Router Upgrade for Gigabit Internet

Discussion in 'Networking & Security' started by eptesicus, Apr 25, 2017.

  1. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    Cincinnati Bell Fioptics is getting installed next week, and I'm going to get their 1000 Mbps by 250 Mbps connection using fiber to the home. This will be a major improvement to my 8/3 WISP PPPOE connection that I'm getting fed up with because my internet is controlled by my county's fiscal court, and they have no business in the ISP business. Anyway... I'm worried that my current Mikrotik RB2011UiAS-RM isn't going to be able to utilize all of that connection with my NAT policies and the number of IPs that I block. I'll also be looking at setting up VPN on the device too, which can affect my speed. Will the RB2011UiAS-RM with a lone 600 MHz CPU be enough? I'm contemplating building a hardware router and install pfSense, Sophos, or ClearOS (I've used pfSense in the past), or going with a Ubiquiti USG-PRO-4, as I have a Unifi 24-port POE switch and a Unifi AP on my network. I like the idea of going with Ubiquiti, but I also like the crazy things I can achieve with Mikrotik or even running another firewall OS on some hardware.

    What would YOU do? What should I look for as a minimum to ensure that I get the fastest speed possible? How much am I going to need to spend? I don't mine spending up to $400-500, permitting it's going to be great hardware and it'll do everything that I need, without question.

    Thanks for the input.
     
  2. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,771
    Joined:
    Nov 4, 2005
    i'd build my own on pfsense, can't beat that speed...

    the edgerouter lite/x are nice, but once you start adding features they won't be able to keep up with the gig download... i'm a bit too much of a power user to want them for home... at work, routing some fiber networks, no NAT, no QoS, just simple firewalling and routing, they work awesome...
     
    Bandalo likes this.
  3. Bandalo

    Bandalo 2[H]4U

    Messages:
    2,660
    Joined:
    Dec 15, 2010
    If you're already rockin' Unifi APs and Ubiquiti switches, I'd get their router/gateway too. Costs a bit more, but it just makes management a whole lot easier.
     
  4. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    That's kinda what I'm thinking. No NAT or QoS is a turn-off for me. I'm looking at something like the link below. What sort of CPU specs should I look for when being a power-user and running pfSense or something comparable? I want to make sure that I have some headroom and am not going to run it hard all the time.

    Something like this: http://www.ebay.com/itm/MITXPC-5-x-...173280?hash=item5d6490daa0:g:CnIAAOSw3mpXMo8y


    I wish I could. But looking at it more closely, I'll really miss the capabilities that Mikrotik and pfSense have.
     
  5. Bandalo

    Bandalo 2[H]4U

    Messages:
    2,660
    Joined:
    Dec 15, 2010
    I think the USG-PRO-4 does everything you mentioned.
     
  6. mrwizardno2

    mrwizardno2 Limp Gawd

    Messages:
    191
    Joined:
    Jan 20, 2012

    Not without dicking with json config files and doing things outside their fancy webUI.

    I have had the USG and now the USG Pro 4 - sadly disappointed with quite a few "missing" features from both that I was previously used to with PFSense / OPNSense.
     
  7. Bandalo

    Bandalo 2[H]4U

    Messages:
    2,660
    Joined:
    Dec 15, 2010
    I'm not saying the USG is anywhere near as flexible as pfSense. But the OP didn't mention he was doing anything unusual that might require it.
     
  8. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    That's disappointing, and what I was worried about. I wish Mikrotik's GUI wasn't as terrible as it is, and I wish the quality of the hardware/chassis was nicer. I think I'm leaning towards the pfSense or alternative route. However, I still want to make sure that I get the hardware right.


    I didn't get into details, but yes, I want something as free and open to do whatever I want, like pfSense and Mikrotik. So, I'd like to be able to use VPN on only certain types of traffic for certain servers, and I'd like to take advantage of NAT, QOS, and whatever else I can have control over. :)
     
  9. Bandalo

    Bandalo 2[H]4U

    Messages:
    2,660
    Joined:
    Dec 15, 2010
    If that's the case, then build a nice pfSense router/firewall and go nuts. You can do damn near anything with those, and build a super-powered system for $300-ish. You can do VPNs, NAT and QoS on the USG from what I've read, but it's not as flexible.

    I use a pfSense build myself now, but if I was building from scratch I'd go with the USG. I don't really need that much fine-grained control, and the "unified" control of everything has a lot of appeal to me.
     
  10. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    I really wish I could try out the USG through an online demo or get my hands on one and be able to return it, but I don't see that happening.
     
  11. Bandalo

    Bandalo 2[H]4U

    Messages:
    2,660
    Joined:
    Dec 15, 2010
    Yeah, Synology has a nice online demo of their NAS software. It'd be nice if UBNT did the same for their software.
     
  12. Libertad

    Libertad n00b

    Messages:
    44
    Joined:
    Dec 30, 2010
    I've also heard nothing but great things about pfsense, could be worth checking out.
     
  13. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    Thanks all. It sounds like pfSense is the route I should go. I'll start a build thread on their forums to figure out which hardware I should use when having 1000/250 Mbps connection with some VPN. I want to make sure that the CPU I get will be able to get the best speeds possible for the price.
     
  14. ChRoNo16

    ChRoNo16 [H]ard|Gawd

    Messages:
    1,454
    Joined:
    Feb 3, 2011
    Im running a pfsense in a vm with 4 cpu cores and 4gb ram for my 40/20 connection and Ive never seen even 1% cpu usage
     
  15. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    There's a substantial difference between 40/20 and 1000/250, especially when I want to run OpenVPN on the router. The faster the CPU, the faster the speed through OpenVPN. In some tests I've seen, users are getting only up to 300 Mbps through VPN (which isn't nothing to complain about) on a gigabit connection. I also want to ensure that I'll be able to use what I pay for. If I were to spend $500 building a pfsense router, that might not be enough to get a CPU that'll be able to process traffic at that speed with NAT. So, I have my concerns.
     
  16. bds1904

    bds1904 Gawd

    Messages:
    1,006
    Joined:
    Aug 10, 2011
    Getting PFsense to route 1gbit reliably takes some either expensive hardware or cheper power hungry hardware. It can be done but you are right on the mark at $400-500.

    If you like the RB2011 give the RB3011 a shot. I've got one routing a 500mbit connection and it never hits more than 10% CPU.
     
  17. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,771
    Joined:
    Nov 4, 2005
    yea, i would probably get a lower end i3 instead of going the power sipping "atom/celeron/whatever they're calling it now" route if you want big throughput on openvpn
     
  18. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
  19. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,771
    Joined:
    Nov 4, 2005
    pretty nice, you could probably get something shallower and cheaper by piecing together a supermicro... i couldn't say how loud/quiet that asus is, though...

    i would probably go for the fastest T model i could afford... ~35w?
     
  20. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    I'm not worried about power so much. I understand that T isn't designed for lower power consumption, but moreso for environments where heat is in issue. Microcenter does have the i3-7100 for $115 that's clocked at 3.9GHz, which wouldn't be bad, since the 7350K isn't on Asus' supported CPU list. I e-mailed ASUS to verify if it'd work. If not, I'll go for the 7100. I dig the features of the ASUS, and wish Supermicro had something similar for the price. I'll keep looking out though.
     
  21. ChRoNo16

    ChRoNo16 [H]ard|Gawd

    Messages:
    1,454
    Joined:
    Feb 3, 2011
    Im running my vm on a DL380 G6 server. I have plenty of cpu power im not using, Im pretty sure a server like this would be overkill for his needs.
     
  22. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    What services/packages are you running? Your connection is only 40/20, right? Doing some research, I need overkill in order to have the fastest speed possible with what I'm going to use the router for. 1000/250 with VPN takes a huge toll on the CPU. Even with the most impressive setups, people are seeing up to 300 Mbps through their VPN on a gigabit fiber connection, and while that's occurring, unencrypted traffic takes a dive.
     
  23. ZeqOBpf6

    ZeqOBpf6 Gawd

    Messages:
    596
    Joined:
    Aug 24, 2014
    Slightly off topic but how are you guys making these broadcast wireless? Essentially a router is a computer with some fancy software(pfsense in this case) and a bunch of ethernet ports, but how about the wireless part
     
  24. eptesicus

    eptesicus n00b

    Messages:
    62
    Joined:
    Jan 12, 2015
    A separate access point for wireless. I use the Ubiquiti AP-AC-LR at home, and will be adding one or two more for additional coverage. I use a separate switch since I have 14 network cables that need to be connected right now.
     
    ZeqOBpf6 likes this.
  25. rekd0514

    rekd0514 Gawd

    Messages:
    729
    Joined:
    Nov 24, 2007
    Last edited: Apr 29, 2017