Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[ryan2390]

Hi All,

As some of you are aware I am soon going to have FTTH installed and I am considering upgrading the home network. Ideally I want a router/gateway with a good firewall and QoS. A VPN feature would be a bonus. Given the the speed of FTTH it needs to have a high throughput. Need something that will handle 330Mbps at the barest minimum. Wireless is not necessary as there will be a Ubiquiti access point if this goes ahead.

Price wise looking for something £150 or less. Any advice you can offer would be appreciated

Cheers

Ryan

[burakkucat]

I was going to suggest a Watchfront Firebrick FB2700 but then I saw your upper price limit. With that in mind, I'm not sure what to suggest. 

[Dray]

Does this benchmark site help? http://www.smallnetbuilder.com/tools/charts/router/bar/76-total-simul

[Weaver]

An Fb2700 should be fast enough, but as Burakkucat says, it's going to blow your budget to pieces.

[ryan2390]

I have been looking at various options including Ubiquiti's edge router. I seem to recall being told DrayTek are a good brand of box so I should look into those.

So far we are looking at spending around £200 for new router, PoE switch and a Ubiquiti wireless access point and some cables.

[burakkucat]

So far we are looking at spending around £200 for new router, PoE switch and a Ubiquiti wireless access point and some cables.

Is that £200 the upper limit per device?   

You reference three devices and some cables. I can't see you achieving that on a total budget of £200 . . . 

[ryan2390]

So far we are looking at spending around £200 for new router, PoE switch and a Ubiquiti wireless access point and some cables.

Is that £200 the upper limit per device?   

You reference three devices and some cables. I can't see you achieving that on a total budget of £200 . . . 

Sorry it's £200 for the lot. Router, Ubiquiti AP, PoE switch and some cat cables. If there is something much better for a bit more I'd consider it but it's a joint venture if you will between my dad and I so can't go too mad

[burakkucat]

If there is something much better for a bit more I'd consider it but it's a joint venture if you will between my dad and I so can't go too mad

Understood. With that clarified, perhaps others will now make some suggestions.

[kitzuser87430]

How about http://www.broadbandbuyer.co.uk/products/23763-ubiquiti-uap-ac-lite-uk/....comes with poe injector....(saves about £100 against a 8 port poe switch)......a few cat5e cables.......then spend the rest of your budget on a pre used (ebay) asus rtn66u or the ac model.

[phi2008]

Don't know if you have any PC bits and pieces lying around to build a pfSense router using a Celeron N3150 motherboard(typically around £60 - I use one with pfSense). Performance of the N3150(with AES-NI, which older Celerons don't have) is quite good -

You are correct that OpenSSL can take advantage of kernel-module based crypto engines, but I suppose I should have been more specific.

Although the OpenVPN OpenSSL implementation can take advantage of hardware acceleration, including ARM modules and AES-NI, it is extremely inefficient at it. The way OpenVPN handles encryption does not take well to hardware acceleration because of the actual way it handles the encryption. I don't remember how it is different that IPSEC exactly but I remember it has something to do with the way OpenSSL handles accelerators not being 100% secure.

A good example of this is the litter router I just built to run PFSense. The CPU is a Celeron N3150 which supports AES-NI. The box will route gigabit all day with no issues and run IPSEC AES-256-CBC at about 125Mbit without AES-NI enabled, OpenVPN AES-256-CBC will only push 98Mbit. Enabling AES-NI support at the kernel level brings IPSEC AES-256-CBC to 400Mbit and OpenVPN AES-256-CBC to 122Mbit.

http://forum.mikrotik.com/viewtopic.php?p=521878&sid=3db63f9c8a946e09f4b6d5d268fd68cf#p515300

[Chrysalis]

sadly openvpn is turning out to be aweful software if performance is important.  It is unreal there is still no gcm or chacha support implemented, as gcm is pretty significantly faster than cbc, and chacha even more so if the cpu is not aes accelerated.  Openvpn is also limited to performance of one cpu core due to not really been SMP friendly.

[phi2008]

I'm not sure it's entirely clear what the situation is in terms of performance, however the ability of AES-NI to increase performance to 400Mb/s shows there's decent capability in cheap Celeron boards.

[phi2008]

Looks like OpenVPN should be capable of good performance assuming it is set up properly -

https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux

[ryan2390]

I would consider a pfSense box. Would I be right in thinking an Intel NUC with a gigabit ethernet port would do the job?

I have been looking at the ubiquiti routers too. I don't need VPN but with the new broadband it'll be something that would be usable instead of a gimmick.

[phi2008]

Here's what I'm running, it's basically a generic Celeron N3150 box(you're basically free to pick whatever you want), no moving parts beyond the on/off switch - totally silent  -

ASUS N3150IC motherboard

Dell Intel Port Dual Port Gigabit PCI-E Network Card X3959 - used, from eBay

MI 008 case - cheapest case I could locate, you may have other preferences.

PicoPSU

SSD

Only thing you have to be careful with in the case of pfSense is making sure your card works(not just Realtek vs Intel but things like quad port vs dual port IIRC). Apparently Intel cards just work much better i.e. you won't necessarily see a difference in throughput between Realtek and Intel but underneath the hood people have posted that Realtek puts more strain on the system(many more interrupts and CPU load).

In regard to the case it was the cheapest I could find, but at the time I couldn't find it in the UK, so I purchased it on Amazon France (£31 delivered - I shall now await the smart alec reply from somebody who does actually know where to buy one in the UK cheaply  ).

I've just upgraded pfSense to 2.3 and the new UI is looking very slick and modern ... I've been through a lot of routers Cisco, Juniper, ASUS, Thomson, etc, etc. Basically I just got fed up with proprietary stuff and decided that cheap, powerful, commodity hardware, and free software was the way to go.