Picking a home router

Discussion in 'Networking & Security' started by compgeek89, Feb 23, 2019.

  1. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,419
    Joined:
    Jul 6, 2013
    Probably not a bad idea for to start pricing out my upgrade hardware :D
    I'm guessing it's not going to fit a regular pcie NIC
     
  2. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,334
    Joined:
    Oct 29, 2000

    None at all.

    The standard Amp Mate N Lok (often erroneously called 4pin Molex) plug can handle 11A per cable if per spec cables are used. In the 4 pin power configuration we are only using the 12v+ and ground wires, so it should be able to pull all of this, so 132w. Older molex adapters may be designed for old power supplies and have wires designed for 5a though, so this makes it 60W.

    Since the 60w PSU cannot provide more than 60w except for short spikes, I think we are safe.

    In other applications I'd be careful. 4 pin P4 power connectors are designed for 8 amps per 12v/ground pair, so 16 amps total. Draw 16 amps over a single 12 wire in a standard molex 4 pin connector and you might be melting stuff in a hurry.

    The problem only gets worse with 8 pin EPS and PCIe power adapters, but in this limited application, that cable is never going to see more than 5A, and probably nowhere even near that due to tge 60w being spread over not just this connector, but the main motherboard connector as well.

    So here it is safe.

    One thing to keep in mind when using extenders and adapters is that they are often made in China and other low cost countries where corners are often cut.

    This is what happened to my desktop recently when I used an 8 pin EPS extension that turned out to have counterfeit wires in it. They were labeled 18AWG on the insulation, but the conducting strands inside were only 22AWG. (AWG gets smaller as the number goes up)
     
    compgeek89 and OFaceSIG like this.
  3. Shikami

    Shikami Gawd

    Messages:
    643
    Joined:
    Apr 5, 2010

    I will have some time...maybe at work, or later this weekend (better) to talk a bit about this. But to start off what is your budget?
     
  4. compgeek89

    compgeek89 Limp Gawd

    Messages:
    142
    Joined:
    Nov 30, 2018
    As with anything, budget is just a function of value. I don't have a hard budget. $50 is great, but you get what you pay for. I'd like to try to find stuff used, but I'd be willing to spend a few hundred or more for a more flexible capability. Also, I am not overly partial to a minimal form factor, I'd be fine using a tower. I'd prefer low power consumption, but physical size isn't really a factor. All of that said, I'm not really interested in spending north of $500 in used parts because I don't think I have any foreseeable need for that much capability.

    Really appreciate the discussion in this thread so far, has been very enlightening.
     
  5. compgeek89

    compgeek89 Limp Gawd

    Messages:
    142
    Joined:
    Nov 30, 2018
  6. compgeek89

    compgeek89 Limp Gawd

    Messages:
    142
    Joined:
    Nov 30, 2018
  7. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    11,352
    Joined:
    Jun 13, 2003
  8. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    Another thing to do is grab an older PC (think Pentium or P2 class) with a couple Gigabit NICs and install IPCop on that and connect to the switch of your choice along with WAPs and you've got a similiar thing. I used a setup like this a long time ago and it worked great.
     
  9. Shikami

    Shikami Gawd

    Messages:
    643
    Joined:
    Apr 5, 2010
    I feel that building can give you the most freedom of choice for hardware support. You can easily add, migrate, virtualize into a router and NAS, etc. Key attributes I was looking for was *Umph* back in 2015 for my pfSense build. The ASRock QC5000-ITX/PH I felt was the best choice at the time for me. One simple reason was the very fact that I wanted fan-less and it was quad cores. I wanted no fans at all even with the PSU....no noise. I was looking for low wattage, platinum rated PSU, and this seem to be the best compromise of cost and power usage. I wanted the PCIe to be integrated with at least a 4X support for a NIC. Nothing bridged externally to any logics that can cause a bottleneck.

    Now, personally what is good about AMD in this regard is the fact that you get every bit of support in instructions (AES, AVX, BMI) virtualization, etc. Again the integrated graphics is just a cherry on top. Enough graphics power for an OS, pfSense, whatever; and also due to the supporting connection types (VGA, DVI, HDMI, DP.)The only negative really is memory support was 64bits instead of 128bits. Network is very memory from DRAM to cache, it is important. Loosing a little bandwidth at that time was not much an issue. The supported frequency of the ram is more important, and this gave a good amount of bandwidth necessary.


    So, this is what I ended up getting:

    ASRock QC5000-ITX/PH AMD FT3 Kabini A4-5000 Quad-Core APU SOC Mini ITX Motherboard/CPU Combo 59.99

    COOLER MASTER Elite 110 RC-110-KKN2 Midnight Black Steel / Plastic Mini-ITX Tower 39.99

    Intel Ethernet Server Adapter I350-T2 - OEM 129.99

    Ballistix Sport 8GB 240-Pin DDR3 SDRAM DDR3 1600 (PC3 12800) Desktop Memory Model BLS8G3D1609DS1S00 38.99

    Kingston SSDNow V300 Series 2.5" 120GB SATA III Internal Solid State Drive (SSD) SV300S37A/120G 54.99

    SeaSonic Platinum Series SS-400FL2 Active PFC F3 400W ATX12V Fanless 80 PLUS Platinum Certified Modular Active PFC Power Supply 109.99

    Total: 433.94 (there was a rebate in there some where but basically the cost)




    I can easily take out the motherboard and RAM and place the next architecture of what I want the router to be. Many are doing Ryzen APU builds and they are nice. Personally, I have been wanting a embedded Ryzen similar to what I have-again this is due to the nickle and dime bullshit of Intel with the lower end processors. When you consider the Amazon build they are all right and may very well serve your networking needs, but I think they are very limiting and over a long period of time it may be costing more than expected.

    This router has been running non-stop for 4 years and never-ever had an issue. Once you use pfSense as a router, you will be like that is a good difference when comparing to some RISC offloaded networking SOHO router.


    Hmn...image links are not working so I will post the address:

    https://imgur.com/a/ED5AR8O

    [​IMG]

    [​IMG]
     
    Last edited: Mar 8, 2019
    compgeek89 likes this.
  10. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,167
    Joined:
    Aug 3, 2004
    Might be too late but this is the system i got, I shopped around and sure you could build a cheap celeron system, but then factoring power usage the APU2 was worth it in the end for me



    Invoice w75948 Date: 12.11.2018
    Qty Part# Description Price Ext HTS code Origin Weight
    1 apu2d4 APU.2D4 system board 4GB 123.00 123.00 8471.5000 TW 237g
    1 case1d2redu Enclosure 3 LAN, red, USB 9.40 9.40 8473.3000 CN 251g
    1 ac12vus2 AC adapter 12V US plug for IT equipment 4.10 4.10 8504.4000 KH 139g
    1 msata16g SSD M-Sata 16GB MLC Phison 14.50 14.50 8523.5100 TW 7g
    1 usbcom1a Adapter USB to DB9F with USB cable 7.50 7.50 8473.3000 CN 70g
    5 Shipping + Handling 27.00 704g
    Subtotal USD 185.50
    0% VAT USD 0.00
    Total USD 185.50
     
    FNtastic and compgeek89 like this.
  11. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,167
    Joined:
    Aug 3, 2004
    Newer firewalls now though need new encryption, so P2's are just long in the tooth!
     
  12. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,479
    Joined:
    May 14, 2008
    Yeah, I will say limiting yourself to one ethernet port can be a hassle. You could get a USB->ethernet adapter, but that would cost you some speed. I am not a fan of limiting yourself to just the VPN. I prefer a solution that sifts traffic and moves certain traffic through the VPN and other traffic normally. For that, I find sometimes these minipcs just don't have enough power to handle it. I have used quite a few, including one very similar to the one you list here. We used the same enclosure, but had an option of 5 Ethernet ports for ours. I did a lot of very specific firewall rules including separate VPN connections. The system often had a hard time keeping up, especially with some of the traffic filtering we were doing. Our original box was using an atom processor, we upgraded to a mobile processor, but even it had trouble. Often there is some advantage for purpose built networking devices when you start really adding a lot of filtering/switching/routing complexity.

    All that said, one of these boxes with a decent mobile processor and multiple 1GB ethernet ports could probably handle most people's needs. Some things I found helped as I was adding more complexity is using an SSD and/or creating a RAM drive to use for helping process traffic. Something for people to think about that are doing a lot of processing/analyzing traffic.
     
  13. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,334
    Joined:
    Oct 29, 2000

    As I mentioned earlier, (both in my original post, and as a reply to FNTastic's reply) that was just a sample image of the case I found on google image search. IN my build I used an Asrock Mini-ITX board that has two Intel NIC's.

    That said, if you have a managed switch that supports VLAN's and don't need more than a total of 1000Mbit between up and downstream, you could set it up to use your switch to tag the WAN with one VLAN and the LAN with another. You'd just wind up using one additional port on the switch. This feels like kind of a hack to me though. I'd probably only try it if I were in some sort of pinch.
     
    Last edited: Mar 8, 2019
  14. compgeek89

    compgeek89 Limp Gawd

    Messages:
    142
    Joined:
    Nov 30, 2018
    I am loving this discussion. I actually decided I needed to learn more so I got an Edgerouter X for $40 on ebay to fill the gap while I continue to plan this. So I continue to welcome inputs and experiences.
     
  15. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,334
    Joined:
    Oct 29, 2000

    I love Ubiquiti's products. I currently have two of their Unifi AP AC-LR's.

    I briefly had one of their Edgerouter POE 5. It was a nice little unit with a great user interface. In the end I decided to return it though, because it just wasn't fast enough to keep up with QoS on my 150/150 connection at the time.

    I don't know how it compares to the Edgerouter X in capability though.
     
  16. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    11,352
    Joined:
    Jun 13, 2003
    The ER-X should be able to do 150/150, though I'm not sure how much more. My ER-4 can handle 400Mbit QoS maybe?

    You want more, well, pay up- even Ubiquiti's super-expensive Edgerouter Infinity is still just a toy, relatively speaking. A nice one, but not comparable to what could be built on an equal budget.
     
  17. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    I do agree. Problem is, at least with IPCop, it has...or at least had...issues with the PCI-e interface. This makes working with older hardware easier.
     
  18. Ocellaris

    Ocellaris Ginger @le, an alcoholic's best friend.

    Messages:
    18,822
    Joined:
    Jan 1, 2008
    ER-X can do about 225 mbps total with QoS for me. I’m waiting on an ER-4 on sale to handle my 400 mbps connection now, it’s a lot more powerful than the ER-X.


    For now I’m just using QoS for upstream.
     
  19. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,167
    Joined:
    Aug 3, 2004
    Sadly cause IPCop is just not what it used to be back in the day when it was one of the go to along with m00nwall. I mean if all you want is a simple firewall, but it has not had a stable release in almost 4 years....are they even patching it any more? if not sure it is full of security holes.
     
  20. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,334
    Joined:
    Oct 29, 2000
    QoS used to be a big deal for me, but ever since I got gigabit internet, the bottleneck is almost always on the other end. Since I never wind up being locally congested, I simply don't need it, and have disabled it for now.

    What drove my desire for a more powerful router in a strong pfSense build was to use OpenVPN on the router, and have my entire network connect to the outside world via VPN.
     
    compgeek89 likes this.
  21. extide

    extide 2[H]4U

    Messages:
    3,424
    Joined:
    Dec 19, 2008
    If you are thinking of something like IPCop, just go with pfsense.
     
  22. Shikami

    Shikami Gawd

    Messages:
    643
    Joined:
    Apr 5, 2010
    QoS is a kludge-it was never a fix. A lot of internet connectivity is asymmetrical and the secondary exacerbated part of the issue; the root issue is bandwidth. When you do not have enough bandwidth for multiple hosts you will start to have issues with latency and what bandwidth that the hosts can utilize. This is intrinsic to networking (q.v.TCP ACK's). QoS, can also add latency to the issue due to the processing of the packets and the buffering to place priority to the packets; it is not FIFO. Although, this [ the packet QoS processing ] has been resolved a bit, or completely. One major issue of many of the RISC SOHO routers is that there is an accelerator/offloading packet processor which will usually will be disabled when QoS is enabled. This is why your 1Gb/s SOHO goes to ~200Mb/s-400Mb/s. The RISC processors and memory installed are too weak for networking. There is a golden rule of networking: For every bit transferred you need 1Hz; meaning that 1Gb needed 1GHz. The fact that packets cannot be processed in a vector method has been an issue that is slowly being resolved with: https://fd.io/ which pfSense has now released support https://www.netgate.com/press-releases/tnsr-buisiness-press-release.html (but business only).

    When you go pfSense you do get a bit more punch for packet processing and you can noticed differences. Using QoS and such can be less limiting too.
     
  23. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,334
    Joined:
    Oct 29, 2000

    Spot on. I used to use QoS but once I upgraded to FiOS Gigabit, I found that I am almost always remotely limited anyway, so QoS doesn't really have any benefit.