OFF-TOPIC! Looking for a new router...

Preface: I know this isn’t about Vera, but I frequent this forum more than any other and I’m sure that the people here are knowledgeable enough in this area as well

So, I have a Cisco WRVS4400n that has been complete crap (it was a great deal when I got it, but apparently, from my reading, they are just crap). Every 6 months or so I have to completely redo it and that is a hassle.

So, I am looking for a new router. I have been eyeing the Ubiquiti edgerouter series. I am stuck between the edgerouter lite or the edgerouter 8 port (8-port would go in my rack). I currently keep my router on the wall because it used to handle my Wifi. At one point the wifi was acting all crappy so I swapped to POE Access points (I have been testing 1 Engenius and 1 Ubuiquiti Long range). I’m not opposed to putting in a router with Wifi, but the location is not central in the house.

I have also been looking at the Asus 87U AC router, but it will NOT fit in my current router’s location. I will attach an image of the wall location where the new router would go (if it has wifi in it). I do have 3 42" Leviton Enclosures, but those are metal (and bad for RF). I could potentially put in one of their new RF transparent ones, but that would require more money and cost than I think is worth it.

Some requirements:
Low heat (my equipment closet is a sweat box as it is, even with venting)
vlan support (Do to the fact that I work with Hippa information, I like to keep my work computer on a separate vlan than the rest of the house/guest networks)
Reliable! Reliable! Reliable!
Oh, and did I mention Reliable?

So that’s it… anyone have any suggestions? Cost is not necessarily a limiting factor, as long as it is super reliable.

I have an EdgeRouter Lite, and I love it.

The good…

[ul][li]It’s installed in a ventless/fanless Wiring Closet and is barely warm.[/li]
[li]It’s configured to run VPN to the house, so I don’t use 3rd party tunneling services.[/li]
[li]All of the configuration can be done via CLI, and it lives in a single file (Vyatta style config)[/li]
[li]It’s internal flash is just a USB Memory stick, so it’s easy to swap out (if needed)[/li]
[li]They have a very active community, and are involved in developing new UI’s and extensions[/li]
[li]GbE Ports, 512M RAM[/li]
[li]It runs mostly idle, even under heavy traffic[/li]
[li]It runs on 12V, so I can power it via my [battery-backed] 12V Wiring closet power supply[/li][/ul]

The bad…

[ul][li]The UI doesn’t expose everything in the CLI[/li]
[li]It’s targeted at folks with more of a Networking background (but it’s getting better in the newer FW releases)[/li]
[li]I’ve have had to swap out the USB Flash once (in a 12 mo period)[/li][/ul]

Since they’re only $99, I keep a second one around for quick restore/swap out if needed (I do this for everything). My WiFi is just handled by 2x Apple Airport Express units, so that’s easy to maintain.

[quote=“guessed, post:2, topic:185299”]I have an EdgeRouter Lite, and I love it.

The good…

[ul][li]It’s installed in a ventless/fanless Wiring Closet and is barely warm.[/li]
[li]It’s configured to run VPN to the house, so I don’t use 3rd party tunneling services.[/li]
[li]All of the configuration can be done via CLI, and it lives in a single file (Vyatta style config)[/li]
[li]It’s internal flash is just a USB Memory stick, so it’s easy to swap out (if needed)[/li]
[li]They have a very active community, and are involved in developing new UI’s and extensions[/li]
[li]GbE Ports, 512M RAM[/li]
[li]It runs mostly idle, even under heavy traffic[/li]
[li]It runs on 12V, so I can power it via my [battery-backed] 12V Wiring closet power supply[/li][/ul]

The bad…

[ul][li]The UI doesn’t expose everything in the CLI[/li]
[li]It’s targeted at folks with more of a Networking background (but it’s getting better in the newer FW releases)[/li]
[li]I’ve have had to swap out the USB Flash once (in a 12 mo period)[/li][/ul]

Since they’re only $99, I keep a second one around for quick restore/swap out if needed (I do this for everything). My WiFi is just handled by 2x Apple Airport Express units, so that’s easy to maintain.[/quote]

Thanks for the input I was thinking of going with the 8port merely so I coudld put it in my equpment rack (front side is for HT equipment and faces the living room, back is for networking, HA, and other bits I don’t want showing out the front). That said, putting the ERL in one of my SMCs really interests me, but I had read about some heat issues with older units that worried me.

Do you keep a backup of your config for easily swapping out the flash drive with the config already on it?

I keep a backup locally, on my Mac. There’s a “reasonably up to date” Firmware & Config on the USB stick that’s in the other ERL, so my restore process is basically:

a) Plug in the alternate ERL
b) Update the Firmware (as needed)
c) Restore the Backup configuration from my Mac to the ERL (to [tt]/config/config.boot[/tt])
d) Reboot the ERL
e) Then I can go about rebuilding the flash on the broken ERL (assuming it was a failure due to the internal USB Flash).

Reading their forum, it would seem that the most common failure is the USB Flash within the ERL. I suspect this was my fault, as I run a lot of logging (for the Firewall parts), so I’m assuming I wore-out the media.

My original ERL is one of the first shipped and I’ve never had heat problems - at least not to the touch. It’s the unit where the USB Flash died and, at the time, I didn’t have the backups set correctly so it took about 2hrs to rebuild. At that time I also didn’t have the [Cisco-style] Serial Console cable so it took longer to do it than would be normal for a complete image rebuild.

If I already had a Network rack, and it was in a secure(ish) location, I’d get the bigger EdgeRouter model and put it in there. In my case though, the SWC is nearer the Alarm system, and I only use my Rack for AV Gear (where I use a 16port GigE Netgear ProSafe switch).

In the SWC, I run:

[ul][li]DLink DSL Modem[/li]
[li]Ubiquiti EdgeRouter Lite[/li]
[li]2x NetGear ProSafe GS108 8-Port GigE Switches[/li]
[li]Vera 3 (dangling below)[/li]
[li]Paradox PRT3 HA Adapter for my Alarm[/li]
[li]a MeanWell 12V Power Supply, with a 12V 18Ah Battery backup[/li]
[li]a Blue Sea Systems 12V Blade fuse box for each circuit.[/li][/ul]

This all fits into a standard 28" OnQ SWC, and runs quite cool. It also runs for hours when the Power is dropped.

My AV Rack runs hot, and is in a less secure location (passive cooling). I’d imagine I’d cook any serious Network gear I put it into that rack, but I do have a single 16-port switch that’s away from the heat-column.

The edge router lite also gets my vote! It’s been rock solid. I rewired my whole house last spring with new switches on each floor connected via 4 cat 6 using link aggregation for the backbone and each room having 4 cat 6 hookups. My network has multiple vlans to split main network from, home automation and security, DMZ and guest network. I use UniFi access points throughout the house with roaming enabled. I couldn’t be more happy. The router is configured with inter vlan firewall rules for certain access and all other vlan to vlan access blocked. The edge router gets my vote, not sure why I wanted so long to pick one up.

• Garrett

Third on the EdgeRouter Lite.

I also like consumer routers with DD-WRT.

The new Asus AC56U offers 802.11ac and support for a 3g/4g dongle for backup internet.

For small scale commercial use, I frequently go with the Juniper SSG5.

If they want to blow a wad and not look at it again for 7 years, then Cisco 800 Series ISR.

I was going to get the ASUS RT-AC87U over the Netgear Nighthawk X6 Tri-Band r8000.

After getting to the store (bestbuy) there was a sale on the netgear for 249.99 reg. 299.99
Asus was normal 269.99.

I had reviewed both extensively and was mostly looking at those two anyways the price just swayed me.

I usually only run DD-WRT on my routers but found no need to yet.

I have the netgear nighthawk (r7000) running DD-WRT
working great for me and the AC speeds are pretty good.

[quote=“integlikewhoa, post:7, topic:185299”]I was going to get the ASUS RT-AC87U over the Netgear Nighthawk X6 Tri-Band r8000.

After getting to the store (bestbuy) there was a sale on the netgear for 249.99 reg. 299.99
Asus was normal 269.99.

I had reviewed both extensively and was mostly looking at those two anyways the price just swayed me.

I usually only run DD-WRT on my routers but found no need to yet.[/quote]

My ONLY issue with the RT-AC87U is it’s size. Its a BEAST! I don’t have the 11" of space to put it in that location and unfortunately, due to the UPS sitting next to it, I don’t see me having too much space.

[quote=“guessed, post:4, topic:185299”]In the SWC, I run:

[ul][li]DLink DSL Modem[/li]
[li]Ubiquiti EdgeRouter Lite[/li]
[li]2x NetGear ProSafe GS108 8-Port GigE Switches[/li]
[li]Vera 3 (dangling below)[/li]
[li]Paradox PRT3 HA Adapter for my Alarm[/li]
[li]a MeanWell 12V Power Supply, with a 12V 18Ah Battery backup[/li]
[li]a Blue Sea Systems 12V Blade fuse box for each circuit.[/li][/ul]

This all fits into a standard 28" OnQ SWC, and runs quite cool. It also runs for hours when the Power is dropped.

My AV Rack runs hot, and is in a less secure location (passive cooling). I’d imagine I’d cook any serious Network gear I put it into that rack, but I do have a single 16-port switch that’s away from the heat-column.[/quote]

I would love to hear more about your battery backup solution. I currently have 3 Levigon 42" SMCs (SWCs). Two of them are powered (The third I use as a passthrough and for non-powered devices…it’s also the one that sits Next to the rack so can’t be reached unless I move the rack). As you can see in the picture, I ran power outlets to a central location and used an APC structured wiring battery backup. It’s nice, but APC has pretty much abandoned it and my mom has had 2 go bad (granted, this is over many years). Mine had the battery die without any kind of notification or warning. That said, I also was able to wire that room to my own specifications (you can read more about my adventure here: http://www.avsforum.com/forum/36-home-v-distribution/1470115-my-home-theater-rack-equipment-room.html), so I went with what I had known about.

Either way, I would love to see your layout and how you have all that in 1 28" enclosure. I will attach the most recent pictures of my 2 accessible SMCs. The wires are a bit messy, but the only pieces of equipment in the actual SMCs is a DLInk 16 port managed switch and the Modem. The top of the first one, where it’s currently empty, holds a DSL Filter (I’m on cable right now) and a Telephone distribution module (I don’t have phone right now, but I’m prepared for it if I ever do). Besides that, one is for Data lines (phone/data all cat 6) with the switch and the other is for all my other connections (Cable, Cat6 for HD-baseT, IR distribution, etc). I’m not even sure if there is room for the ERL in either of them at this point!

Regarding the ERL… wow. I deal with a multi-million dollar hosting budget at work and I’m use to dealing with quarter-million dollar Juniper enterprise class routers and firewalls. I just looked at the user’s manual for the ERL and for $99 seems to have a lot of the functionality of a regular business class router. Damn impressive. I was about to pull the trigger on a new wifi router, but for $99 I think I’ll now separate the firewall/router functionality from the wifi access.

I’m just pissed you guys having been keeping the ERL a secret for so long. ;D

Looking at the specs of the ERL, they look initially impressive, but I have serious doubts on its performance. The architecture seems like a standard Cavium Octeon dual core 500mhz CPU, but they advertise a 3Gb/s performance. It is pretty obvious that this is through a switching complex of the SOC and is raw throughput without any CPU.

The question comes down to what the performance is when state needs to be kept for NAT and most importantly stateful firewall. (they call ZBF) . The Tolly report “firewall” testing was used with ACLs and non stateful UDP testing. So basically they just tested… nothing useful. Zone Based Firewall keeps state, that will have the primary impact on the CPU and the performance is likely much… much slower.

That being said… for the price, unless you have Google Fiber at home the performance with ZBF should be fine for most uses. I doubt it can maintain anywhere close to 1Gb/s when ZBF enabled, but for the average high speed internet, it should be fine. At $99 … why not.

If you are looking for further reading on routers and home networking, I found that the Small Net Builder site (and forum) to be a good resource: http://www.smallnetbuilder.com/

Lots of comparisons between the various routers.

Just remember that consumer routers are built cheaply, so have your expectations tempered some what.

@niharmehta, while i don’t expect the ERL (or ANY $99 device) to perform like an enterprise class router, look at the numerous reviews on Amazon and other sites. You’ll see several instances of folks saying “before the ERL I was getting XXX speed, by just replacing my router I am now getting better YYY speed”.

As you pointed out, even if it does half the speed it claims, you’re way ahead of any other residential router at the same price point. But IMO, speed is not what it’s about, it’s the feature set you get for the money and the fact they keep maintaining/fixing the firmware.

Why do you guys need something like the ERL vs just a good ASUS? Most people have 10-25 Mbit internet connections. I pay for 50 but I get 100 for some reason. Even at 100mbit, I could not saturate my ASUS with gig ports.

[quote=“garrettwp, post:5, topic:185299”]The edge router lite also gets my vote! It’s been rock solid. I rewired my whole house last spring with new switches on each floor connected via 4 cat 6 using link aggregation for the backbone and each room having 4 cat 6 hookups. My network has multiple vlans to split main network from, home automation and security, DMZ and guest network. I use UniFi access points throughout the house with roaming enabled. I couldn’t be more happy. The router is configured with inter vlan firewall rules for certain access and all other vlan to vlan access blocked. The edge router gets my vote, not sure why I wanted so long to pick one up.

• Garrett[/quote]

Garrett, I would be really interested in how you’ve set up the link aggregation for your backbone. I may have to do more research on this. I don’t think that my d-link easysmart switch supports this (nor any of the easysmart series). What switches are you using for your backbone?

@TC1 for the price point and features, it is indeed excellent. Having a real layer 3 switching SOC does make for a fast routing device. Since it runs a fork of Vyata it is a good L3 device. It is difficult to understand is how good is it at its primary end use case as a firewall for SOHO.

Will it be faster than your WRT54G… sure… I wish there was examples of that performance testing with ZBF. The bridging drops it’s performance to 200Mb/s so I would assume that will be similar to ZBF as both seem to be CPU bound. Unless you plan on running this on a larger multi-router network, I would focus on the security capability as you mentioned there are some HIPPA security requirements that you have.

@SirMeili – See if you can put a fan in the cabinet. Your electronics will be happy and it will help with your reliability requirement $10 DC fan will help a lot.

At $99 though, the router feature set is quite impressive and I am not saying people should not buy it. Just expect about $99 of performance as a security device. There are much faster platforms in the $200 range.

Again, it has nothing to do with raw speed, but feature set and security control.

And, raw wire speed has nothing to do with how a router/firewall performs. 100mbit while doing complex stateful inspection and nat translations could very well saturate the CPU cycles on many home firewall/routers. No one (unless they are asking for trouble) runs their firewall/router without any rules in place.

[quote=“niharmehta, post:16, topic:185299”]@SirMeili – See if you can put a fan in the cabinet. Your electronics will be happy and it will help with your reliability requirement $10 DC fan will help a lot.

At $99 though, the router feature set is quite impressive and I am not saying people should not buy it. Just expect about $99 of performance as a security device. There are much faster platforms in the $200 range.[/quote]

Actually, it was me who said he had hippa concerns (I work with Hippa information all day, though I am just a developer).

That said, I don’t mind looking in the $200 range. I was looking at the rack mount version of the Edge Router anyways as an alternative and it appears the processing power might be more powerful in that. That said, I’m not sure how much processing power I will need. I currently have a 50mbps line but I am about to move to a 100mbps line. Most of my streaming devices are wired (Rokus, HTPC), my laptop is wired, but everything else is wireless (phones, tablets, etc).

My main concern is the streaming devices (Local sources and over the internet) and the security of keeping my work away from everyone else on the network.

@SirMeili - The ERL has 3 ports, so that’s only 3 potential subnets.

1 port has to always be your external/Internet connection (if you are going to use this as a firewall router).
that leaves you with 2 internal subnets. You could use one subnet for home/personal stuff, and then isolate the other subnet for work.

If you further want to do further internal isolation you could then buy the 5 or 8 port instead. I would think the 5 port is pretty sufficient for most home office use.

@SirMeili ,
A long time back, I started this thread:
http://forum.micasaverde.com/index.php?topic=10747.0

and since then I’ve tweaked things a little:

[ul][li]a) Added the ERL, replacing an aging Linksys (DD-WRT) that was resetting itself frequently.[/li]
[li]b) Removing the CATV/SAT splitter block (I needed the room, and I only have SAT in one room anyhow)[/li]
[li]c) Removing the dangling Vera2, upgrading the dangling Vera3 “mount” (tongue-in-cheek)[/li]
[li]d) Adding the inline and Blade fuse blocks to the Power supply.[/li][/ul]

The rest is basically the same, and will shortly be joined by the Odroid C1 openHAB server, via a 12V-5V DC-DC converter, and an RPi-based [tt]syslog[/tt] server.

The two Netgear GS108 GigE switches are “stacked” atop each other, and supply the various rooms around the house, as well as the [remote] Apple Airport Express units (one up, one down). I specifically chose separate wired Router/Switch/WiFi components because WiFi doesn’t make sense in a [Metal] SWC, and I like to be able to upgrade components separately (and I keep spares of everything in here)

The switches are unmanaged, at the moment, but the traffic is “split” (HA/AV vs Everything else) so I could separate them via the Router if needed. I chose them primarily for low power consumption, although I may get managed Network switches in order to VLAN everything properly (which the ERL can support just fine, but the Wifi doesn’t)

The WiFi routers aren’t on UPS, so when the power bails, I lose WiFi. My Primary machine is a Mac Mini and it’s using Wired Ethernet and is on a separate UPS (from APS)

If I were doing it again, I’d use the MeanWell ADD-155A, instead of the AD-155A, in order to pickup a 5V Rail. The former has 12V/5V (ADD) vs just 12V (AD). I’d also get 2 closets, instead of one, and put the Alarm & HA gear in the other, to reduce clutter.

New photo attached…

The wires are a bit messy, but the only pieces of equipment in the actual SMCs is a DLInk 16 port managed switch and the Modem. The top of the first one, where it's currently empty, holds a DSL Filter (I'm on cable right now) and a Telephone distribution module (I don't have phone right now, but I'm prepared for it if I ever do). Besides that, one is for Data lines (phone/data all cat 6) with the switch and the other is for all my other connections (Cable, Cat6 for HD-baseT, IR distribution, etc). I'm not even sure if there is room for the ERL in either of them at this point!

LOL, that’s not messy! I stopped trying to make mine really neat on about the 3rd change…