Best routers out there ?

[free_electron]

With 'best' i mean the following
- best throughput WIRED and wireless. Most reviews blabber about theoretical bandwidths on wifi but nobody talks about what the router can really handle. Most of my stuff is wired. The router should be able to handle many datastreams simultaneously and not fall over it has to manage 50+ devices all blabbering randomly with each other.

Current network topology. current router only has 4 ports.

router - 4 ports (let's call them a b c d) all gigabit
-SNIP- WRONG. NEW ACCURATE PLAN MADE... so much stuff has changed over years i lost track.

wifi is used only for wife's two laptop ( one work , one home ) and a few tablets ( 3x amazon tablets for home automation,  three ipads and 2 iphones plus 5 or 6 amazon dots)

current system works but wifi is spotty ( i can see at least 20 other networks form neighbours all fighting for channels ) and nas / internet can bog down when moving lots of data

I want to rearrange stuff to crank out more throughput , especially towards the nas devices. the amount of NAS devices is going to be reduced the LG's are on their way out, and the two asusstors will get more drives.
so the new topology would look like

new router. here is the idea
port 1 - nas1
port 2 - nas2
port 3 - 24 port switch housefeed
port 4 - 8 portswitch - legacy devices ( old nas , home auto hubs and timecapsule ) old nas will be gone by end of year
port 5 - ipcams
port 6 - garage
port 7+8 link aggregation to office

i want throughput between office and the main NAS devices and house and NAs devices and internet. Running new cables is not an option. Fortunately i have have 3 dedicated cat 6e running from network closet to office so i can use two for aggregation. The run is short ( max 10 meter ) so i should be able to do something there. Either aggregation or attempting 10gb link (one router i found has a 10gb port) to a local switch. in short : i want a bigger pipe there.

for wifi i want to use a mesh solution. those 'repeaters' are crap as you need to manually change wifi on your devices. it should work seamlessly. so i want a router that comes with real mesh functionality
there are so many choices out there...

budget is not a problem. new router + a wifi extender + new switch for office

[wraper]

I suggest looking into Mikrotik. They also have test results on their website. Like on bottom of this page:https://mikrotik.com/product/rb4011igs_5hacq2hnd_in#fndtn-testresults

[bd139]

God no not microtik after this shit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/over-200-000-mikrotik-routers-compromised-in-cryptojacking-campaign . RouterOS is a piece of shit as well as is their licensing.

[wraper]

God no not microtik after this shit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/over-200-000-mikrotik-routers-compromised-in-cryptojacking-campaign . RouterOS is a piece of shit as well as is their licensing.

Because customers (ISPs) did not bother to update them for half a year since there was security patch released immediately after vulnerability became known.

[wraper]

How about Cisco? https://www.zdnet.com/article/thrangrycat-flaw-lets-attackers-plant-persistent-backdoors-on-cisco-gear/
The same can be said about almost any other manufacturer.

[free_electron]

never heard of Mikrotik. Prefer to stick to known brands such as linksys , netgear , cisco , d-link , asus that are readily available in US.

[bd139]

How about Cisco? https://www.zdnet.com/article/thrangrycat-flaw-lets-attackers-plant-persistent-backdoors-on-cisco-gear/
The same can be said about almost any other manufacturer.

Yeah not fan of them. I am currently arguing with their shit today 

Draytek up front, whack in a cheap 1G switch with 10G uplink port.

[wraper]

never heard of Mikrotik. Prefer to stick to known brands such as linksys , netgear , cisco , d-link , asus that are readily available in US.

All of those are just usual consumer gear while Mikrotik specializes mostly on ISPs/pro gear. You just don't realize how many Mikrotik is out there, basically in any country. I can find them in just about any airport I visited.

[Mr. Scram]

Get or build yourself a nice x86 router, separate capable switch and and get yourself a mesh network with a couple of access points. Most well known brands now have their own version, although publicly lesser known brands like Microtik and Ubiquiti seem to be popular options. That way you have near enterprise grade networking with excellent performance and configurability. If you don't want to go for the x86 router these brands also provide router options. I'd shy away from the typical consumer grade crap, no matter how many antennas they stuck on. It's always asking too much of too little hardware with a focus on the wrong qualities.

[sokoloff]

I use (and am happy with) Ubiquiti gear at home.
It's high-end consumer or mid-range SOHO type of gear.

I haven't tried link aggregation on the UniFi switches, but the feature is supported. (I have only one vertical Cat6 run up/down my house.)

[helius]

Furthermore the RouterOS vuln was specific to routers that had remote administration enabled. There is no need for this if you have your router in your own location. Many, many other manufacturers routers were and are vulnerable to remote attacks from woefully outdated OpenSSH versions and other things, but not all of them have proper disclosures and updates, nor ways to disable remote administration or backdoor passwords.
Consumer products are always going to have dire problems, like support for WPS or UPNP. In many cases you may be able to clean them up by loading a real operating system like DD-WRT or pfsense, but support will be better on systems that were designed to be used that way such as pcengine's Alix boards.

[bd139]

Get or build yourself a nice x86 router, separate capable switch and and get yourself a mesh network with a couple of access points. Most well known brands now have their own version, although publicly lesser known brands like Microtik and Ubiquiti seem to be popular options. That way you have near enterprise grade networking with excellent performance and configurability. If you don't want to go for the x86 router these brands also provide router options. I'd shy away from the typical consumer grade crap, no matter how many antennas they stuck on. It's always asking too much of too little hardware with a focus on the wrong qualities.

Not a terrible idea. Supermicro sell some decent machines for that.

Bit annoyed Soekris disappeared. I used one of their routers for about 5 years as an ADSL NAT router running OpenBSD.

Furthermore the RouterOS vuln was specific to routers that had remote administration enabled. There is no need for this if you have your router in your own location. Many, many other manufacturers routers were and are vulnerable to remote attacks from woefully outdated OpenSSH versions and other things, but not all of them have proper disclosures and updates, nor ways to disable remote administration or backdoor passwords.
Consumer products are always going to have dire problems, like support for WPS or UPNP. In many cases you may be able to clean them up by loading a real operating system like DD-WRT or pfsense, but support will be better on systems that were designed to be used that way such as pcengine's Alix boards.

RouterOS remote admin was on by default and reenabled itself on firmware update...

[free_electron]

couple of comments :
1) Building is not an option. no time , not willing to learn , no mucking about. looking for off the shelf turnkey.
2) no remote config will be enabled.
3) i am looking to remove bottlenecks in my current setup , especially between office / nas / internet  and  tv / nas.

[nctnico]

D-link has mesh enabled Wifi routers in their professional range. They work well (I have set these up in a large factory to have roaming wifi).

[rsjsouza]

Looking for a similar solution myself. Subscribed.

Currently using a consumer Dlink DIR-655, but its latest firmware goes back to 2014. I have no idea how many outstanding bugs it has untouched (including the Heartbleed).

[Monkeh]

So the million dollar question nobody has asked.. how fast is your WAN in reality?

[MrMobodies]

I was given a Draytek 2820n some years and was told it had problems with the wifi switching off.

I had it on for a while and no problems. When I took a look at the power supply provided, a tiny little thing I tested it and it couldn't deliver more than half of the rated, I think it was 12 1a. I have noticed with that model that it doesn't seem to work with double nat when I was testing it out.

Looking for a similar solution myself. Subscribed.

Currently using a consumer Dlink DIR-655, but its latest firmware goes back to 2014. I have no idea how many outstanding bugs it has untouched (including the Heartbleed).

I have got one of those from a bootsale in 2014. It was raining they were packing up and were going to throw it so they gave it to me for free. It is DIR-655 rev A2 VER 1.02. I was impressed with the wireless side but it kept on overheating and stopping so I replaced all the caps and cut the case to put a fan on it and now no problems since. I found from Russian website back then discussing it and got an upgrade they altered so I can downgrade to some version 1 (in sequence) to put it into proper bridge mode which they removed on the firmware above where you couldn't downgrade. I am sure it may have bugs but no problems for what I am using it for.

[free_electron]

My wan is 300 mBit/s

So the million dollar question nobody has asked.. how fast is your WAN in reality?

My wan is 300 mBit/s and , if you have read my original goal , that is not relevant for my question.

I am more concerned about what goes on in my internal LAN. Meaning :
My pc's and video / audio streamers to and from my NAS devices whether using a wired or wireless link.

Currently i can not attain the maximum throughput of my NAS boxes as the links are a bottleneck. ( i tried this by moving one nas and could get roughly 40% more speed )

My big concern is : how much data can the router's and switches backbone really move ? the switches are all sold as 8 port gigabit , but can the internal switch fabric really handle all 8 ports going full out ?
i found out ( in the past) that many 8 port switches are actually built from two 5 port chips. port 1234 are one chip 5678 on the other one. A 'hidden' port connected the two banks. With as result that
send from 1 to 2 and 3 to 4 simultaneously works top speed.
sending from 1 to 5 while also sending from 2 to 6 gives you half speed as both streams now have to go over the hidden port. There is a bottleneck there. Newer generation switches and true professional switches don't have that problem as their backbone can handle as many streams as there are ports.

My 24 port switch i such a beast. it actually has a two SFP ports that accepts  10Gb transceivers (Used Dell i got for 10$ ) but there are many cheap ones these days like the trendnet 24 port + 2x10g sfp. 88Gbps switching capacity

so i came to the following setup :

router : Netgear X10
why ? This router has 6 gigabit ports with 2 linkshare capable and a dedicated 10G sfp port.

interconnect : 10G SFP link cable ( no module , just a sfp to sfp cable ).

Main switch : 24 port switch .
SFP1 to router using the sfp-sfp cable
SFP2 to office using 10GbaseT SFP module

Office gets a new 8 port switch with 10G SFP port (either a GS110MX or a SX10) so these ports become essentially part of the main switch as it has a 10gb pipe

The two NAS boxes , the NVR and the apple timecapsule go on the router.
so the 10G links will never be overloaded.

one wifi extenders set up as AP.

final BOM

- Netgear X10 or XR700 router  360 .. 440$
- Netgear GS110MX for office 199$
- 10 G SFP cable : 15$
- SFP+ 10GT module : 54$
- EX7000 range extender for the wifi : 109$

In the future i may upgrade my dell switch to one with 4 SFP+ ports Then i can run 10G over all my house cables. ( i have a direct Cat 6 cable from router closet to office, downstairs and garage. )
This looks like it gives me the fattest pipes.

[Monkeh]

My wan is 300 mBit/s

So the million dollar question nobody has asked.. how fast is your WAN in reality?

My wan is 300 mBit/s and , if you have read my original goal , that is not relevant for my question.

It's very much relevant.

You don't need a new router. You just need a switch, and some APs. Your router has nothing to do with internal traffic, except for any built in AP.

Yes, a decent normal switch can handle full bandwidth on all ports.

[tautech]

wifi is used only for wife's two laptop ( one work , one home ) and a few tablets ( 3x amazon tablets for home automation,  three ipads and 2 iphones plus 5 or 6 amazon dots)

current system works but wifi is spotty ( i can see at least 20 other networks form neighbours all fighting for channels ) and nas / internet can bog down when moving lots of data

Have you considered shifting devices that are capable to 5G WiFi for better speeds ?

[free_electron]

wifi is used only for wife's two laptop ( one work , one home ) and a few tablets ( 3x amazon tablets for home automation,  three ipads and 2 iphones plus 5 or 6 amazon dots)

current system works but wifi is spotty ( i can see at least 20 other networks form neighbours all fighting for channels ) and nas / internet can bog down when moving lots of data

Have you considered shifting devices that are capable to 5G WiFi for better speeds ?

wifi speed is NOT the issue. (coverage is)

i am after wired speed.
right now if i send data from pc1 to nas1 while sending data from pc2 to nas2 , while sending data from the mac to the timecapsule , everything runs over a single 1gb link. and it slows down. plus some pipes carry always -on streams like the ip camera's which also eat bandwidth

Due to the way the house is wired and the endpoints of the cables i have to share some pipes. That is what i am trying to solve as problem 1. : upgrade the pipes to 10G
i can pump up the pipe from the network closet to my office to 10G so if all three computers are pumping data over their gigabit link , the shared pipe is not overloaded. i can't upgrade the computers to 10gb as they are laptops / all in ones (mac).

one thing i am not clear on is how packets really travel on a network and i can't really find a good explanation on the internet

assume this
- network without subnets. Everything lives on 192.168.1.xxx
- tree structure
- router at top.

Code: [Select]

  router
   +--- device 1
   +--- device 2
   +--- switch
           +--- device 3
   +--- device 4

when 3 talks to 1 that is loading the switching fabric of the router
when , at the same time, 4 starts talking to 2 , the cable between switch and router is a bottleneck

so this should remove bottlenecks ( assuming we have infinite backbone on the switch itself)

Code: [Select]

router
   |
   +--- switch
           +--- device 1
   +--- device 2
           +--- device 3
           +--- device 4

My question is : is the above true or not ?

i want to eliminate as much intermediate switches as possible. right now i have three level deep switching. (switches behind switches behind switches)
i want to convert that to 1 level. those links will be 10G.
i don't want to start mucking with managed switching ( later 3 / 4 ) or vpn. i tried that and it becomes a horrible mess figuring out what to put where so the devices can see what they need to see.
if i go to a scenario where there is only one device per switch port then switching happens purely by mac address. 1 port = 1 device. and my big switch can easily cope with that.

where i do need a 'geographical' break ( due to home wiring) i will use a fat pipe that cannot overload
home office : 3 computers + 3 printers on a 10G link to main switch
storage cabinet : router + 3 nas devices on a 10G link to main switch

in future : 10G link to garage and 10G link to media center. and i'm not sure i will do that as the required bandwidth there is low.
media center has a roku and an apple tv which are never used simultaneously so non issue. a single 1G link is sufficient
Garage : only used for some test equipment ( which is all 100Mbit and talks locally ) and 2 pc's . perfectly workable over a single 1G link.

the link from my office to the NAS / internet is much more important as i can currently overload that link.
the router / nas is in 1 location.
the main switch is a different location

[TERRA Operative]

My setup is as follows, and it works well:

Internet
| (1gig fiber)
Asus RT-AC88U (Running Asus Merlin firmware)
| (2gig LACP link aggregation)
24 port PoE switch
| (4gig LACP link aggregation)
Synology RS815+ NAS

All the rest of the wired network is hanging off the switch, 5 IP cameras, 3 printers, PC's/laptops, etc, etc.

I would suggest a similar topology, set up a link aggregated connection from router to switch, then branch everything off from there, using link aggregation where possible to increase bandwidth to end devices.
I don't use my router for switching duties, it handles the internet authentication, wifi, firewall, port forwarding etc, etc.
All the switching is done soley by the switch so I can get that sweet sweet link aggregation to whatever devices need it (the Asus will only support one 2gig LACP link max, my switch has no limit).

[tautech]

wifi speed is NOT the issue. (coverage is)

Then maybe a better range modem is required.
One like this here has given ~1km range on 2.4GHz albeit at low signal strengths at that distance.
https://www.tp-link.com/en/home-networking/wifi-router/archer-a9/?utm_medium=select-local

That you can also split WiFi usage onto 2.4 and 5 G bands means you can better share the loadings around.

In my limited experience LAN performance is greatly improved with switches strategically placed around the network.

[Halcyon]

pfSense for me. Either build your own machine or consider one of the Netgate appliances.

[free_electron]

wifi speed is NOT the issue. (coverage is)

Then maybe a better range modem is required.

i am talking WIRED as in hard ethernet cables. That is my prime goal. coming up with a network topology and equipment that maximizes throughput without having to run new wires.

Going wireless is not an option. Wireless is sucking through a straw ( 54mbit/s) in a congested airspace with 20 other neighbours also fighting for a time slot on the 11 available channels. Wifi is fundamentally broken. They need to open up much more airspace (channels).
just sniffing the airwaves i see like 60 devices from my neighbors ( printers, tablets, phones, amazon / google devices / sonoff switches ). it's unbelievable how congested it is.

i do want wifi but i am ok with what it is , as long as i can get it to work in the rooms i want ( currently one room with very intermittent connection and only like 1 bar ) so i will place a mesh extender on second floor ( router is on third floor ).