[ale] Router Recommendations?

Derek Atkins derek at ihtfp.com
Fri Feb 10 23:29:39 EST 2017 

Alex, DJ,

On Fri, February 10, 2017 10:23 pm, Alex Carver wrote:
> The J1900 mini-boards are well reviewed.  They use Intel gigabit
> controllers and can push them right up to almost max.

Yeah, I'm pretty sure the J1900 would have worked.  If the Edgerouter
doesn't I'll return it and get the J1900 platform.

> I understand that the EdgeRouter Lite (three port unit) can also almost
> achieve wire speeds and there's some tests against it, too.
>
> https://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/
>
> https://jakebillo.com/replicating-the-ars-technica-router-rumble-with-a-ubiquiti-edgerouter-lite/

I've heard mixed reviews.  the Pro sounds like it *should* handle it.  But
of course it all depends on how it's configured.  I plan to
mostly-configure mine and then run some tests.  The MAIN test is the NAT;
I want to make sure my RFC1918 NATed hosts can fully use the available
bandwidth.  My CBC tunnel shouldn't -- that would be rude.  But my HE
tunnel; they don't put limits on me, AFAIK.

> On 2017-02-10 09:44, DJ-Pfulio wrote:
>> Don't use PPTP. It has been broken for years. This is well-know. Even
>> MSFT says it shouldn't be used

Sure.  I just added it for clarity.  I'd most likely use OpenVPN, but it
depends on the device.  For example I'd need to find something that works
"easily" on my wife's iPad.

>> Also, I'd be inclined to get a minimal number of ports on any router and
>> use cheaper switches if more ports are needed.

Eh. 4 ports. 8 ports.  Doesn't matter to me.  I'm more ensuring I can get
the throughput.  I'm only going to be using 2 or 3 ports on whatever I
get; I already have a nice Cisco 50-port switch.

>> I have doubts that a Celeron can keep up with GigE a VPN. Most people
>> seem happy to get 50-80Mbps over openvpn on lower-end hardware like
>> this. I don't know of any VPN solutions which do much more and
>> definitely NOT at those price points.  Would love to hear/see people
>> with facts getting better numbers for $300 equipment.

I'm not worried about VPN capacity, per se.  I certainly don't expect any
VPN'ed client to fully use 1gbps!  I dont even expect it to use 500mbps. 
My VPN concern would be CPU usage if there's not AES-NI, but even 10mbps
VPN would, IMHO, probably be good enough.  But that's not the primary
goal; the primary goal is 1gbps NAT.

>> Stick with Intel GigE NICs so offloading to the NIC can happen. Realtek
>> and others just don't seem to work well, from the reading I've done.

*nods*  The J1900 has that.

>> Know my $144 APU2 box only gets around 650Mbps in lab testing.  Didn't
>> test openvpn at the time, but other people with similar HW say 40Mbps.
>> https://forum.pfsense.org/index.php?topic=108231.msg612643#msg612643 has
>> some benchmarks for different ciphers.

Are you saying you got 650Mbps vial OpenVPN?  Or 650Mbps general NAT/routing?

-derek

-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

More information about the Ale mailing list