High speed WAN router options

[midgetspy]

I currently have an Asus RT-N66U with tomato and use port forwarding and VLAN tagging. It is unable to keep up with my 300mbit WAN connection (CPU pinned at ~170mbit) so I'm looking at my options to increase throughput.

CTF seems to be the go to recommendation but as far as I understand that would disable port forwarding which is a requirement for me.

I've read that the R7000 is powerful enough to probably get up to 300mbit without CTF but it sounds like I'd just end up in the same situation if/when my ISP upgrades again. If I'm going to have to buy something else I'd like it to be future proof to a gigabit.

At this point do I just have to roll my own router with pfsense? Are there any reasonably priced SOHO routers that can do gigabit(ish) WAN speeds with port forwarding? Is there some sort of port forwarding workaround (DMZ maybe?) that I could use while still using CTF?

Thanks.

 

[coxhaus]

You might take a look at the Cisco RV345P router specs on this site. You can buy the same router with less ports and no POE+ called the Cisco RV340 router for $151. You will notice in the specs when they added things to the router it did not slow down. So it should keep up with you for a while. I think this is one of the good options. I run a Cisco RV340 router. I get by without buying any of the licenses running it at my home.

 

[Trip]

If I'm going to have to buy something else I'd like it to be future proof to a gigabit.

Unfortunately, 1Gb/s (or 2Gb/s if the connection is symmetric) is a tall ask right now when looking at SoC-based routing platforms in the SOHO space. As you suspected, those boxes will top out at somewhere in the 300-600Mb/s range when routing via CPU, depending on sub-architecture, firmware and packet size.

You do have a few choices: 1) accept the limitation for the time being and do a consumer all-in-one or SOHO VPN router (cheapest solution), 2) go faux-enterprise embedded with something like Mikrotik (high skill required), 3) do a more mainstream enterprise firewall/security appliance (more expensive, but more turn-key) or 4) roll your own x86 box, either pre-built or DIY, with a Linux or BSD firewall distro (moderate cost, moderate skill required).

Each option requires compromise between total landed cost and ease-of-use, but it really comes down to what you want to run on the box. If it's just routing with a few firewall rules and some basic traffic flow stuff (port forwarding included) then a Mikrotik CCR-1009 PC or pfSense on a Intel i3 DIY micro PC would probably be the best bang-for-the-buck based purely on hardware cost, and both will route 2+Gb/s for sure. If you lack the skill to setup either of those, then I would suggest backing off to a consumer product, as most turn-key enterprise stuff will be too costly (unless you can find a refurb unit).

If you go with a wired product, you'll of course still need a wireless solution, but then you are free to buy that piece purely based on those merits, as a discrete component. You could do an all-in-one router set into AP mode, a SOHO mesh system, business-grade mesh such as UniFi or Ruckus.

Hope some of that helps paint a picture of what's available, even if it isn't exactly what you wanted to hear.

 

[coxhaus]

Maybe in the future when we need really high speed internet devices somebody like Cisco will build a small business layer 3 switch with NAT. Then we can add a UTM device right behind it for security. We can easily achieve 10 gig and faster speeds.

Cisco has been building layer 3 switches with NAT for many many years in their pro line.

 

[midgetspy]

Thanks guys, that was very helpful. That Cisco RV340 looks like a good option if I'm going to buy something new.

I'll have to do some research on how cheap & low power I could build my own pfSense router before I make up my mind but this gives me a good place to start, thanks again!

 

[umarmung]

I do not believe it is usual for just port forwarding to disable CTF/NAT acceleration on modern routers with stock firmware, even for consumer routers. Third party firmware is a different issue and may be variable and you should check with the providers.

You can confirm with @RMerlin but if it were not for your VLAN requirements, e.g. many Asus routers would be fine for you, and an Asus RT-AC86U for Gigabit loads.

However, as Trip pointed out, SOHO routers are always going to have better performance and management options anyway, even at lower budgets. They are just harder to use (from just a little due to additional features or up to a LOT due to the class of users they target) and do not provide consumer-style support.

 

[Trip]

[...]and do not provide consumer-style support.

Amen to that... Especially with certain OEMs who really do leave 95%+ support up to the VAR (UBNT and Mikrotik to name two). Not enough innocent victims realize that before they go buy that seemingly cheap $50 ER-X on Amazon. (and then come back and leave a scathing 1-star review for what basically amounts to their inability to administrate and use the device properly... lol got to love those). Anyways, I digress. I think sticking with more of a turn-key product might be the best option for your use-case -- and nothing wrong with that.