EEVblog Electronics Community Forum
Products => Other Equipment & Products => Topic started by: mapleLC on January 29, 2023, 01:19:57 am
-
I was searching the forum for router recommendations, and came across this old thread. I think it deserves an update. I have retired my Ubiquiti
https://www.eevblog.com/forum/reviews/what-router-do-you-use/msg560648/ (https://www.eevblog.com/forum/reviews/what-router-do-you-use/msg560648/)
My requirement is as robust a router as possible. No wifi. PoE is a good to have, as well as link aggregation, and optical/spf. I am a fan of few years old enterprise stuff, so that's an option for me if anyone knows of good ones.
Otherwise, what router recommendations are out there now?
-
What type of routing do you need and what is the throughput and latency that you need? And do you need firewalling as well?
If you want to keep cost down and do not need ultra high speed and ultra low latency L3 routing between VLANs or LAN-WAN, I suggest you take a managed switch for the L2 stuff, and use a software L3 router (+firewall) in a VM. Vyatta, pfSense, whatever. In homelab situations (what you seem to be after), firewalling and VLAN routing requirements often mix. Capable L3 routers are very expensive, and often do not do exactly what you want. Apart from being loud and power hungry. Had a couple of brocade ICX switches for a while. My ears!
My homelab is based on a Cisco 350X series stack as backbone, mikrotik distribution switches, and pfSense as FW/L3 Router in a ESXi cluster (on Xeon D). 7 VLANs, 2 WAN links. pfSense takes care of the L3 routing, inter-VLAN firewalling, LAN-WAN firewalling, and WAN failover coordinator. LAN is all 10Gbps of course, on 1Gbps WAN links. Rock solid install, operational in this form since more than 7 years now. But I am thinking about upgrading, since the machinery starts to age, and it's been a couple of years since consumer grade ISPs here in France can provide 8+Gbps home links for low prices (that means: 50 EUR/month, and of course, unlimited traffic).
What material I'd take for the upgrade? No fundamental changes: Supermicro for the servers (Xeon D, and maybe some ARM), Mikrotik has not disappointed me (as long as you stick to L2), but Cisco I'd need to look. I'd want at least 25 or 40 Gpbs trunk links between my 2 racks, and Cisco is a bit expensive there.
By the way, please avoid Qnap. Nothing but hardware and software problems with that.
-
I use a FireBrick FB2900 ‘network contraption’ https://www.firebrick.co.uk/fb2900/ (https://www.firebrick.co.uk/fb2900/) as a router, firewall, and VPN termination. Very capable, quiet and low power, but not cheap. I use the SFP port to link to managed switches for VLANs, and a Zyxel wireless access point. Very well supported, automatic and free software updates, 5 years guarantee on the hardware. No regrets so far
-
I'd want at least 25 or 40 Gpbs trunk links between my 2 racks, and Cisco is a bit expensive there.
At work they bought fs switches , for a new standalone test setup - 40Gb
https://www.fs.com/de-en (https://www.fs.com/de-en)
They say the switches & SFP's are working well ...
-
At work they bought fs switches , for a new standalone test setup - 40Gb
..
They say the switches & SFP's are working well ...
Although their SFPs are OK, I've had problems with their PoE switches. Mixed bag...
-
What type of routing do you need and what is the throughput and latency that you need? And do you need firewalling as well?
If you want to keep cost down and do not need ultra high speed and ultra low latency L3 routing between VLANs or LAN-WAN, I suggest you take a managed switch for the L2 stuff, and use a software L3 router (+firewall) in a VM. Vyatta, pfSense, whatever. In homelab situations (what you seem to be after), firewalling and VLAN routing requirements often mix. Capable L3 routers are very expensive, and often do not do exactly what you want. Apart from being loud and power hungry. Had a couple of brocade ICX switches for a while. My ears!
My homelab is based on a Cisco 350X series stack as backbone, mikrotik distribution switches, and pfSense as FW/L3 Router in a ESXi cluster (on Xeon D). 7 VLANs, 2 WAN links. pfSense takes care of the L3 routing, inter-VLAN firewalling, LAN-WAN firewalling, and WAN failover coordinator. LAN is all 10Gbps of course, on 1Gbps WAN links. Rock solid install, operational in this form since more than 7 years now. But I am thinking about upgrading, since the machinery starts to age, and it's been a couple of years since consumer grade ISPs here in France can provide 8+Gbps home links for low prices (that means: 50 EUR/month, and of course, unlimited traffic).
What material I'd take for the upgrade? No fundamental changes: Supermicro for the servers (Xeon D, and maybe some ARM), Mikrotik has not disappointed me (as long as you stick to L2), but Cisco I'd need to look. I'd want at least 25 or 40 Gpbs trunk links between my 2 racks, and Cisco is a bit expensive there.
By the way, please avoid Qnap. Nothing but hardware and software problems with that.
I dont have the control of my internet connection like you seem to. I have a fiber connection through the highly restrictive ATT US service.
The router I need takes the WAN connection from the provided ATT router ( CANT CHANGE IT UGH ) and takes over from there. There is an unsolvable bottleneck with this setup that many searches of forums have turned the same result... bypass temporarily, eventually fails, new hardware restarts everything. Never works well.
That pfSense sounds like a firewall device, correct? It would not be the right fit for this setup, I would imagine?
-
That pfSense sounds like a firewall device, correct? It would not be the right fit for this setup, I would imagine?
It is a firewall + routing + vpn device (+ extensions via packages). It routes between network interfaces, that can be on LANs or VLANs (in most cases wit the help of a managed switch) or WAN. WAN ito pfsense is just a name for yet another network interface, and can simply be the NATted LAN network that your ATT modem gives you. pfsense does not require you to replace the ISP's modem or to bypass it. The idea is LAN devices -> pfsense -> ATT modem. And since pfsense allows you to define many networks, you can then create segments in your LAN, and let pfsense do the routing between LANs and from any LAN to WAN.
-
Mikrotik.
-
The router I need takes the WAN connection from the provided ATT router ( CANT CHANGE IT UGH ) and takes over from there. There is an unsolvable bottleneck with this setup that many searches of forums have turned the same result... bypass temporarily, eventually fails, new hardware restarts everything. Never works well.
I use a NetGate 3100 with AT&T 1g/1g FTTH using an AT&T BGW320-505 router in bypass mode as a fiber modem. Has worked perfectly for a couple of years now, it never exits bypass mode. The only problem is with pfSense in the NG 3100, in that it tries to run dhclient to obtain a WAN lease before the WAN port has a link - this happens on power failures because the router starts up faster than the fiber modem. The BSD DHCP client never recovers from this and will never retry. There's a configurable autoboot delay that is a viable workaround, but of course if it worked properly the DHCP client would monitor the interface and react to link up/down events. Instead it's all 1980s era BSD rc boot script junk.
Now that I think about it I do vaguely recall some router/modem models having problems in bypass mode and I specifically demanded this model.
Make sure to disable all the radio stuff in the router.
-
Mikrotik.
https://mikrotik.com/product/ccr2004_16g_2splus#fndtn-gallery
This one looks to have the right characteristics.
-
That pfSense sounds like a firewall device, correct? It would not be the right fit for this setup, I would imagine?
It is a firewall + routing + vpn device (+ extensions via packages). It routes between network interfaces, that can be on LANs or VLANs (in most cases wit the help of a managed switch) or WAN. WAN ito pfsense is just a name for yet another network interface, and can simply be the NATted LAN network that your ATT modem gives you. pfsense does not require you to replace the ISP's modem or to bypass it. The idea is LAN devices -> pfsense -> ATT modem. And since pfsense allows you to define many networks, you can then create segments in your LAN, and let pfsense do the routing between LANs and from any LAN to WAN.
Thank you. I must research it, as its doing more than I know how to adminstrate. I am not sure it stops the ATT bottleneck problem, though.
The router I need takes the WAN connection from the provided ATT router ( CANT CHANGE IT UGH ) and takes over from there. There is an unsolvable bottleneck with this setup that many searches of forums have turned the same result... bypass temporarily, eventually fails, new hardware restarts everything. Never works well.
I use a NetGate 3100 with AT&T 1g/1g FTTH using an AT&T BGW320-505 router in bypass mode as a fiber modem. Has worked perfectly for a couple of years now, it never exits bypass mode. The only problem is with pfSense in the NG 3100, in that it tries to run dhclient to obtain a WAN lease before the WAN port has a link - this happens on power failures because the router starts up faster than the fiber modem. The BSD DHCP client never recovers from this and will never retry. There's a configurable autoboot delay that is a viable workaround, but of course if it worked properly the DHCP client would monitor the interface and react to link up/down events. Instead it's all 1980s era BSD rc boot script junk.
Now that I think about it I do vaguely recall some router/modem models having problems in bypass mode and I specifically demanded this model.
Make sure to disable all the radio stuff in the router.
My setup has been stable with the bypass mode, I have the BGW320-500, not the 505. Unfortunately, you can't group the network drops out of the router and it has a lot of other limitations. Bypass mode doesnt mean much as the ATT router's NAT table is still used and a bottleneck.
Why ATT insists on this bs is strange. Just upcharge us. Name the price. Most of us will pay. Just give me a clean sfp fiber drop I can slip right into a modem. But they choose to make this stupidly expensive, almost 3x the price for the same connection speed that's just a couple of changes to some databases and configurations.
-
Mikrotik.
Also, this Mikrotik "Cloud Router" - whats the significance of this language? Is it just a router with dumb cloud jargon on it?
-
I dont have the control of my internet connection like you seem to. I have a fiber connection through the highly restrictive ATT US service.
The router I need takes the WAN connection from the provided ATT router ( CANT CHANGE IT UGH )
You can remove the AT&T router from the equation in most circumstances. I've got 1G UVerse FTTH and do 802.1x EAP straight from my Ubiquiti Edgerouter 4... the only catch is that you have to have the proper certificates. You can extract them from the router they provided, which most people on here should be able to do... or you can buy them off people on eBay who have done the work for you. Others have done the same with pfsense or opnsense, so you're not limited to Ubiquiti... lots of platforms support 802.1x EAP.
I've also recently seen others have had luck using a ONT SFP directly in their Edgerouter and copying the serial number off their AT&T provided ONT and not even needing to do 802.1x EAP at all. I haven't yet tried this, but it's on my to-do list.
-
I finally stopped using an old PC as a router and got a PC Engines apu4d4 (https://www.pcengines.ch/apu2.htm) onto which I installed OPNsense which is a fork of pfSense. I have settled on TP-Link TL-SG108E 8-Port VLAN switches for port expansion and to allow routing instead of switching between endpoints.
-
An alternative suggestion for FTTH is the Fritz!Box 5530 Fiber or 5590 Fiber (SFP for GPON). Any mini PC with a fast multi-core CPU running pfSense/OPNsense/OpenWrt works great too. You could also use any old PC, but the power consumption would be higher. I'm waiting for something like the GL.iNet GL-AX1800 (quad-core, 1.2GHz, 512MB RAM, 128MB flash, USB) to be supported by OpenWrt (not the vendor's modified version). And for power users there are several white box manufacturers of L2/L3 switches supporting OpenSwitch, in case you don't want to go for the expensive brands.
-
I finally stopped using an old PC as a router and got a PC Engines apu4d4 onto which I installed OPNsense which is a fork of pfSense.
I went the other way - used to use and specify PC Engines (got five early-ish AMD models if anyone needs some) but switched to what's essentially a PC in a plain industrial box. Main reason was speed and cheapness - the PC is just as reliable but easily replaced if necessary for peanuts. (pfSense on all of them.)
-
I dont have the control of my internet connection like you seem to. I have a fiber connection through the highly restrictive ATT US service.
The router I need takes the WAN connection from the provided ATT router ( CANT CHANGE IT UGH )
You can remove the AT&T router from the equation in most circumstances. I've got 1G UVerse FTTH and do 802.1x EAP straight from my Ubiquiti Edgerouter 4... the only catch is that you have to have the proper certificates. You can extract them from the router they provided, which most people on here should be able to do... or you can buy them off people on eBay who have done the work for you. Others have done the same with pfsense or opnsense, so you're not limited to Ubiquiti... lots of platforms support 802.1x EAP.
I've also recently seen others have had luck using a ONT SFP directly in their Edgerouter and copying the serial number off their AT&T provided ONT and not even needing to do 802.1x EAP at all. I haven't yet tried this, but it's on my to-do list.
You're tempting me into that rabbit hole again.
At this point, I would gladly pay someone that could help me do it remotely in a fashion that I could take it over, sure why not. If anyone, including yourself, is interested in doing it, PM me.
Otherwise, I don't have the Linux skillset yet to set this up in a reliable fashion on my own.
-
I finally stopped using an old PC as a router and got a PC Engines apu4d4 onto which I installed OPNsense which is a fork of pfSense.
I went the other way - used to use and specify PC Engines (got five early-ish AMD models if anyone needs some) but switched to what's essentially a PC in a plain industrial box. Main reason was speed and cheapness - the PC is just as reliable but easily replaced if necessary for peanuts. (pfSense on all of them.)
The various router distributions discontinued support for 32 bit processors and I did not have any spare 64 bit systems, so the PC Engines hardware was actually my least expensive option, plus it had some advantages like low power requirements and ECC memory.
-
I was searching the forum for router recommendations, and came across this old thread. I think it deserves an update. I have retired my Ubiquiti
Which model of Ubiquiti? I'm still using an Ubiquiti ERLite-3, works fine up to one gigabit up and down on my fiber connection. I have a managed box by my ISP for my fiber, but they set a port to bridged when I asked for it, so I can use my own router. But the ERLite-3 is becoming old and I've been thinking what to replace it with if it breaks down. One option is the ER-4, because I like the platform. But the ER-4 hasn't been in stock for a long time, even though it's listed.
Btw, don't confuse the Edgerouters with their Unifi line of products. The Edgerouters are built on Debian and Vyatta and are very capable.
Maybe Mikrotik is the only similar affordable platform.
The PC Engines line of products look tempting, mainly for their low power usage (6-10W). Otherwise a standard PC in a small box would suffice. An ARM is too slow for routing (AFAIK). I scrapped my Linksys and Asus routers a long time ago.
-
I was searching the forum for router recommendations, and came across this old thread. I think it deserves an update. I have retired my Ubiquiti
Which model of Ubiquiti? I'm still using an Ubiquiti ERLite-3, works fine up to one gigabit up and down on my fiber connection. I have a managed box by my ISP for my fiber, but they set a port to bridged when I asked for it, so I can use my own router. But the ERLite-3 is becoming old and I've been thinking what to replace it with if it breaks down. One option is the ER-4, because I like the platform. But the ER-4 hasn't been in stock for a long time, even though it's listed.
Btw, don't confuse the Edgerouters with their Unifi line of products. The Edgerouters are built on Debian and Vyatta and are very capable.
Maybe Mikrotik is the only similar affordable platform.
The PC Engines line of products look tempting, mainly for their low power usage (6-10W). Otherwise a standard PC in a small box would suffice. An ARM is too slow for routing (AFAIK). I scrapped my Linksys and Asus routers a long time ago.
I have an EdgeRouter POE, with 5 ports. Its a good router, but my problem is with the company's policies and what they did to my perfectly serviceable UNIFI wifi system - idiotic upgrades disabling the roaming features. I had no idea it happened after I had a bunch of complainers at my home, after I finally figured it out, I had spent hours trying to track down a network problem that didn't exist.
So Ubiquiti can F-right-off in my book.
-
I dont have the control of my internet connection like you seem to. I have a fiber connection through the highly restrictive ATT US service.
The router I need takes the WAN connection from the provided ATT router ( CANT CHANGE IT UGH )
You can remove the AT&T router from the equation in most circumstances. I've got 1G UVerse FTTH and do 802.1x EAP straight from my Ubiquiti Edgerouter 4... the only catch is that you have to have the proper certificates. You can extract them from the router they provided, which most people on here should be able to do... or you can buy them off people on eBay who have done the work for you. Others have done the same with pfsense or opnsense, so you're not limited to Ubiquiti... lots of platforms support 802.1x EAP.
I've also recently seen others have had luck using a ONT SFP directly in their Edgerouter and copying the serial number off their AT&T provided ONT and not even needing to do 802.1x EAP at all. I haven't yet tried this, but it's on my to-do list.
You're tempting me into that rabbit hole again.
At this point, I would gladly pay someone that could help me do it remotely in a fashion that I could take it over, sure why not. If anyone, including yourself, is interested in doing it, PM me.
Otherwise, I don't have the Linux skillset yet to set this up in a reliable fashion on my own.
I can help... PM me your contact info and we can get it all sorted out. Sounds like you already have an Edgerouter, so it should be fairly easy.
-
Makita 😉
-
Makita 😉
Indeed, one of the last few tool makers that actually makes their own tools.