Ready to Move on to a Wired Router

[cjake]

It's been a long time coming, but I'm finally ready to move on to a wired router.

I've been lucky to have access to gigabit fiber through CenturyLink. In the past I've looked at pfsense, Mikrotik, Ubiquiti, but I've lost track of what's specifically worth getting from them and what else might exist now from any company. I'm also willing for DIY type things as I've seen people do with pfsense and Qotom boxes.

My budget would be anywhere from $0 to $500, lower the better, but I'm willing to consider any suggestion. What are decent options to consider that can handle gigabit on the WAN interface?

 

[Trip]

All depends on what you want to run on the box, really. If you just need NAT and nothing special, basically anything capable of gigabit full-duplex (2Gb/s) should do. Embedded ARM/MIPS stuff like Ubiquiti ER-4/6/12/12P, Mikrotik HeX/RB3011/RB4011/etc, Cisco RV340/345, and similar.

If you want to run certain things that are non-offloadable at multi-hundred Mb/s speeds or higher, then you probably want to look at x86 or TILE hardware (Mikrotik CCR, a PC with a multi-NIC Intel card, an low-power embedded box like Protectli or Qotom off Amazon/AliExpress, or a 1U firewall chassis).

If you can confirm what other than just basic core services you wish to run on the box (if anything), and how much throughput you want/need, we can get to specific recommendations beyond the starters I listed above.

 

[coxhaus]

I would add to Trip's info above is how large of area are you going to cover with wireless and how many wireless APs do you plan to run? If just 1 then continue on otherwise plan your wireless and how do you plan to power the APs may have an impact on the router you buy if you need the router to power the APs. POE+ switches are more common for multiple APs but they add to cost and add more hardware. You can use a Cisco RV345P to power multiple AP without using a switch to simplify setup. There is also a Cisco RV260P router which comes close to 1 gig for less money. I run a Cisco RV340 router and use a Cisco SG350-10P L3 switch. The switch powers my Cisco wireless APs. I bought the Cisco switch off eBay cheap recently as Cisco is replacing their small business switch line so used switches are cheap right now.

 

[Smokey613]

I purchased this off Amazon and loaded PFsense on it. I am running Suricata and pfblocker-NG-devel. I run two RT-AC86U in an AiMesh setup, the primary is in AP mode. I am very happy with this setup and it is very reliable. If you are going to run a VPN(s) you may want to get a model that has Intel AES-NI hardware support.

https://www.amazon.com/gp/product/B072C4YQQH/?tag=snbforums-20

 

[ddaenen1]

I am also running pfsense on a Dell R210. I tried Ubiquity and Mikrotik. Didn't like Ubiquity, liked Mikrotik alot but to date, pfsense beats them all. I only moved over because i wanted a SSL solution to access my Nextcloud server via my FQDN and Mikrotik didn't allow me to do that whereas fpsense did. Can't think of any reason at the moment to even consider something else as it runs like a charm, is highly customizable (if needed) and 'just works'.

 

[cjake]

All depends on what you want to run on the box, really. If you just need NAT and nothing special, basically anything capable of gigabit full-duplex (2Gb/s) should do. Embedded ARM/MIPS stuff like Ubiquiti ER-4/6/12/12P, Mikrotik HeX/RB3011/RB4011/etc, Cisco RV340/345, and similar.

If you want to run certain things that are non-offloadable at multi-hundred Mb/s speeds or higher, then you probably want to look at x86 or TILE hardware (Mikrotik CCR, a PC with a multi-NIC Intel card, an low-power embedded box like Protectli or Qotom off Amazon/AliExpress, or a 1U firewall chassis).

If you can confirm what other than just basic core services you wish to run on the box (if anything), and how much throughput you want/need, we can get to specific recommendations beyond the starters I listed above.

Thank you all. Hopefully the following helps the discussion.

Current Basic Setup:
* Internet connection: Gigabit fiber via Centurylink
* Router: RT-AC86U
* Devices on the network: Three desktops, two laptops, three phones, Nvidia shield, printer, and I think that's it.
* Regular tasks: downloading files, streaming pre-recorded content, watching a variety of live streams, video chat, gaming (sometimes hosting on a server), office productivity tasks and remote connection to work resources.

Additional Duties:
* The one thing I'm doing that's outside the usual fair, is that I'm running a server whose job it is to receive an incoming stream via a cellular connection, which originates from an action camera plus external encoder (mobile IRL streaming). The server then either passes that onto Twitch or re-encodes the video first and then sends it onto Twitch. The lower latency the better. Currently the streams are 720p30. Down the road, if I can manage to find a more affordable plan, I'll eventually try 720p60, 1080p30, and 1080p60, but I'm guessing that might be awhile. The server might provide additional duties at some point of live interaction with viewers and other related items that also do better with lower latency.

Future:
* What I don't know is what I might want to do in the future beyond the above, either with the router, or with what might run behind it like the server detailed earlier. It would be nice to have some flexibility to experiment with items over time.

Ideally I would like to have a solution that has lower power requirements we'll see how realistic that is.

 

[cjake]

Howdy all. Any thoughts on my previous post?

 

[Trip]

Starting off simple: if you just want something that will NAT 2Gb/s and pass whatever traffic to your server, and you have little to no plans to do anything more on the box, a simple Cisco RV340 would suffice. It's GUI-based and well-supported, although completely locked to Cisco's in-house distro and feature set. A Ubiquiti EdgeRouter 4 would allow for more functionality, as it exposes basically a full Vyatta stack to you, and you can install Debian packages to customize it (although with only a 1Ghz MIPS CPU, it's somewhat limited as to what it can run). You'd also need a switch with that router, as it's just a pure router (the EdgeRouter 12, with a built-in switch chip, will only run v. 2.x of the EdgeOS firmware, which still isn't stable enough yet IMHO). Mikrotik RouterOS would be less extensible, but a more fully-featured platform for pure routing and IP feature set (hardware: RB3011/4011/1100AHx4/CCR).

For max performance and flexibility, but still low-ish power draw, I'd go embedded x86 with Intel NICs, such as a Qotom Q555G6 (bare-bones for ~$330 -- you supply the RAM and mSATA SSD, which I like better because the flash they tend to ship with is mediocre at best). Power draw should be well under 20 watts average. The i5-7200U will get you well over a gigabit's worth of software/CPU-driven throughput (ie. run anything you want to, offloadable or non-offloadable, and you don't have to care), versus lower-wattage but less powerful architectures (MIPS/ARM -- ie. EdgeRouters or Mikrotik) that would rely on hardware-offloading or else likely wouldn't have the CPU to run many items at gig speed (QoS, OpenVPN, Surricata IDS/IPS, reporting, etc.). Plus, on generic x86 hardware, you're free to try a myriad of distos until you find one you like: pfSense/OPNsense, OpenWRT, IPFire, Endian, VyOS, Untangle... the list is literally endless. If you're less cavalier about custom-constructing your own solution and/or want a bit more friendly user experience created for you, you could opt for a pre-built appliance, such as Firewalla Gold, a Netgate pfsense SG-series or an Untangle z-Series.

So it really comes down to how simple or flexible you want this box to be. Best blend of simplicity, reliability and price would probably be a Cisco RV340. Beyond that, I would probably lean towards a low-power x86 box, per my guidance above.

 

[cjake]

So it really comes down to how simple or flexible you want this box to be. Best blend of simplicity, reliability and price would probably be a Cisco RV340. Beyond that, I would probably lean towards a low-power x86 box, per my guidance above.

Great info, Trip!

I hadn't known of the Cisco RV340 before. Something for me to consider:
1) Do you know what the power consumption is? I'll keep looking too - haven't found it yet.
2) If comparing it to something like the RT-AC86U, can it perform at a similar level for other aspects of the router, such as QOS, NAT, DDNS, firewall, etc?
3) PPPoE and vlan tagging is something my provider uses - will that work all right with the RV340?

For the low-power x86 boxes:
4) Are there any of the Celeron or Atom based units that are able to handle symmetric Gigabit? For example: Protectli FW4B J3160: https://protectli.com/product/fw4b/
5) Similar to my question from earlier, how well would it handle things like QOS, NAT, DDNS, firewall?
6) Would PPPoE and vlan tagging be something it could handle?

What do you think of Protectli vs Qotom?

 

[Trip]

Re- the RV340, the AC adapter is 12V 1.5Amp, so max would be 18-20 watts, but probably under 10 on average. @coxhaus would probably know better there. (As an aside, splitting hairs on watts at this level shouldn't be too much of a worry -- depending on your market, you're only taking +/- $5 or 10/year) QoS-wise, it's got various queuing and priority models to pick from, and although it lacks SQM (which the EdgeRouter has), bufferbloat shouldn't be much of concern with gigabit download (and hopefully at least 50+Mb/s upload?). NAT, DDNS (a few different providers), firewall, etc. is all there.

For the x86 stuff, I'm not 100% sure on Celeron/Atom's ability push 1Gb+. I would do your due diligence on that in places like reddit.com/r/networking and/or reddit.com/r/homenetworking, and/or the websites of the various distros (like pfsense) to see if you can glean throughput numbers for the various things you'd like to run. I'd say for most modern Celerons/Atoms with at least a high 1.xGhz or lower 2.xGhz clock, you'd be approaching iCore throughput levels, perhaps dipping into the mid to high hundreds of Mb/s of for certain kinds of computation. Regarding the other services, it would handle all of them with aplomb, as you're free to chose whatever distro you like, and each offer a varying amount of queuing disciplines and QoS schemes.

PPPoE and VLAN tagging would be native on all of the above.

Regarding Qotom vs Protectli, Qotom is typically the slightly better buy, while Protectli appears to have slightly better support presence here in the States (for whatever that's worth).

Hope that helps!