[Discussion] best "bang for your buck"

FNtastic

[H]ard|Gawd
Joined
Jul 6, 2013
Messages
1,419
There seems to be debate on whether the prosumer stuff, enterprise, or consumer stuff is the best value.

From my experience, something like the ubiquiti edgerouter x and the AC-lite AP, coming in right around $130 shipped, is the best value (on the low end). If you want a lot of features for a small price with great performance, this is a good setup.

It seems that others think that it's "too hard" to set it up properly. If you can watch a YouTube video and follow instructions, you can set it up properly.

So, this is meant to carry on the conversation of what's the best, and why. To give us a baseline, let's say the buyer wants AC WiFi with basic security and regular firmware updates. It doesn't need to be all-in-one or separate components.

Why is this setup not the best? Why is your consumer recommendation better? What are you considering in your recommendation?
 
I haven't used any of the UBNT routers so I can't comment on their ease of use. I do have some of their APs and I love them. They are stupid easy to set up and then just work. I did accidentally kill one outdoor AP. It turned upside down and the innards got soaked. Otherwise everything has been solid. I lhave a Loco M2 irradiating my neighbors across the street one AP indoors and one out back. My home automation software has a syslog server so it can tell which AP someone is connected to by parsing the Unifi logs. Announcements get made on the outside speakers when I'm out back or inside when I'm in. Super cool and easy to set up but you don't by any stretch of the imagination need to do anything so involved to just get solid use from them. I had been using a consumer router with DD-WRT for about 8 years. When it bit the bullet I replaced it with an over the top PfSense machine and I'm in WAAAAAAAAYYYYYY over my head. It wouldn't be working if I hadn't had someone help me configure it. It's pretty solid now though. If the Unifi routers are as easy to configure as their APs then I would highly recommend them.
 
I am just going to put this here as you originally started this as a claim how consumer routers went unpatched and were move vulnerable. Ubiquiti has been hacked and vulnerable numerous times in the past and remained unpatched for awhile while vulnerable. In 2017 they were hacked using an exploit that took advantage of PHP code over 20 years old. The vulnerability remained unpatched for some time even after Ubiquiti was notified.

Also a very famous vulnerability was released based on some of their designs which required you to set up your devices through their cloud connections. Basically anyone could access and change the configuration of your router from anywhere if they could access your account.

The reality is all equipment/software may have vulnerabilities and keeping up to date with patching is important. But even more important is layering security. You can build safe home networks even with old unpatched networking gear depending on how you setup your layers of defense. There are also a number of consumer devices that can be flashed with better firmware/software that can allow you to take more control of your device and make it even more secure.

In addition you can build your own systems and security for pretty cheap using a lot of open source tools.

But the ultimate in deciding is the cost/benefit ratio. If you really don't have much on your home network, then what is the point of buying potentially more complicated devices? I see this all the time when companies buy systems or software based on recommendations rather than matching it to actual requirements.
 
I am just going to put this here as you originally started this as a claim how consumer routers went unpatched and were move vulnerable. Ubiquiti has been hacked and vulnerable numerous times in the past and remained unpatched for awhile while vulnerable. In 2017 they were hacked using an exploit that took advantage of PHP code over 20 years old. The vulnerability remained unpatched for some time even after Ubiquiti was notified.

Also a very famous vulnerability was released based on some of their designs which required you to set up your devices through their cloud connections. Basically anyone could access and change the configuration of your router from anywhere if they could access your account.

The reality is all equipment/software may have vulnerabilities and keeping up to date with patching is important. But even more important is layering security. You can build safe home networks even with old unpatched networking gear depending on how you setup your layers of defense. There are also a number of consumer devices that can be flashed with better firmware/software that can allow you to take more control of your device and make it even more secure.

In addition you can build your own systems and security for pretty cheap using a lot of open source tools.

But the ultimate in deciding is the cost/benefit ratio. If you really don't have much on your home network, then what is the point of buying potentially more complicated devices? I see this all the time when companies buy systems or software based on recommendations rather than matching it to actual requirements.
"Why is this setup not the best? Why is your consumer recommendation better? What are you considering in your recommendation?"
In other words, answer the question. What is the best bang for your buck?
 
"Why is this setup not the best? Why is your consumer recommendation better? What are you considering in your recommendation?"
In other words, answer the question. What is the best bang for your buck?

If you read my post you would see I clearly stated an opinion on that.

You can build safe home networks even with old unpatched networking gear depending on how you setup your layers of defense. There are also a number of consumer devices that can be flashed with better firmware/software that can allow you to take more control of your device and make it even more secure.

In addition you can build your own systems and security for pretty cheap using a lot of open source tools.

If you need me to spell it out clearer, using open source software on devices you already own and layering your security through multiple devices/methods is basically the "best bang for the buck". Basically it is "free" to use open source software and if you have devices laying around that you can flash or install it on, all the better. That is clearly less money then the $135 and offers far more control and customization.
 
If you read my post you would see I clearly stated an opinion on that.



If you need me to spell it out clearer, using open source software on devices you already own and layering your security through multiple devices/methods is basically the "best bang for the buck". Basically it is "free" to use open source software and if you have devices laying around that you can flash or install it on, all the better. That is clearly less money then the $135.
So, I am "clearly" going to broadcast Wi-Fi on some imaginary AP that I already own. Thanks for the recommendation... That was really helpful of you. Everything is so "clear" now because you "clearly" stated it.
 
So, I am "clearly" going to broadcast Wi-Fi on some imaginary AP that I already own. Thanks for the recommendation... That was really helpful of you. Everything is so "clear" now because you "clearly" stated it.

Not sure what is not clear to you. If you already own something that can be flashed, IE a consumer Wi-Fi router, then that is clearly a better value. Especially if you then pair it with a pfSense firewall or other open source firewall built on other equipment you already own. There are also a number of DIY routers out there that cost $50 or less.
 
Not sure what is not clear to you. If you already own something that can be flashed, IE a consumer Wi-Fi router, then that is clearly a better value. Especially if you then pair it with a pfSense firewall or other open source firewall built on other equipment you already own. There are also a number of DIY routers out there that cost $50 or less.
It's getting so much more "clear".

I'm not spending time breaking down the first post for you. I'm not sure if you're intentionally being dense, or if that's just how you are. You have not explicitly recommended any hardware for the proposed upgrade in the first post. How am I going to get AC if I don't own an AC wireless router already? (You got me. I spent time breaking down the first post for you.)
It's explained in the first post. It's so "clear"! Maybe you want to give it another read. Maybe that still won't help you understand. Either way, it looks like you just came here to try and argue, and not to have a discussion.
 
It's explained in the first post. It's so "clear"! Maybe you want to give it another read. Maybe that still won't help you understand. Either way, it looks like you just came here to try and argue, and not to have a discussion.

Exactly what is explained in the first post? Where in the first post does it say that this has to be a brand new build and that you can't have any other Hardware? Also where did I just assume that you have hardware already? I said that is one option. The other option is you go out and buy something like a Raspberry Pi and turn it into a router. Note where I even specifically mentioned a DIY router for $50 or less... I am not sure why these things are so difficult for you to understand.
 
Exactly what is explained in the first post? Where in the first post does it say that this has to be a brand new build and that you can't have any other Hardware? Also where did I just assume that you have hardware already? I said that is one option. The other option is you go out and buy something like a Raspberry Pi and turn it into a router. Note where I even specifically mentioned a DIY router for $50 or less... I am not sure why these things are so difficult for you to understand.
Lol yep. The AC antennas that come with a raspberry pi....
 
Does everyone need AC? Where was that a requirement in your first post? I don't even have AC in my place, I don't need it. None of the wireless devices that I use even have AC capability. Maybe before you try being ignorant, you should be more clear about the requirements. You seem to have a very large problem with understanding requirements.
Okay. So, you didn't read the first post. Things are becoming a lot more "clear" now. You don't know the requirements before you starting spouting off. No wonder you think "it's fine" to recommend consumer gear to people...
 
Okay. So, you didn't read the first post. Things are becoming a lot more "clear" now. You don't know the requirements before you starting spouting off. No wonder you think "it's fine" to recommend consumer gear to people...

No I didn't because you started off with a suggestion before you ever gave requirements. It seems all your posts and comments are just there to shill Ubiquiti. There isn't anything necessarily wrong with Ubiquiti but they also aren't some amazing solution. they have had a number of vulnerabilities with their Solutions and you can get much better options and customisation from building your own.

As far as recommending consumer gear, explain to me what is wrong with that? When I did suggest consumer gear it was to someone who had very specific requirements and clearly in here I'm not just spouting consumer gear I'm talking about people doing a fully customized setup...
 
How about we do this:

Why is Ubiquiti so much better than a custom build?
Why is AC the best bang for the buck?
What makes the setup that you suggest so much better than a DIY setup that I suggest?
 
  • Like
Reactions: x509
like this
No I didn't because you started off with a suggestion before you ever gave requirements. It seems all your posts and comments are just there to shill Ubiquiti. There isn't anything necessarily wrong with Ubiquiti but they also aren't some amazing solution. they have had a number of vulnerabilities with their Solutions and you can get much better options and customisation from building your own.

As far as recommending consumer gear, explain to me what is wrong with that? When I did suggest consumer gear it was to someone who had very specific requirements. and clearly in here I'm not just spouting consumer gear I'm talking about people doing a fully customized setup...
You literally just admitted that you don't understand the whole conversation or requirements before you start spouting off. Why should I even entertain still responding to you? There's something to be said about something who listens and interprets information before giving bad advice or responses. That "clearly" isn't something you do. You've earned yourself a spot on my empty ignore list. Congratulations.
 
You literally just admitted that you don't understand the whole conversation or requirements before you start spouting off. Why should I even entertain still responding to you? There's something to be said about something who listens and interprets information before giving bad advice or responses. That "clearly" isn't something you do. You've earned yourself a spot on my empty ignore list. Congratulations.

So basically you admit that you just want to shill Ubiquiti and don't want to have an honest discussion about the best bang for your buck router... Got it.
 
  • Like
Reactions: x509
like this
So basically you admit that you just want to shill Ubiquiti and don't want to have an honest discussion about the best bang for your buck router... Got it.

I personally don't want to 'shill' for Ubiquiti, but at the moment, they really do represent the best 'next step up' from consumer-branded gear, and that is what the thread is about.

I haven't commented yet because I don't have an alternative- an ER-X and UAP-AC-* will just get the job done stupendously well for the price.
 
I personally don't want to 'shill' for Ubiquiti, but at the moment, they really do represent the best 'next step up' from consumer-branded gear, and that is what the thread is about.

I haven't commented yet because I don't have an alternative- an ER-X and UAP-AC-* will just get the job done stupendously well for the price.

Is that what the thread is about? Because I thought the thread was about the best bang-for-the-buck? and the only reason why I call him out for the shilling it's because he continuously keep suggesting Ubiquiti and he started this whole thread with his suggestion and then made a half-assed requirement for his suggestion. And then on top of that instead of actually discussing anything he's only attacked me. *Shrug* that is just my two cents.

As for Ubiquiti being better than consumer, possibly, but you would have to explain to me exactly what you're getting for your money and for what situation above consumer? if you're going to say that's going to be less vulnerable that's not really true as Ubiquiti has had a number of issues with vulnerabilities. If you're going to tell me options, that is not necessarily true because I've seen the number of consumer items that also had a lot of options or that could be flashed and provide more options.

now on the other hand if you want to tell me that it's better because of the amount of coverage you can get especially with placing multiple of their access points around and have a practically seamless installation, now that I can definitely get behind. Especially if you have a larger home with multiple levels. But if I were talking about is the best bang-for-the-buck for a simple home routing solution, I am just not convinced.
 
i bought the MIKROTIK hEX Router (RB750GR3) and then added a Wireless AP to it. My "network closet" is in the basement, and I am able to get wires to almost all of my devices. I tried Ubiquiti for the Wireless AP, but even the LR signal range was rather lacking. The recommendation is to have multiple spread out to get coverage. I just got a single Engenius eap1300ext, centrally located it in the basement, and I can hit a Good signal almost anywhere in the house (inclusing in the room above the garage, 2 floors up).
Moving to the Mikrotik had a bit of a learning curve, to do some of the more interesting things I wanted to try, but it worked out of box for just basic "consumer router" functionality.
 
I've been on the UBNT bandwagon from the beginning (from even before unifi was released, way before edgerouter)

That said, hard to complain with a well setup pfsense box if you have the spare hardware... so from the router angle that's another option...

I also ran old Asus routers on Tomato for many years with great success... but it's hard to find consumer stuff at that level any more... For my really cheap recommendation, I usually point people to the cheaper single band TPLinks...

There is absolutely no reason to ever spend more than about $110 dollars for a consumer router... Not when you can get the UBNT combo for 130.... Any consumer router for over 130 is not a wise purchase, and if you are spending 2 or 300 on a consumer "gaming" router that looks like a giant plastic spider, you're an idiot
 
Mikrotik is also solid hardware but their software is even harder to configure than UBNTs

I've deployed about 20 RB2011i(?) but maybe 50 ERL/ER8/ERPoE (never actually messed with an ERX) and much prefer the UBNT way of doing things
 
"Value" is hard to determine because it really is individual. Do you care about performance (this is H right)? Do you care about easy of use? What about set and forget? Cost? Flexibility? etc. Value is really an evaluation of how a product meets your requirements and everyone's requirements are different. For me that's UBNT, FreeNAS, pfsense, ESXi, etc. Some things I want set and forget reliability, others I want max performance with reasonable reliability.
 
Jesus Christ! This thread went from 0 - 60 pretty quickly.

I would also like to add that what goodcooper (Twin Peaks?) said regarding plastic spider gear needs to be said to more people. It would seem that 99% of the road to financial success is paved in marketing bullshit.
 
Jesus Christ! This thread went from 0 - 60 pretty quickly.

I would also like to add that what goodcooper (Twin Peaks?) said regarding plastic spider gear needs to be said to more people. It would seem that 99% of the road to financial success is paved in marketing bullshit.
LOL, yes. I built my own firewall with pfsense but spent waay to much on it! It was for edification, etc. E3-1230v3 with Noctua L9i, 16GB RAM (lol, my firewall had more RAM than average gaming PCs back in the day!), SSD, IPMI, etc. Fun, but not necessary. Most consumer grade stuff is mediocre sh!t and hardly worth the cost.
 
I had an AP-AC Pro and it was hands down the worst AP I've ever used (as a novice). Maybe the worst piece of networking hardware period. It wasn't even properly compatible with iOS devices in its default (post-wizard) state. They might have fixed this now, but it went on for months and there is a huge thread on their forums about it. Beyond that frustrating issue, it was hugely flaky around firmware updates and resets, and provided underwhelming performance.
That's a fair critism of UBNT. They've been inconsistent and you have to be careful which products you buy. Shame, really is. Maybe they'll mature. However, after research, I've been very happy with the three AC-HDs I have and other gear. I've run some test and those are serious APs. Way overkill for my actual needs. The security radios are suppose to be even better. IMHO, UBNT does best when they focus on the gap between true enterprise and consumer grade. When they go too low or high on the product stack ladder, they falter.



I've run a PFSense machine and an EdgeRouter X. Right now I'm on the POS that came with my new fibre connection while I decide what router to get. I'm sorely tempted to get something completely idiotproof like Google WiFi. Here's the reason: I'm right on the edge of knowing what I'm doing when it comes to networking. I feel like I'm a case of "a little knowledge is a dangerous thing". I set up the PFSense on the ALIX board, and the edgerouter X too, following instructions from the web like you say, but I could never feel confident that I had everything right. Everything seemed to be right, but I always had this concern in the back of my mind that I could have made a mistake and misconfigured a firewall or something. That uneasy feeling is what is making me consider a dumbed down consumer router this time.
UBNT wanted to replace pfsense, but IMHO that hasn't happened yet. At best I'd consider running UBNT internally and pfsense externally (dual layers). Pfsnense is amazing and it's going to take time for UBNT to match it, let alone bet it cleanly.
 
That's a fair critism of UBNT. They've been inconsistent and you have to be careful which products you buy. Shame, really is. Maybe they'll mature. However, after research, I've been very happy with the three AC-HDs I have and other gear. I've run some test and those are serious APs. Way overkill for my actual needs. The security radios are suppose to be even better. IMHO, UBNT does best when they focus on the gap between true enterprise and consumer grade. When they go too low or high on the product stack ladder, they falter.

That 'in-between' does seem to work pretty well for them. Not going for 'best bang for your buck' per the OP but just trying to get an operational system that performs well, a decent non-entry-level TP-Link (etc.) will do the job, at least until you need more WiFi coverage, and even then, you can pick up options (from TP-Link even) to extend range.

It won't be the fastest or perhaps the most reliable, but it will certainly work.

UBNT wanted to replace pfsense, but IMHO that hasn't happened yet. At best I'd consider running UBNT internally and pfsense externally (dual layers). Pfsnense is amazing and it's going to take time for UBNT to match it, let alone bet it cleanly.

Saw something about them hiring a 'pfSense person', perhaps to do that integration, but I'm still wary about them actually releasing affordable products based on that distribution.

They're jumping into Sophos etc. territory at that point, so they'll have to both be aggressive with their pricing as well as prove that they can bring the performance, and the niche that really needs to be attacked is the 1Gbps SOHO IPS.

I can grab a QOTOM or Zotac mini-PC that can serve as an appliance on the cheap and load pfSense to get the needed throughput, and hell, pfSense themselves sell such appliances directly. I have a hard time imagining UBNT offering 'more for less'.
 
I run pfSense in my ESXi stack and then run an R7000 as my WAP. I had considered getting a few Ubiquity APs for my house until I got the R7000 and had no more need as it provides excellent coverage over the whole house and yard.

The question of bang for buck is indeed a personal question. Some want plug and play some want to be able to tinker and some want cheapest. More and more I'm finding the simpler solution to be the way I lean as I have less time to tinker but since I already know the pfSense solution I have no need to find a new one.
 
I run pfSense in my ESXi stack and then run an R7000 as my WAP. I had considered getting a few Ubiquity APs for my house until I got the R7000 and had no more need as it provides excellent coverage over the whole house and yard.

The question of bang for buck is indeed a personal question. Some want plug and play some want to be able to tinker and some want cheapest. More and more I'm finding the simpler solution to be the way I lean as I have less time to tinker but since I already know the pfSense solution I have no need to find a new one.
I've been lurking on this thread, because I alternate between "set it and forget it" and "manage it a lot." But now I'm convinced that the OP has asked the wrong question. Best bang for the buck would be all free software. :bag: But would that provide * sufficient * security? :cautious: Probably not? :wideyed: Of course, the OP and everyone else is free to define sufficient. I think the OP should have asked the question, "For my use case (suitably defined), what do I need to do to adequately secure my usage?" ;)

More generally, I would like to see a sticky thread or threads about different use cases, and the hardware/software necessary to secure usage.

x509
 
Best bang for the buck would be all free software. :bag: But would that provide * sufficient * security? :cautious: Probably not? :wideyed:

Sufficient security?

Absolutely attainable.

But at some point, time is money, and that has to be considered too.

I'm personally going the 'tinkering' route, but I'm also interested in learning, and I'm spending more than absolutely necessary to do it in terms of hardware costs, power costs, and time to do it.

I wouldn't recommend what I've done/am doing for others that are just looking for a solution that works.
 
Sufficient security?

Absolutely attainable.

But at some point, time is money, and that has to be considered too.

I'm personally going the 'tinkering' route, but I'm also interested in learning, and I'm spending more than absolutely necessary to do it in terms of hardware costs, power costs, and time to do it.

I wouldn't recommend what I've done/am doing for others that are just looking for a solution that works.

I agree it can be attainable. I used to run my router on Fedora and made my own custom iptables rules but after awhile I got tired of maintaining the underlying OS.

I wanted to tinker more so I built a 12C/24T, 48GB ESXi server fairly cheaply and then run a few VMs on it.

I think if someone wanted to explore pfSense there are semi cheap mini computer solutions available if they didn't have older hardware lying around, but you still have to tinker to get a good solution.

With that stated there are quite a few modules that can greatly increase security and allow for increased notifications/logging of issues. Also the VPN options are great.
 
i would use VyOS before i used Fedora or another off the shelf distro...

at least use something hardened like Alpine
 
I've been lurking on this thread, because I alternate between "set it and forget it" and "manage it a lot." But now I'm convinced that the OP has asked the wrong question. Best bang for the buck would be all free software. :bag: But would that provide * sufficient * security? :cautious: Probably not? :wideyed: Of course, the OP and everyone else is free to define sufficient. I think the OP should have asked the question, "For my use case (suitably defined), what do I need to do to adequately secure my usage?" ;)

More generally, I would like to see a sticky thread or threads about different use cases, and the hardware/software necessary to secure usage.

x509
The point is that everybody defines "best bang for the buck" as something different. Which you answered in the way that you wanted. And, it's exactly what my questions were intended to do. So, I've definitely asked the right questions.

I agree that there would be some potential benefit in best setups/software/hardware/configs for different people or situations.
 
i would use VyOS before i used Fedora or another off the shelf distro...

at least use something hardened like Alpine

I stopped using Fedora long before that OS was created. I first started using a PC router from a floppy distro (FreeSCO) around 2000 and migrated to Fedora about the time Red Hat spun it off. I then moved to pfSense around 2009.
 
Last edited:
Sufficient security?

Absolutely attainable.

But at some point, time is money, and that has to be considered too.
Sure time is money. "Time" includes all the effort needed to recover from a serious security breach. So for me, if I can spend a reasonable amount of money, I'll do that if I can save a ton of time and still get the same level of security.

Absolute security may be "absolutely unattainable," but it's all about risk management. The key question is, "What are my risks? How can I manage them to a reasonable point?"
 
Back
Top