Buying advice - upgrading my LAN ready for 1Gbps Fibre broadband (FTTP)

[GainfulShrimp]

I'm hoping to get 1Gbps symmetrical (i.e. gig up + gig down) broadband within the next 9 months or so. I'm very excited (sad, I know!)...

So, I'm looking to upgrade my home LAN in anticipation of getting the new connection.

At the moment, I use the following:

• Draytek 2820n (wireless router and ADSL modem)
• Netgear GS108T smart switch
• Synology DS1812+ NAS

The NAS is connected using link aggregation (802.3ad) to the Netgear switch. Also plugged in to the switch are the Draytek router, a couple of PCs and a powerline adapter.
I have 3 further powerline adapters around the house, allowing my smart TVs and my PS3 to connect to the network while keeping wifi free for genuinely mobile wireless devices.

At the moment, things work OK but not great - the powerline adapters are "500meg" devices, but two of them run at <10mbps, presumably due to noise/wiring issues in my house. For standard def and some HD content, streaming to my TVs works fine.

In the new world, with a fancy new (?4K) TV and a gigabit broadband connection, I'll need to up my game LAN-wise. So I'm thinking of replacing all of the powerline stuff with cat6 (or cat5e).

I'm less sure of what I should do re: router and wireless.

My Draytek is amazingly reliable and although it's not fast wireless by today's standards, it's rock solid. If Draytek produced wireless-ac devices, I'd probably get one (both my MacBook and iPhone are AC capable).

I would ideally like to separate things, so getting a new wired router and an access point.

I use the VPN server feature of the Draytek to dial in to home when I'm out and about, although currently my broadband upload speed is so terrible that it's of limited use.
I also use some port forwarding to access various services on the NAS from my phone/laptop when away from home.

I've been looking at the following options for a new setup:

1. Edgerouter Lite or similar router.
2. D-Link DAP-2695 or similar wireless AP.

I would prefer to avoid 'consumer grade' all-in-one style devices as my experience before the Draytek was frequent reboots and hard-to-diagnose issues reaching my LAN from the Internet. I need something very reliable and yet also able to give me good VPN speeds over a 1Gbps symmetrical connection.

Any comments/thoughts or things that I haven't considered and should be, please?

Sorry for the long first post.

 

[System Error Message]

for a router try mikrotik RB1100AHx2 or even a CCR with SFP(might not need modem if there is compatible module). I use a CCR1036-8G-2S+. Mikrotik lists their routerboard performances. personally i prefer routerOS over ubiquiti even though the interface is less user friendly but it has more features. The RB1100AHx2 and CCR series have upgradeable ram if needed if you enjoy having thousands of queues, routes, cache and such.

1 trick i use with mikrotik to increase VPN performance is to use very large packet sizes in VPN but normal packet sizes on L2 and L3. CCR1036 can combine ports for your NAS at wirespeed using the CPU but it can also be done in switch chip at wire speed for those with one.

As for wireless AC I have not seen an AP that has 24/7 uptime without some modification. For me i use an asus ac68U with merlin firmware and dual usb fan at the heatsink. Ever since i did that it has not hanged once even when overclocked to 1.4 Ghz.

 

[azazel1024]

for a router try mikrotik RB1100AHx2 or even a CCR with SFP(might not need modem if there is compatible module). I use a CCR1036-8G-2S+. Mikrotik lists their routerboard performances. personally i prefer routerOS over ubiquiti even though the interface is less user friendly but it has more features. The RB1100AHx2 and CCR series have upgradeable ram if needed if you enjoy having thousands of queues, routes, cache and such.

1 trick i use with mikrotik to increase VPN performance is to use very large packet sizes in VPN but normal packet sizes on L2 and L3. CCR1036 can combine ports for your NAS at wirespeed using the CPU but it can also be done in switch chip at wire speed for those with one.

As for wireless AC I have not seen an AP that has 24/7 uptime without some modification. For me i use an asus ac68U with merlin firmware and dual usb fan at the heatsink. Ever since i did that it has not hanged once even when overclocked to 1.4 Ghz.

That must run REALLY hot. I'll grant, I don't have constant traffic hammering my router/AP, but my TP-Link Archer C8 hasn't crashed or hung once in the few months I've been using it varying between light to medium work loads on it from minutes to a few hours in duration (heavy too, but I doubt any heavy workloads (routing at >75Mbps plus wireless at >200Mbps combined) for more than a couple of a minutes at a time.

 

[System Error Message]

With the fan it runs much cooler than before i overclocked.

Perhaps because all those hack attempts arent reported by your router? In a very crowded wifi space it is very likely your wifi AP/router will hang from temperature especially if you have the transmit power set to highest and a lot of traffic that isnt meant for your wifi.

I used to have the problem of my tp-link hanging often when only used as a wifi AP before wireless AC came out regardless if stock firmware or openwrt used. wireless chips are very sensitive to temperature

 

[jegesq]

"...for a router try mikrotik RB1100AHx2 or even a CCR with SFP(might not need modem if there is compatible module)..."

It's also illegal to use the Mikrotik Routerboards with Wifi in the U.S., as discussed in this thread (starting at page 17) because they are not licensed for use in the U.S., and are non-compliant with FCC regulations: http://forums.smallnetbuilder.com/showthread.php?t=18762&page=17 They are fine if you are in the EU or Asia, just not in the U.S.; you could use one I suppose if the wifi radios were otherwise compliant, which means you can't use the Microtik boards with built-in wifi or any other non-compliant wifi radios.

 

[System Error Message]

The models i suggested dont have wifi radios. You can add wifi to them via usb or some via PCIe. You can actually install routerOS into a desktop with a WLAN card.

But for his main question he wanted a non consumer solution to his network and didnt want to use pfsense or draytek so i suggested some routerboards that would work well as his main router since he wants to use something else as his wifi AP. Something with more CPU would help for his 2Gb/s total VPN requirement. Those high end consumer routers cant achieve those VPN speeds.

Single core routerboards have virtualisation (metarouter) so you can run VMs on routerOS but they will soon have that feature for multicore boards.

 

[jegesq]

Agreed. That's why I wrote "...you could use one I suppose if the wifi radios were otherwise compliant."

 

[System Error Message]

I forgot to mention some CCRs have 10G SFP+ ports if you want to stream 4K over lan. Not sure if your NAS supports it. They are releasing a 72 core model with 8 SFP+ ports. The one i use has 2 SFP+ ports and 8 Gbit ethernet ports. The CCRs have sufficient CPU for all your VPN goodies. You could get a CCR1009-1s-1s+ which has 9 cores, 1 SFP+ for your NAS and 1 SFP for your internet. Some of them have redundant PSUs and POE power option. SFP+ to SFP+ cable is very cheap.

 

[GainfulShrimp]

Thanks for the various tips guys. I will look into Mikrotik as well before I take the plunge, then.

My (admittedly not exhaustive) research has led me to believe that there aren't *any* wireless-AC access points which are nearly as good/stable/mature as some of the wireless-N stuff is. Maybe it's unrealistic to expect that, as AC is relatively new compared to N?
But draft AC has been out for a couple of years now, so I was hoping that some of the newer kit was better.

 

[Trip]

Hi shrimp - depends on what you're looking at right now. Consumer AC stuff -- mostly a flake show, third party firmwares included. SMB gear -- depends on the model series and development support (some EnGenius and Zyxel AC stuff I've installed recently has actually been pretty good). Enterprise -- well, if we all had the cash/skillset for Aruba, Ruckus, Cisco, etc. then this forum would be awfully quiet.

 

[Samir]

I would wait for the install and see how your router holds up with the new bandwidth. Running those cat5/6 runs will really help those points and you may notice that everything is fine even though you don't get all 1Gbps through your draytek.

 

[GainfulShrimp]

Thanks for the responses chaps!

The more I look into the Mikrotik vs Ubiquiti offerings, I'm erring on the side of Ubiquiti. The ERL-3 seems to offer a near-miraculous price/performance ratio. The bigger CCR Mikrotik units look impressive spec wise, but the cooling fans put me off (slim/rack devices = small fans = irritating noise). Not a problem in a datacenter, but my office isn't a datacenter...
I really like the look of the tree-style configuration view for the latest firmware on the ERL-3, reducing the need to SSH into the device for configuring advanced options not already covered elsewhere in the GUI. Also, it looks like many of the features that were a bit painful/complex to configure before (e.g. hairpin/loopback NAT) are now much easier to do, with v1.6.

I've checked the Ts&Cs of my ISP-to-be (Gigaclear) and I'm not allowed to replace their ONT/router device altogether... but I can put it into 'bridge mode' to effectively just use it as a modem and allow my own router to deal with any PPPoE and get the WAN IP address for itself.
So I think that just means I shouldn't be looking to any SFP-style options to hook up the fibre directly to my own equipment.

But the choice of an AC access point is still much less clear. My two main options are:

- Consumer AC router in AP-only mode (I could go as cheap as £80, for something like the Archer C7 v2)
- Business class AP - (to infinity and beyond, cost-wise, but with some affordable options too)

The first option is attractive cost-wise, but scares me because my historical experience with home routers has been disastrous. I'm determined not to sacrifice the stability that I get from my Draytek, but I just want something with AC 3x3, so I can make better use of my AC-capable devices (MacBook Pro, iPhone 6, iPhone 6+).

So that leaves SMB stuff: Ubiquiti, Engenius, etc. The D-Link DAP-2695 is not a bad price and is clearly well built - Plenum rated, WiFi certified, etc etc... but there are very few reviews of it and they're mixed. The Unifi UAP-AC again gets very mixed reviews - some people seem to think its Ubiquiti's worst product ever and are worried about overheating etc - others claim it's fantastic.
I like the look of the Engenius ECB1750, but there are horror stories about it underperforming, there's no firmware released for it and anyway it seems to be unavailable in the UK at the moment.

I like external antennas btw - I'd rather have a lower power output but bigger antenna(s) (as wifi is two way and it won't help signal stability if my low-powered mobile device can't 'talk back' to the AP even though it can 'hear' it)... so I'm looking at devices with plenty of aerials!

Secondly, I'd like something that works with PoE (802.3af or 802.3at), so I'm not constrained to position the AP/router where my router, switch, NAS etc are. This is because I don't want to purchase another UPS just for my new AP. That said, my Draytek sits in that position and services the whole house reasonably well, so PoE is a nice-to-have rather than a critical requirement.

Also, I'd like to use a single SSID for both bands (with band steering) if I can. This is because I ideally just want two SSIDs - one for my stuff and one for guests (with isolated clients). If I had two SSIDs per band, it'd be messier (but possible, I know).

In summary, my thoughts are:

- Archer C7 v2 - very cheap but I worry that it's not going to be stable as it's a home router. Also, I'm pretty sure you can't configure band steering and use a single SSID with this option?
- Netgear R7000 - apparently now more stable, following months of pain for early buyers. But it's expensive and I'd be turning off many features to use it as an AP.
- D-Link DAP-2695 - good price for 'business class', ticks all of my requirements on paper, but D-Link seems to have a poor reputation. Maybe that's just the consumer-oriented kit?
- Ubiquiti UAP-AC - quite expensive and only uses internal antennas. There are mixed reviews, but it has plenty of supporters.

Does anyone have any opinions on the above choices, or other suggestions for AC 3x3 APs please?

 

[GainfulShrimp]

I've gone the Ubiquiti route: ordering an Edgerouter Lite and a Unifi UAP-AC.

Now I have quite a lot of reading to do. I have pretty good experience with setting up the basics of home networking - NAT, DHCP reservations, DNS, PPPoE, WPA2 etc - but there's a whole world of other stuff that other people use to great effect, which I've never played with (e.g. VLANs and multiple subnets for experimental kit).

First example of my steep learning curve: my Draytek has a simple tick-box in the wifi/SSID config for 'isolate clients', i.e. for a guest SSID.
In my new world, I'll have to configure the Unifi controller to apply VLAN tags to guest users, and configure the ERL-3 to deal with that VLAN properly: i.e. serve DNS, DHCP for a separate guest subnet and firewall/routing to block access to my own clients while allowing the guest clients to communicate with both the Internet and the Unifi controller running on the 'private' side.

It's going to be quite a techie adventure, I'm sure!

 

[abailey]

You can certainly use VLANs to isolate your guest from your home network but it is not necessary with Ubiquiti AP's. Ubiquiti AP's have a built in guest mode that can do the isolation for you so you don't have to configure multiple VLANs.

 

[GainfulShrimp]

Ahh... OK, thanks.

Maybe the article I read was out of date. Part of the challenge with the ERL seems to be that you find lots of info online saying X, Y or Z are complicated or only possible via CLI... then discover that they're in the GUI of more-recent firmware versions.

 

[Trip]

That point about the ER firmware is very true. I'd say by 1.8 (late 2015?) they'll have the bulk of GUI-based feature access and SOHO applicability streamlined, and by 1.10 it will be an almost-no brainer recommendation. Can't wait, as something rock-solid for a decent price point without the operator needing a CCNA is sorely needed in this space.

 

[GainfulShrimp]

Well so far so good. I've got the UAP-AC set up and it seems to work flawlessly, albeit I realise it's early days.
Only hiccup was getting the controller setup, as I had Java 7u55 installed and the controller was flakey - mostly refusing to start at all - until I uninstalled both it and Java and put the latest Java in, followed by the controller again.

I think I'm going to enjoy the Ubiquiti way of working though: it all seems technically solid but requiring some time and effort to polish the finer points. For instance turning on beam forming needs a special config file to be created in the right place (I haven't bothered yet) and creating a mobile-friendly responsive GUI for the guest portal is left as a homework exercise for the reader with a bit of HTML and CSS skill.

Next challenge: the Edgerouter Lite setup.