Ubiquity EdgeRouter Lite or Mikrotik RB750GL

L

levak

Limp Gawd
Joined
Mar 27, 2011
Messages
386
Hello!

I'm redoing my network and can't decide on which router to pick... Currently I'm choosing between Edgerouter lite and RB750GL.

My WAN connection is 100/100MBit and 1GBit local network. I plan on having 2 vlan-s, home vlan, DMZ vlan with ESXi virtualized servers and SAN/NAS and maby a third vlan for lab/testing.

I'm quite familiar with the Mikrotik since I use it on a few sites and have good experience with it. Also, user base is quite big, forums are really active and there is a lot of examples available on the web.
I know EdgeRouter is not as easy to setup as Mikrotik, but I'm familiar with linux and have quite some experience with pfSense and Cisco equipment, so I shouldn't have much troubles setting it up. How is the documentation on the EdgeRouter side?

I would like to go with Edgerouter since it's more powerful, but there have been some memory problems at the beginning when it was introduces.
Has that been fixed by now?
Does anyone use cacti or munin to monitor the router?
Are there any scripts out there for monitoring?
Has it been stable for you?
If I export the configuration, is it exported as text file or a binary file?
How's the support on the forums?

What would you choose and why?

Matej
 
Having used both products lots, I'd go for the ERL. does all your requirements. Mine is rock solid, no memory issues. That only affected a certain batch of them.

The forums are very helpful and are quite active.

Backups can be done in a .tar file or you can pull out the basic text configuration from that tar if you wish.

I use Cacti to monitor it and it works great. No need to add a template, just add it like you would a linux host.
 
Another vote for Edgemax. Been running two (home + colo) with a VPN between, been very dependable. Just update it to the latest version and have at it.

I use nagios (omd suite) to monitor it, especially now that Comcast has started to enforce bandwidth usage, I have two forms of proving my usage (nagios and ntop)
 
The ERL is fantastic. SImple, but effective at what it needs to do. It is also based on Vyatta, so there is a big community out there.
 
Great info... Specially infos about monitoring and stability...

Will order one tomorrow:)

Matej
 
Why not just run pfSense as a VM unless you need routing protocols beyond RIP2?
 
Because I want to separate my VM box from my router...

In case I fsck something up on the VM box or it freezes, I still want my family to have internet access and me to have VPN access to my router and use IPMI to resolve the issue on the server...

Matej
 
That's reasonable. I figured people who run ESXi usually have two or more VM hosts so they can run an active pfSense on one and hot standby on another for redundancy.
 
i run ~8 of the ERLs (4 more waiting install, and about 8 more i need to buy and configure), most as only simple non-nat routers, but they've all been rock solid... i do have one set up in a typical SMB configuration w/ openvpn back to a pfsense box and we havn't had a single outage since we started monitoring about 3 months ago... even on the crummy DSL that is at that location until we can run fiber...
 
I love Mikrotik RouterOS, but for your needs get the ERL. The 750GL won't route anywhere near 1gbps between vlans. If your internet connection is full duplex the 750GL wouldn't handle that either.

I'm in the same boat as you as far as not wanting a VM firewall (again), but I require the features of routeros. I'm debating getting the RB1100AHx2 or building a mini-itx based solution running RouterOS x86. For my dedicated servers I run a RouterOS VM. The slowest processor speed I have is 2.5GHz. With that I see about 190mbps AES-256 IPSEC thruput.

Moral of the story is, don't just think about what you need now, think about what you need in the future too. It'll be worth it to fork over the cash now and not have to mess with it later.
 
Last edited:
bds1904, you must be kidding hard. Matej said "My WAN connection is 100/100MBit" and mind you, 750GL will be routing that full-duplex with one finger in its ass, I have to say it this way.

Yes, 750GL would handle not just one 100Mbit fullduplex, but SEVERAL concurrently without sweating : http://routerboard.com/RB750GL

Performance test results
RB750GL Gigabit Ethernet test (400Mhz) RouterOS v6.0rc6
Mode Configuration 64 byte 512 byte 1518 byte
Routing none (fast path) 183.7 120.5 167.0 708.1 81.2 997.8
Routing 25 Simple Queues) 92.8 60.8 88.5 375.1 81.2 997.8
Routing 25 IP filter rules 37.5 24.6 38.4 162.6 37.6 462.4

that's full gigabit, mate... 997Mbit/s.


As of your 2.5GHz procesor ciphering 190Mbps AES256 : I guess you lack AES-NI hardware instructions in your processor, otherwise you would get DOZENS of GIGABITs throughput. It's known and proven by tests, Intel processors can cipher around 8GB/s if I remember correctly, what is 64Gbit/s or Gbps.


I absolutely lack experience with Edgerouter - never saw that one. Because Matej said he is proficient with Mikrotiks and I really see absolutely no flaw for his intended usage, I would definitely go Mikrotik route here. Don't understand why he even asked that and don't understand why he wants to order the other solution at all.

My head simply doesn't get it.

What Edgerouter can do and Mikrotik can't ? Why is it preferred solution here ?
 
mp3turbo said:
Yes, 750GL would handle not just one 100Mbit fullduplex, but SEVERAL concurrently without sweating : http://routerboard.com/RB750GL

Performance test results
RB750GL Gigabit Ethernet test (400Mhz) RouterOS v6.0rc6
Mode Configuration 64 byte 512 byte 1518 byte
Routing none (fast path) 183.7 120.5 167.0 708.1 81.2 997.8
Routing 25 Simple Queues) 92.8 60.8 88.5 375.1 81.2 997.8
Routing 25 IP filter rules 37.5 24.6 38.4 162.6 37.6 462.4

that's full gigabit, mate... 997Mbit/s.

As of your 2.5GHz procesor ciphering 190Mbps AES256 : I guess you lack AES-NI hardware instructions in your processor, otherwise you would get DOZENS of GIGABITs throughput. It's known and proven by tests, Intel processors can cipher around 8GB/s if I remember correctly, what is 64Gbit/s or Gbps.
Click to expand...

The 997Mbit/sec is UDP with NO FIREWALL. The 462Mbit/sec is UDP with a very simple firewall and no NAT entires.

I have used LOTS of mikrotik products, including the 750GL and the 750GL CAN NOT route any more than 150Mbps TCP total traffic with any kind of decent firewall in place.

As for the IPSEC comparison, I forgot to mention that the 750GL will max out around 17Mbit/sec if he ever needed it. And no shit the CPU doesn't support the instructions, it's in a VM.... like I said.

The ERL will route TCP 1518Byte frames pretty close to 900Mbit/sec, unlike the mikrotik hardware. The ERL will also do something like 300mbit w/IPSEC.

Don't get me wrong, I love Mikrotik products, but their benchmarking is SUPER INFLATED NON-REAL-WORLD SCENARIO. It's meant to make you go wow, nifty.

Let me know when you get your head out of you ass and actually use products before you claim you know anything about them.

P.S. The question about if his WAN was full duplex is a valid question. Just because he has 100/100 doesn't mean that it is full duplex. It all depends on how the service is delivered (1 Fiber gPON, GePON, 1 fiber AE half-duplex, 2 fiber AE, etc.). There is plenty of media out there that isn't full duplex. It is becoming far more un-common, but it still exists.
 
Last edited:
mp3turbo said:
What Edgerouter can do and Mikrotik can't ? Why is it preferred solution here ?
Click to expand...

i was just giving my 2 cents on the ERL...

if op is familiar with mikrotik and has no problems configuring it, i think he should go with the 750GL, it's a a fine device...

i don't think you could go wrong with either, and the mikrotik is more mature for sure...

i only really ended up with the ERLs because i use a lot of ubiquiti gear and i love their business model, i found the mikrotiks a little convoluted, and felt in my opinion that maybe i would have understood the layout better if i was eastern european ( :p ), so for me the ERL was easier to configure, but lets be clear, all of that is COMPLETELY subjective...

even setting up VPNs wasn't bad, and where the ERL is not necessarily a mature product, they've built it on quite possibly one of the most mature network os there is (vyatta) and that goes a long way.... is setting up a decent running NAT/firewall model a huge pain? yea, but it makes sense to me and is very logical in layout and execution... i figure all that mess out once and i can stick it in a text file so it's a non-issue... if i want to make changes, i can see it all right there in a nicely laid out config and change what i need

i realize mikrotik is the largely the same, but it's a difference i noted...
 
Last edited:
The whole point is:

Mikrotik tons and tons of features....but not so fast pushing packets...significantly slower with many rules and or IPsec. but slower in this case may still be faster than your internet connection. This makes it a decent choice as long as you're using it as a router/gateway only.


Ubiquiti Edgerouter, fantastic at pushing packets and routing traffic. GUI is half baked, based on a mature firewall OS but is still a work in progress. If you are willing to dive in you can do anything vyatta can. Much faster than Mikrotik, and can be used as a layer 3 switch, if you don't mind a little cli. Reliability is unknown as the product has only been on the market a year, but Ubiquiti typically builds decent hardware.
 
Mackintire said:
The whole point is:

Mikrotik tons and tons of features....but not so fast pushing packets...significantly slower with many rules and or IPsec. but slower in this case may still be faster than your internet connection. This makes it a decent choice as long as you're using it as a router/gateway only.


Ubiquiti Edgerouter, fantastic at pushing packets and routing traffic. GUI is half baked, based on a mature firewall OS but is still a work in progress. If you are willing to dive in you can do anything vyatta can. Much faster than Mikrotik, and can be used as a layer 3 switch, if you don't mind a little cli. Reliability is unknown as the product has only been on the market a year, but Ubiquiti typically builds decent hardware.
Click to expand...

i wouldn't say the GUI is so much half-baked as it is just not complete.... what is there is fantastic.... there just isn't a whole lot there... "half-baked" means to me they didn't think it through very well and nothing works... i didn't find that to be the case...
 
goodcooper said:
i wouldn't say the GUI is so much half-baked as it is just not complete.... what is there is fantastic.... there just isn't a whole lot there... "half-baked" means to me they didn't think it through very well and nothing works... i didn't find that to be the case...
Click to expand...

Yep, I have been impressed with Ubiquiti in that everything in the GUI works great. If it is not there, you can revert to CLI, but at least they are not putting crap in the GUI.
 
...and I've replaced the ERL firmware with FreeBSD 11, works good and much more open :-]
//Danne
 
Since you know Cisco equipment you could go with ASA 5512-X + L2 gig switch and you can do all of those things you would like to do.
 
I thought about Mikrotik 750gl, but since I will be routing multiple VLAN-s with gigabit speed, I would like to achieve those speeds. As far as I know, Mikrotik can't do that, specially with some firewall rules in place. On the other hand, I like Mikrotik and they serve me well on many locations.

As far as ERL goes, I love that it's build on vyatta base, since I would like to learn about it anyway. It might come handy with my work:) And I would like to have some power available for the future.

As far as my WAN goes, it's currently 100/100mbit full duplex FTTH, but that speed might increase in the comming years and I would like to have a router that will do it's job.

Cisco ASA5512-X is just toooooo expensive for home use. If I would have that much money, I would probably go with 1U server and pfsense and use the rest of the money for other equipment:)

Anyway, thanks for all the comments.

Matej
 
You must log in or register to reply here.
Back
Top