 
Response from the ubnt support... "we don't assist in complex configuration questions". ... I am under impressed.

Can anyone answer one simple aspect of the QOS question (please): All ubnt forum examples focus on a dscp 24 and 46... but do not address priorities for ports... what is the correlation between dscp and ports? How do I make sure I am prioritizing for the ports specified by my VOIP?
>>Prioritize UDP ports 5060-5070 for SIP  Prioritize UDP ports 10,000-20,000 for RTP
 
DSCP and port prioritization are separate mechanisms.

For VOIP, you do not need to play with DSCP. Simply prioritize the VOIP port.


Apologies for being blunt, but going from casual networking knowledge to ERL pro in a few days is improbable. I am unsurprised that Ubiquiti support answered as they did.

Within my household, I made the same mistake you did in assuming I knew enough to setup a professional-grade router. I was very wrong and only after a few computer internetworking books I barely feel comfortable configuring pfSense/Cisco on my reasonably simple network. You have a lot of reading to do. :)

There is no quick fix here.
 
we don't assist in complex configuration questions

Check around your local area to find a VAR that deals in UBNT solutions - then you'll find decent $support...

It's UBNT's business model to drive sales/support to the VAR's...

It's good gear, no doubt, not something that Joe Six-Pack is likely to use - similar to MicroTik...
 
It is untrue that the ERL is the supposed better bang for buck router and i'll explain. ubnt uses marketing techniques to make you think that their product is as good or better than pro cisco which it isnt. It lacks the hardware and software to keep up. Just the other day they found a bug in NAT involving 2 different SSL clients using the same server.
When it comes to NAT throughput per dollar, the CCR1036 is actually leagues ahead of the ERL, than again it is a totally different market. The CCR1036 has no issue performing NAT with no hardware acceleration at wirespeed which would be 28Gb/s which would be the forwarding speed to saturate its ports and still have CPU to spare, that is much better value for money.

The ERL uses usb storage model can sometimes get messed up during updates.

In terms of comparing it to a consumer router i would compare it to the asus ac56U. So while the ERL may be a bit cheaper than the AC56U RMerlin's firmware adds iptables giving it the same capabilities as a configurable router. The ARM CPU is also a lot faster than the ERL's dual core MIPS because it is much higher clocked and both have hardware acceleration.

Infact ubiquiti EdgeOS isnt as configurable as mikrotik's routerOS. The point being that i have both the ERPRO and CCR1036 and i cant integrate the ERPRO into my complicated network because it restricts itself in what you can do with it. This isnt a noticeable thing unless you actually start looking at logical/virtual network segmentations, the use of virtual NICs on other types of interfaces. Both mikrotik routerOS and linux OSes dont have this restriction so i can easily integrate my linux based controller boards into my complicated network but i cant do the same with the ERPRO, not without a mess of cabling. Mikrotik's routerOS also has layer 2 filtering capabilities and the ability to apply their IP firewall on the MAC layer or layer 2. This means i can also filter LAN traffic and apply QoS on layer 2 as well. This is a feature lacking in ubiquiti. What really upsets me about ubiquiti is that to them their CPU is "enough". I asked about the giving the ability to change clocks, to allow assignments of multiple static IPs with a DHCP to a NIC (you can do this in linux and routerOS with ease), and was replied with big NOs. RouterOS lets you change your router's clockspeed and on some routers you can overclock them. The octeon CPUs used in the ERL up to the ERPRO have 8 and possibly 16 core configurations but ubiquiti is refusing to increase the core count. This means the ERPRO is not value for money when it comes to speed compared to mikrotik's CCR. So Ubiquiti has refused to basically compete in the higher end segment while marketing their devices as wirespeed when it is only wirespeed with hardware acceleration. Mikrotik's CCR series achieves wirespeed NAT or even just simply layer 3 routing with no hardware acceleration and with CPU to spare so it gives even better value for money since you can apply firewall and QoS and still get WAN speeds including the possibility of VPN at WAN speed too. Try VPN on the edgerouters and you will find them to be very slow at it.

While i may be ranting, many people buy into the marketing bs from ubiquiti and wonder later on why do they get very poor throughputs when they use QoS as they were promised gigabit throughputs through millions of pps. Another thing to note which many swedish dont know is that the ERL's NAT speed with hardware acceleration is 1.3Gb/s (not using PPPOE) whereas swedish ISPs giving symmetrical gigabit fibre optics actually require 2 Gb/s to max it out. The CCR will do that even with QoS and PPTP/IPSEC VPN.

If the CCR is too expensive mikrotik has the RB1100AHx2 to achieve 1 million pps not using hardware acceleration and you get more ports. The CPU used in that is actually good at VPN but it is only a dual core machine and takes less of a speed hit when you start applying your rules to it.
 
If the CCR is too expensive mikrotik has the RB1100AHx2 to achieve 1 million pps not using hardware acceleration and you get more ports. The CPU used in that is actually good at VPN but it is only a dual core machine and takes less of a speed hit when you start applying your rules to it.

How much of this is parallel processing across multiple ports? If you only use 2 ports, WAN and LAN can you process a GIG connection?
 
The CCR processes per connection on a per core basis. I tested this and its not a per interface per core, its per connection per core. So even with 2 ports you can still use all the cores if you have a lot of connections and use 64 KB packets.

By per connection it means either per client (such as with VPN) or per connection (such as a single TCP/UDP connection). A single interface can use more than 1 core. I myself use a single interface to handle everything as my network is segmented via layer 3 but i still want them to work together on layer 2 and through VPN. So i have a bridge across all interfaces including VPN interfaces and perform the processing across. Its not an efficient way since with traffic it adds more load and is less paralisation but the amount of CPU it has has no issue keeping up and lets me save CPU in other areas such as generalising rules in filters so i can have less rules in total. Although with the CCR1036 and my connection, CPU load is not an issue that i even use layer 2 filters and QoS. Even with varied frame sizes it handles it well.

However given that a single core can max out an interface you would probably be seeing a single core used over 2 interfaces only because the load is not big enough to distribute to the other cores. With PPPOE however you may see 2 cores being used over gigabit ethernet ports.
 
Last edited:
Similar threads
Thread starter Title Forum Replies Date
C OpenWRT on EdgeRouter Lite 3 Routers 5
B Logging inbound connections on Edgerouter X Routers 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top