Article suggestion: cheap performance routers

[RTM]

I would like to see a review or a series of reviews, of relatively inexpensive high performance routers such as the new EdgeRouter X and Mikrotik RB850Gx2. It would probably be smart to compare with some of the older similar devices such as the EdgeRouter lite.

In a similar vein, I would like to see reviews of x86 boards/devices such as in a router/firewall context:
- Fit-PC Fitlet-X(A10)-LAN
- PC Engines APU
- Netgate RCC-VE
- Something "cheap" from eBay (like the AIMB-272's)

Perhaps in combination with the previous, it would be interesting to test performance of the various free router OS such as pfSense, OpnSense, Vyos, etc., perhaps both virtualized and not.

 

[EluRex]

pfsense is great for me so far... all you need is an old PC with dual port/quad port nic

 

[Cheddoleum]

More and more I'm thinking the ideal network appliance is an ITX mobo with at least 4 (8 would be better) Intel NICs coupled with the lowest TDP Intel CPU that has both AES-NI and VT-D, and preferably HT as well. Like, say the i3-5020U. Though that's a darn pricy little chip for a Core i3. Carve it up with your favorite hypervisor into as many appliances you need. Does anybody make a network-oriented mobo that's all decent PHYs and not so much SATA and other stuff you don't need?

 

[EluRex]

C2758?

 

[Jeggs101]

BUT what would you use this for?

Sorry to ask the ignorant question but these are really home/ SMB office routers right? Is ~10ns faster even better enough to matter?

 

[neo]

Does anybody make a network-oriented mobo that's all decent PHYs and not so much SATA and other stuff you don't need?

There are plenty.

Here is 1: Supermicro | Products | Motherboards | Atom Boards | A1SRM-LN7F-2358

 

[Cheddoleum]

BUT what would you use this for?

Sorry to ask the ignorant question but these are really home/ SMB office routers right?

Is it? I didn't get that from the top post. In any event whether your home or office needs a capable network appliance kind of depends on what you do with it.

Is ~10ns faster even better enough to matter?

It's not about the latency -- that's usually down to the buffering and efficiency of the network stacks at every hop, not the performance of your own router -- but about getting full use of your bandwidth, particularly now that encrypted links are getting to be the norm. If you have multiwan with VPN and perhaps are hosting your own VPNs for clients it's very easy to get to the point where you're unable to use all your uplink bandwidth because you've pegged some resource on some network appliance or other. VT-d or the equivalent means no emulation layer -- right now vhost-NNNN threads are using a surprising amount of CPU on my router VM; and AES-NI means very low encryption overhead.

Yeah, the Rangeley and Avotons are nice, but they don't support VT-d.

 

[neo]

Yeah, the Rangeley and Avotons are nice, but they don't support VT-d.

Call me old fashioned, but I do not like virtualizing a router/firewall appliance.

 

[T_Minus]

Is it? I didn't get that from the top post. In any event whether your home or office needs a capable network appliance kind of depends on what you do with it.

It's not about the latency -- that's usually down to the buffering and efficiency of the network stacks at every hop, not the performance of your own router -- but about getting full use of your bandwidth, particularly now that encrypted links are getting to be the norm. If you have multiwan with VPN and perhaps are hosting your own VPNs for clients it's very easy to get to the point where you're unable to use all your uplink bandwidth because you've pegged some resource on some network appliance or other. VT-d or the equivalent means no emulation layer -- right now vhost-NNNN threads are using a surprising amount of CPU on my router VM; and AES-NI means very low encryption overhead.

Yeah, the Rangeley and Avotons are nice, but they don't support VT-d.

I dunno about you but "it's not about the latency" in a home router situation is VERY relevant in my experience.

Most "HOME" consumer routers suck. I've upgraded a couple friends to Zyxel USG50s while not high-end or top of the line by any means the reduced latency was noticeable to even my parents. Replace an old router, and some old switches and you may notice a huge increase in performance on your LAN and when browsing the web.

My 02/experience.

 

[RTM]

BUT what would you use this for?

Sorry to ask the ignorant question but these are really home/ SMB office routers right? Is ~10ns faster even better enough to matter?

For me, much of the reason why I am interested in this class of devices, is that you can't really trust consumer grade vendors to patch their firmwares. Heck you probably can't even trust them to write software that is not ridiculously full of bugs/vulnerabilities.

Another reason is that I like to run services (DNS, VPN, IDS, etc.) that require more performance.

Finally, high bandwidth internet connections are becoming more and more readily available, having routers that match are obviously important.

 

[andrewbedia]

Just get a J1900 system (or buy a board and stick it in something), a gig or two of ram, and an intel dual (or quad) port nic. Pfsense all day long.

 

[Scott Laird]

On a bit of a different tack from everyone else's answers, my favorite "cheap" router is a used Juniper SRX240 off of eBay. They're a bit long in the tooth, and a bit loud, but I love Juniper's config system and they'll do practically anything that you'd want a router to do. The downside is the the cheap ones (240H, 240B, 240B2) aren't upgradable past Junos 12.1x46 without a bit of bother, and the 240H2 model with 2G that *will* upgrade is ~$900ish. OTOH, you can get a pair of 240Hs off of eBay for $300-ish each and get them running as a fully redundant cluster without much work. They're a bit slower than Ubiquiti Edgerouters (even though they use more or less the same CPUs), but they're much more flexible and better-documented. They'll do practically anything that any Juniper device is capable of, right up until they run out of steam. OSPF, BGP, MPLS, stateful firewalling, traffic shaping, URL blocking, VPN, ISIS, they'll do practically anything. Juniper claims 600-1.8 Gbps, depending on the traffic mix, but I haven't benchmarked mine.

One example of why I like them: I added a HE IPv6 tunnel (Frontier -> no v6 yet), and was able to move my current complicated NAT+stateful firewall ruleset to allow direct v6 access *with the same rules* in only a few minutes. Effectively, I was able to say "anything that would have been okay with v4 is also okay to the same hosts with v6."

They're the wrong device for "I just want my home Internet to work", but they're a nice test-lab router.

 

[andrewbedia]

Frontier

I am so sorry you have frontier...

EDIT: Where in the USA do you have service with frontier?

 

[Patrick]

I would like to see a review or a series of reviews, of relatively inexpensive high performance routers such as the new EdgeRouter X and Mikrotik RB850Gx2..

What I really need is someone to do this kind of review on STH!

 

[andrewbedia]

I actually just bothered to glance at the EdgeRouter X... seems like a nifty little thing... especially for the price. I've seen gigabit switches go for more money than that.

 

[Scott Laird]

FMA1394: Seattle suburbs. It's actually Frontier FiOS, which they bought off of Verizon shortly after I had it installed. It works well enough, but I've been stuck at the same speed for years, and they can't decide if they're willing to sell me faster service or not. The salespeople think yes, the installers think no. Usually.

 

[RTM]

What I really need is someone to do this kind of review on STH!

Fair enough, I would like to help but time is a problem.

I will probably be getting an EdgeRouter X, once I can find a webshop that sells them.
Are there any relatively simple test scripts that could be used to measure performance reliably?

 

[apnar]

I'd run pf on my all-in-one for years but ended up back with a consumer netgear r7000 with tomato custom firmware. Keeps basic internet up in the house while I'm screwing around with other boxes (much better WAF) and let's me do everything I need to do.

 

[MiniKnight]

I'd run pf on my all-in-one for years but ended up back with a consumer netgear r7000 with tomato custom firmware. Keeps basic internet up in the house while I'm screwing around with other boxes (much better WAF) and let's me do everything I need to do.

I went to a network services AIO C2758 based on what some have done here. It's a nice setup since basically low power and services I need up all the time. No real risk of a bad firmware u/g since I've got Hyper-V snapshots.

 

[Continuum]

I will probably be getting an EdgeRouter X, once I can find a webshop that sells them....

Depending on your needs, you should also look at the EdgeRouter Lite. Although the EdgeRouter Lite does not have as many Ethernet ports as the EdgeRouter X, the EdgeRouter Lite does have a few features that the EdgeRouter X lacks, such as hardware offloading of certain features. The EdgeRouter Lite can be had for around $100 on Amazon.

I have had my EdgeRouter Lite for almost a year. I love its features, interface, and performance. It has been a good little router.