dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2343
share rss forum feed


stshopgop

@charter.com

Robust set-it-and-forget-it SOHO router. No need for WiFi.

I'm looking for a device that can handle ~20 computers, 6-8 VoIP phones in a small retail store with heavy usage.
This client of mine has been switching from one consumer device to the other, to the other, to the other... Right now they are on ASUS RT-N12. The problem seems to lie in the performance of these devices. Every few weeks/moths the routers end up freezing/stop routing traffic/slow down to a crawl and require a reboot (they've had a couple of Linksys devices until this Asus).
There is a 80Mbit/80Mbit fiber line to the business. Some Cisco switch splits it up for 5 different stores. A 3CX VoIP box manages all of the phones (different VLAN, so it doesn't interfere with computers, if I understand correctly). All of that is managed by the ISP and I'm fine with that (they are located too far for me to take that responsibility on).
Basically, all I want is a DHCP server, 4-5 1Gbit ports, and something solid that can handle all of these connections/traffic without overheating and sh**ing the bed. What I don't want is paying for VPN, dual-WAN, Firewall, etc. because it is not used or needed. However, it is reasonable to assume that those are the devices that would have the most stout CPUs - all-in-ones.
What can you recommend? If there is a unit out there that just doesn't die under any traffic, rules it's DHCP policy with an iron fist and won't let some rogue POS-virus-ridden-windows-box take the whole network down then that is what I want. And I won't care if it happens to lack in VPN compatibility, number of SSL sessions or SPI throughput.
I've been looking at the Zyxel USG-50. Excellent reviews. However, I can get D-Link DSR-250 for $100 cheaper. The latter only has negative reviews associated with VPN.
Any input is welcome.



s1deout
Geek4Life
Premium
join:2003-12-10
Troy, OH
kudos:2

Seems like to me the best solution would be to use PFSense and then use something like an mATX motherboard , AMD processor , 4 port NIC card and an SSD.

Anything you get for cheap is going to have trouble handling an 80/80 connection.

Check out this link for some vendors as well :

»www.pfsense.org/index.php?option···temid=50

Otherwise you can look at some of the sonicwall stuff - they perform fairly well under that type of load.



mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to stshopgop

said by stshopgop :

I'm looking for a device that can handle ~20 computers, 6-8 VoIP phones in a small retail store with heavy usage.

I've been looking at the Zyxel USG-50. Excellent reviews. However, I can get D-Link DSR-250 for $100 cheaper. The latter only has negative reviews associated with VPN.

There is a 80Mbit/80Mbit fiber line to the business. Some Cisco switch splits it up for 5 different stores. A 3CX VoIP box manages all of the phones (different VLAN, so it doesn't interfere with computers, if I understand correctly). All of that is managed by the ISP and I'm fine with that (they are located too far for me to take that responsibility on)

My suggestion is the ZyWALL USG300 --- any other USG model below the USG300 will not be able to handle your heavy usage especially considering the 6-8 VoIP phones.

Configuring the USG300 is not trivial -- but ZyXEL phone support can be very helpful if you're not a knucklehead.

You will need the co-operation of the ISP to effectively configure the USG300 otherwise you will not succeed with your objective.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL

1 recommendation

reply to stshopgop

The RT-N12, like 99% of consumer off-the-shelf routers is crashing because its firmware isn't up to the task. You could install shibby's Tomato firmware on it and that would resolve the stability problem, however that model doesn't have enough CPU to handle more than about 40 Mbps of total bandwidth under typical loads.

For an 80/80 connection I would recommend m0n0wall or pfsense, both of which will meet your requirements, and both of which are free software and run on x86 hardware. In your case you'll want at least a 1GHz processor to handle up to 160 Mbps of throughput.

The D-Link you mentioned is rated for only 45 Mbps of throughput. If you're happy with that, you may as well save the money and just install Tomato on your ASUS.
--
db



billaustin
they call me Mr. Bill
Premium,MVM
join:2001-10-13
North Las Vegas, NV
kudos:5
reply to stshopgop

What's your budget for the device? This one fits your basic requirements.
»routerboard.com/RB750GL


HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

reply to stshopgop

Just about anything these days out there should handle 80/80 with no problems. The problem, as you've
discovered and others have said stshopgop is the reliability, particularly the software. Truth be told, no
gear out there, paid, OSS, or otherwise really has the corner on reliability. Alot of it is going to be (painful)
trial and error.

Dumb question, but do you have a budget in mind? Not just for the equipment initially, but also maintenence
afterwards (if any)? Just a thought, but you may want to move into the lowend enterprise gear from the likes of
Juniper, Sonicwall, Fortigate, Watchguard, Cisco, etc to meet your needs. You will have to pay these guys an
annual ransom or your firstborn or soul maintenence fee, but it may be the only way to get the stability you're after.

These last two points

said by stshopgop :

rules it's DHCP policy with an iron fist

said by stshopgop :

won't let some rogue POS-virus-ridden-windows-box take the whole network down then that is what I want.

can you clarify what exactly you want / expect by them? Off the top of my head, the 2nd point you're DEFINATELY moving
into Enterprise level gear, which can cost well into the 4 or 5 figures easy, for that level of functionality.

My 00000010bits

Regards


stshopgop

@charter.com
reply to stshopgop

I would like to be in the $250 range. And I don't want to worry about contracts or licensing. Like I said - set it and forget it.
Putting a linux box together and configuring it for routing is probably out of the question. It's going to cost in time more than comparable hardware solution, IMO. Plus it would be a bit** to fit it where current equipment is right now.
I've used RV042 in the past. Those are Linksys units and they are pretty bullet proof. One of my clients has dual DSL (probably 35Mbit down 5Mbit up in total), 3 servers (one of which is a file server that transfers several Gigabytes on a daily), about 16 clients, and a site-to-site VPN with another RV042. I can't remember last time I had to log into the console of the router. It just works.
The hesitation with the new model is caused by re-branding under Cisco. I've heard they keep cutting functionality of that terrific unit to avoid cannibalizing sales of their overpriced products. I've setup a few ASA5505s, too. But I'm tired of being gouged for their support (thanks to torrents and other sites, I have my ASAs up to date without their "invaluable" contracts *facepalm*).
TL;DR - avoiding Cisco out of principle.

I've never heard of MikroTik... Can someone else provide input on that company and their products?

Also, found TP-LINK TL-ER5120. Any comments on that?



stshopgop

@charter.com
reply to HELLFIRE

said by HELLFIRE:

Just about anything these days out there should handle 80/80 with no problems. The problem, as you've
discovered and others have said stshopgop is the reliability, particularly the software. Truth be told, no
gear out there, paid, OSS, or otherwise really has the corner on reliability. Alot of it is going to be (painful)
trial and error.

Dumb question, but do you have a budget in mind? Not just for the equipment initially, but also maintenence
afterwards (if any)? Just a thought, but you may want to move into the lowend enterprise gear from the likes of
Juniper, Sonicwall, Fortigate, Watchguard, Cisco, etc to meet your needs. You will have to pay these guys an
annual ransom or your firstborn or soul maintenence fee, but it may be the only way to get the stability you're after.

These last two points

said by stshopgop :

rules it's DHCP policy with an iron fist

said by stshopgop :

won't let some rogue POS-virus-ridden-windows-box take the whole network down then that is what I want.

can you clarify what exactly you want / expect by them? Off the top of my head, the 2nd point you're DEFINATELY moving
into Enterprise level gear, which can cost well into the 4 or 5 figures easy, for that level of functionality.

My 00000010bits

Regards

I mostly want a DHCP that properly scavenges records and doesn't have phantom memory. Bringing up Cisco again. In a network with 23 computers, I occasionally get IP conflicts with this scenario:
- computer X has IP xxx
- disconnect computer X, wait an hour (short leases)
- connect a new computer Y, it receives IP xxx
- connect computer X, it receives IP xxx ... (*&@#Y%(@)#&*YF@!@!!!!! FU***!!!!
- if there is a long enough power outage and all of the equipment comes back online at the same time. 1/4 of DHCP devices don't get an address (those that do, wait 30sec-1min for a lease). and, of course, potential IP conflicts again *facepalm*

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to stshopgop

If you're against a *nix firewall solution on homebrew hardware as hard to support, would you be willing
to check out Astaro? It's paid-ware, but GUI driven and free for personal use, IIRC

Personally I avoid Linksys by Cisco and Cisco Small Business... mostly because it's an unknown quantity.
I will agree I wouldn't recommend an ASA anything, simply because of Cisco's outdated "every function
as a licence" pricing model. As an alternative, you could look into an older Netscreen or SSG device from
Juniper. Scavange for an NS-25 / 50 (working) with a relatively simple GUI functionality, and you'd
be off to the races.

said by stshopgop :

I mostly want a DHCP that properly scavenges records and doesn't have phantom memory. Bringing up Cisco again. In a network with 23 computers, I occasionally get IP conflicts with this scenario:

Which make / model of Cisco -- again, I trust Linksys by Cisco and Cisco Small Business as far as I can kick
them -- and how long did you make your leases and your pool size? If it's only 23 hosts, you almost could get
away with static IP address assignments to avoid this, possibly.

Also, did an "ipconfig /release and /renew" fix the problem? DHCP operates by some pretty wellknown rules
-- read the RFC if you ever have a bad case of insomnia -- so I wouldn't necessarily blame the DHCP server as
the fault quite yet....

Just my 00000010bits.

Regards

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to stshopgop

Just as another thought, does said client have any critical end systems that HAVE to be up, no matter what?
You didn't provide a whole lot of detail of the inventory / breakdown of their network or gear, so I'm only
speculating... anyways, that's where that would make the argument for static assignments.

...still doesn't explain about the weird DHCP behavior you're describing... it's got wheels in my head
turning on a Saturday, which is NEVER a good thing for me

Regards



stshopgop

@charter.com

I went ahead with USG 100.



Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
Reviews:
·ooma
·Comcast
·Callcentric
·Site5.com

said by stshopgop :

I went ahead with USG 100.

Great choice!

Plug and play for sure. It should also handle that 80/80 fiber line.
--
My domain - Nightfall.net

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to stshopgop

Any Zyxel users wanna comment on what code should be loaded for optimal operation?
Or is the "get the latest from Zyxel" the best option here?

Regards



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Recommend the poster visits the Zyxel Forum for further information. I believe we have an effective Hellfire-Crisco block in place there .