| [Servers] Router recommendations for home office / home enterpri Greetings,
I’m in the market for a new router. I’ve already got two access points, one broadcasting our 2.4GHz 802.11n (300mbit) wireless (D-Link DAP-2553) and one broadcasting our 5.0GHz 802.11n (450mbit) wireless (Apple TimeCapsule) so it doesn’t need to feature any wireless capabilities. But it doesn’t matter if it does as we would simply disable them.
The keyword is stability, stability and more stability and bug-free, yet very capable firmware. We are running about ten LAN (mostly gigabit capable) connected systems connecting through a HP ProCurve 1410-16G dumb gigabit switch, two wired printers and about ten wireless systems.
So the router has to be capable to handle all these clients at once without any hiccups or slowdowns.
We have an optical fibre connection sporting 25mbit download and upload speeds and will soon be upgraded to 100mbit download and upload speeds. So the router must be capable to utilize such routing speeds both LAN to WAN and WAN to LAN.
You can describe our network as a home office / home business / home enterprise setup as it goes beyond a regular home network. All our systems are a part of an Active Directory domain hosted by a Windows Server 2008 R2 server, but we do not require any sort of VPN nor additional VLAN capabilities within the router. What we do need is stability and reliability, and a router capable of utilizing our upcoming 100mbit WAN connection that can handle twenty our so clients simultaneously.
Several of our systems run heavy loads of torrent usage, resulting in lots and lots of simultaneous connections going everywhere all the time and the router must be able to keep up with the heavy load without losing connection or dropping speed.
Our Windows Server 2008 R2 will also be hosting both a website and a FTP-site, therefore stability and reliability is a keyword as the website must stay up at all times and be able to handle whatever load the site might be faced with at peak hours.
I’ve been through a few different routers the past years, but sadly none have proven to provide a perfect experience. They either come with unstable and or buggy firmware, or simply lack features. That or the hardware is simply not up to the task with all our simultaneous clients and connections coming from both the LAN and the WAN side.
We do not require much from the routers firmware, other than it being rock solid and stable without any noticeable bugs. But sadly most consumer routers seems to lack in firmware development making them haunted with bugs or simply lack depth and capability. The key features we need in the firmware is DHCP, dynamic DNS, DHCP / IP-reservations, port forwarding, upnp and preferably working DMZ and support for IPv6.
The ones we have tried the past years have been:
D-Link DIR-655 rev2, but it featured unstable firmware and seemed to slowdown during heavy load. The DMZ didn’t seem to do anything as port forwarding was still required even after DMZ-hosting a system and there was no upnp support. It became gradually worse with every new firmware update and some wouldn’t even let you return to older firmware.
D-Link DIR-855 rev1, performed and behaved almost identical with DIR-655 only with less reliable firmware and we didn’t see much improvement with the first couple of firmware updates.
Linksys WRT600N rev1, performed and behaved better than the two D-Link routers but neither this one had a working DMZ-feature and there was no upnp and the hardware still seemed to slowdown during heavy load and there seemed to never be much firmware development and patching from Linksys?
Netgear WNDR3700v1, the first router that seemed to not slowdown during heavy load, at least not nearly as much as the above ones. But I didn’t like the firmware layout and there were some dreadful DNS bugs and other things going on that made us replace it. But it might seem like Netgear has fixed these issues by now, but as they have released quite a few never models since the WNDR3700v1 the support and development seems to have gone down the drain and it has been replaced with both a v2 and v3 preforming worse than v1. Neither here did the DMZ seem to do anything.
Netgear SRX5308, the first enterprise / business router we tried and the first one to really shine when it comes to both firmware capabilities and raw performance. Sadly there is an existing firmware bug that makes the WAN performance cripple without any noticeable reason forcing us to restart it quite often to get the speeds back up. After reading our at the Netgear support forum several people has noticed this issue and Netgear is still trying to solve them. Crippled WAN performance is simply a no go.
Cisco RV220W, almost identical hardware to the SRX5308, but less RAM. Seems to be able to handle our heavy load but the firmware did not impress. Firstly it seems to lack DHCP / IP-reservations and Cisco has confirmed that the DMZ doesn’t do anything at the moment and there isn’t much firmware development and Cisco have started to actually remove features with the latest firmware updates.
And so our hunt for the “perfect” router that will suit our needs continues and I hoped for some guidance and recommendations from you all. Price-range is uncertain, we are ready to pay what it may cost. |
|
bdnhsv
join:2012-01-20
Huntsville, AL | Re: [Servers] Router recommendations for home office / home ente Have you looked at building your own router on a linux distro? I use ClearOS and am very impressed (although it doesn't have IPv6 yet). There are plenty of others and the cost is right (mostly free). You just need a $100 atom-based PC and you're on your way. Or if you really want to step up then get out of the consumer grade arena and start looking at used Cisco 2800 type gear. |
|
Bink
join:2006-05-14
Denver, CO
kudos:4 | reply to RamGuy
If you are running a business, run business-class hardware—not this consumer-class stuff you’ve been buying. Any business-class router with GigE connections should route 100Mbps easily—and the best names in business-class routers are probably Juniper and Cisco—just try not to buy their cheaper stuff. That said, I also run my business from home, but my router is a legacy ThinkPad notebook running OpenBSD and I’m not sure I’d want anything else. I can route ~400Mbps of traffic and it Just Works. The uptime of the device is below, and that’s the last time I updated it, and I’ll probably update it again in a couple of months.
$ uptime
1:01PM up 165 days, 16:09, 1 user, load averages: 0.10, 0.10, 0.08
|
|
 mozerdLight Will Pierce The DarknessPremium,MVM
join:2004-04-23
Nepean, ON | reply to RamGuy
I suggest that you consider the ZyWall USG 100 as your quality router/firewall then use your existing wireless routers strictly as wireless Access Points and you should be a Happy camper. Learning to configure the USG100 will take some time because it's not trivial but it probably will be a lot of fun for you. |
|
 billaustinthey call me Mr. BillPremium,MVM
join:2001-10-13
North Las Vegas, NV
kudos:2 | reply to RamGuy
I would also look at Mikrotik. If you want one ready to go out of the box, look at the RouterBoard 750G.
You can assemble your own router using an old PC. Mine is a 1ghz PIII with 512mb of RAM. The OS is loaded on a 128mb flash drive, with a 40gb HDD for the web-proxy. It's been running Mikrotik RouterOS for eight years.
pfSense is another one to look at, and probably easier to configure. It is managed through a web-based GUI. |
|
ssavoyPremium
join:2007-08-16
Henrietta, NY Reviews:
 ·Comcast
 ·Frontier Communi..
| reply to RamGuy
I also vouch for Mikrotik. I have an RB750G that has been online for over 200 days with no hiccups and is very feature rich. My connection tops out at 100mbps with 50-60% CPU utilization so it can definitely handle somewhere between 120 and 200mbps I would say. Check them out at »routerboard.com.
Also is there a particular reason you'd be using Dynamic DNS if you have a website? You really should use a static IP. |
|
|
|
| reply to RamGuy
I' am looking at possible Supermicro based Intel Atom or LGA1155 solutions that could be running pfSense, Untangled, Astaro or other solutions. That seems to provide much more customizability, not to mention way more performance for money compared to Cisco and other fixed solutions.
The Active Directory Domain Server / Master is featuring both DHCP and DNS, but as a few of our systems run Mac OS X Lion which have proven to be a real pain adding to Active Directory in a sensible way I have always stayed with DHCP and DNS in router just for the ease of things.
Either Intel Atom or Intel Xeon E3 based U1-rack might be the way to go. |
|
Reviews:
 ·link2voip
·TekSavvy DSL
| I run pfsense on a Supermicro X7SPA board and a SM 1U chassis. Real nice solution, capable of routing 300-650 mbps under typical circumstances. Roughly 400 hosts sharing a 40/4 internet connection with tonnes of room to spare in the state table (4GB RAM).
--
db |
|
| reply to RamGuy
How is the performance if you go full UTM with everything from Snort, Squid to HAVP activated all at ones? I've read that Intel Atom solutions might struggle if you go full UTM with pfSense.
And how well does these services actually work compared to Cisco's partnership with Trend Micro, ZyXel's partnership with Kaspersky and so on. There is no point in activating performance demanding UTM services if they wont get the job done. |
|
Reviews:
·link2voip
·TekSavvy DSL
| I have no experience using pfsense as full UTM, but I know the packages are there. I ran squid for a while and saw some odd behaviour and uninstalled it, but from the forums it appears many poeple are happy with it.
The common complaint with snort is that it eats RAM. Considering that squid also needs a fair bit of RAM, you may find the 4GB limitations of Atom to be a problem. I think you would be wise to step up to LGA1155 for a UTM.
--
db |
|
mozerdLight Will Pierce The DarknessPremium,MVM
join:2004-04-23
Nepean, ON | reply to RamGuy
said by RamGuy:How is the performance if you go full UTM with everything from Snort, Squid to HAVP activated all at ones? I've read that Intel Atom solutions might struggle if you go full UTM with pfSense If you're going to build your own box etc and considering Untangle/Astero I'd also follow clarknova  suggestion and step up to LGA1155.
Or you can get a solid pre made Untangle UTM system properly tuned look at untangle appliances
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business |
|
| reply to RamGuy
quote:
The keyword is stability...and will soon be upgraded to 100mbit download and upload speeds...DHCP, dynamic DNS, DHCP / IP-reservations, port forwarding, upnp and preferably working DMZ and support for IPv6.
Second the comment that if your key desire is stability, get from names
like Juniper, Cisco, Sonicwall, et al. The one downside with that is by
the time you move up to this level, support for UPNP is dropped.
Some particular makes I can think of off the top of my head are as follows,
but they will fill all the other ticks off your checklist above :
- Juniper SSG or SRX series
- Cisco SA500 series
- Cisco 800, 180x and 181x routers. You could also look into some older gear
like a 37xx series router
- Sonicwall TZ series
- Peplink multi-wan devices -- the plus on this device is it has a pretty
good featureset AND does UPNP
Just my 00000010bits.
Regards |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Most of the high end stuff loses throughput when invoking all the extra cost services. If you willing to tinker, the pfsense makes sense.  |
|
| As the old saying goes... "stress test the environment to what you expect it to perform."
And yes, I do agree turning on all the bells and whistles can cause even the highest performing
gear to crater; my personal experience is unless the OP needs IPS / AV / UTM or crypto, they
should be fine.
Regards |
|
