What's new

Wired Router Recommendation For Symmetrical Gigabit WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

tomatopotatochilli

Occasional Visitor
I want a wired router to connect to symmetrical gigabit WAN. Requirements:

- Easily get gigabit speeds both up/down with Firewall enabled.
- Ideally Fan-less and wall mountable
- Not too hard to setup (For example: Looking at Edge-Router ER-4 - seems doable in setup complexity)
- Ideally, less than $500
- Should handle load well and fairly: Planning to connect a gigabit switch to this router which will have a LAN of 30+ devices (PCs, Xbox, IoT, Wireless APs...). I don't fully understand flow control (fq_codel etc.), if that is needed for my situation.
- Any virus protection like AIProtection on ASUS wifi routers (no subscription fees) is an extra plus. Not required though.

Please recommend devices you have experience with, tips along with setup complexity and performance numbers if available.

Thanks in advance.
 
I want a wired router to connect to symmetrical gigabit WAN. Requirements:

- Easily get gigabit speeds both up/down with Firewall enabled.
- Ideally Fan-less and wall mountable
- Not too hard to setup (For example: Looking at Edge-Router ER-4 - seems doable in setup complexity)
- Ideally, less than $500
- Should handle load well and fairly: Planning to connect a gigabit switch to this router which will have a LAN of 30+ devices (PCs, Xbox, IoT, Wireless APs...). I don't fully understand flow control (fq_codel etc.), if that is needed for my situation.
- Any virus protection like AIProtection on ASUS wifi routers (no subscription fees) is an extra plus. Not required though.

Please recommend devices you have experience with, tips along with setup complexity and performance numbers if available.

Thanks in advance.
i have a symmetric gigabit fibre connection. my aging RT-AC1900P (AC68U) does 850 to 900 Mbps in both directions with QoS enabled (fq_codel); with QoS disabled, speeds increase to about 940 Mbps.
 
I'd skip the consumer beta-ware and focus on SMB/community-grade wired boxes.

If all you need is basic 2Gb/s aggregate NAT and no software-based services on the box, then you should be able to get away with a lower-power CPU architecture that relies on hardware-accelerated NAT. EdgeRouter 4, Cisco RV340, etc. Also, for symmetric 1Gb/s, coming off your typical 1Gb LAN, you shouldn't typically need (or want) SQM ("Smart Queue" in Ubiquiti speak).

If for some reason you did want to do 2Gb/s aggregate in software, or at least any speed above a few hundred Mb/s, then you'd need to look at a many-core box (ex: Mikrotik CCR) or embedded x86 (Protectli Vault, Qotom), probably with an i5 or i7 in it and running whatever firewall you like (OpenWRT, pf/OPN-sense, Untangle, IPFire, VyOS, etc.).
 
Is it recommended to run some Anti Virus on the router (in addition to default firewall)? I see options for that in ASUS wifi routers but not in Edgerouter 4.

What is the recommended/popular router AV choice that can deal with gigabit throughput?
 
Asus routers have AiProtection. I haven't enabled it on my router, so I cannot speak to AiProtection's effectiveness or impact on router performance.
 
Is it recommended to run some Anti Virus on the router (in addition to default firewall)? I see options for that in ASUS wifi routers but not in Edgerouter 4.

What is the recommended/popular router AV choice that can deal with gigabit throughput?
I am running pfsense which does 1000/1000 with ease depending on your hardware. I run a firewall with pfblockerNG on router level, no antivirus. I do not see the point of doing that.
 
Thanks, looks like PFSense is a flexible choice with many packages. Configuration does seem more work than others for now. Pre-built boxes are expensive for kind of hardware they pack. And old desktop box will likely draw more power and take more space, so need to think/read more.

Mind sharing your hardware and CPU/RAM utilization at gigabit rates?

I want to ensure up to 10 client with (audio/video calls/gaming) work smoothly over the gigabit WAN. While, other clients doing browsing/streaming/VPN/downloading work just fine. Looks like opinion is divided on whether QoS/Traffic shaping is needed over gigabit but I want the hardware to have the option if it has to.
 
Mind sharing your hardware and CPU/RAM utilization at gigabit rates?

I am running pfsense on a Dell R210 server with an Intel X3430 Xeon CPU and 16Gb ECC RAM. I am running the ACME letsencrypt package together with HAproxy for SSL access to my Nextcloud server via my own FQDN and pfblockerNG-devel to keep the bad guys out and all that on a 1Gbps ISP connection. I rarely get to 10% CPU utilization with my setup even with 15 guests in the house all on my wifi whilst streaming spotify or multiple users on Netflix or what not.

Screen Shot 2020-11-23 at 22.42.07.png


I think an important thing to mention here is that while the Dell R210 may consume some power (where there are options that consume less such as an R210 II), my router is the heart (and potential bottleneck) of my network and i do not want to compromise on that. The advantage of the R210 is that i could throw in an Intel X550-T2 card to replace the 1Gps ports of the server and i have a 10Gbe router for little money. I have it now running for about 10 months and it has been absolutely rockstable.
 
get an old PC, add an extra gigabit NIC and load PfSense
 
Should be fine. Also take a look at the Lawrence Systems YouTube channel, very good pfSense install and setup guides for beginners and he also has a guide for the pfblocker (piHole alternative) package on pfSense as well. Also has videos on limiters/QoS setup as well, in addition to videos on other pfSense packages.

pfSense Setup:

pFblocker Setup:
 
Last edited:
I have been using a Qotom for a couple of years and it has been rock solid.

If it fails keep an old router on hand that you can press into service until a replacement Qotum arrives.
 
Can one use an older PC with the same number of network ports as an emergency backup pfSense router? Or does backup/restore assume identical hardware?

Thanks
 
I moved an active pfSense installation from an Intel Xeon D-1541 system to a AMD Epic 3251 System and pfSense worked with no issues, was pretty much plug and play. Also doesn't matter how many ports are there as long as the drivers are included in FreeBSD 11.3 (for v2.4.5)/12.2 (for v2.5.0) (it's the basis for pfSense) it will in most cases automatically detect the changes. If the specific adapter doesn't have drivers in FreeBSD then you need to compile them.
 
Last edited:
All NICs are supported so I will give this a try.

Also, though somewhat off-topic, is v2.4.5 to v2.5.0 a smooth upgrade?

Thanks.
 
Pfsense is solid for a diy router solution. You can also look at the smb/enterprise router market for other candidates, many of which are dirt cheap used or some even new (fortigate 60f).
 
Yup, flexibility of pfsense is attractive. Thanks for this device pointer, I'll check it out.

My immediate plan is to use Asus Zenwifi XT8 2-pk I already have as main router and an ethernet connected node. This gives me very easy setup, and ~600Mbps QoS+Firewall+SomeAIProtection. I lose some throughput, and 1 wifi point placed sub-optimally.

My long term plan is to study these options, then add a wired router and make these wifi access points and place them optimally. Then, add a kid-safe vlan, guest networks etc.
 
All NICs are supported so I will give this a try.

Also, though somewhat off-topic, is v2.4.5 to v2.5.0 a smooth upgrade?

Thanks.

2.5.0 is not officially released yet. My install running sweet. I will wait until pfsense indicates the upgrade is available.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top