[ale] Recommended (or not) routers

DJ-Pfulio djpfulio at jdpfu.com
Wed Jan 4 11:10:25 EST 2017 

My Recommendations for technical people:

1) Keep wifi away from routing.  Use APs which can be placed / upgraded as
needed. Using PoE means just running a CAT5e cable to the best location for the
AP (center of a house, ceiling?). Ubiquiti makes different APs for whatever you
need. The $58 "n" version is more than most people need, since their WAN isn't
any faster. They make all sorts of APs. Want a grid? Fine.  Also, their Android
management app handles the setup nicely. They have a java app too - I've never
used it.

2) Avoid "home" routers. They aren't patched enough. Unpatched IoT will be a
global issue more than it is currently. This applies to routers as well.  If the
OS isn't patched constantly, avoid it.

3) Avoid after market firmware that isn't patched/updated monthly. Check the
dd-wrt/tomato/openwrt releases. The last stable release for my prior router was
2011! Search "Asus router hacked"

So .... what does that leave?

a) Use a minimal OS that is constantly patched as the router software. That is
probably a mainstream minimal BSD or mini-Linux distro.

b) Use 64-bit hardware with as many ethernet ports as needed for subnets/VLANs
and WiFi APs. 32-bit versions of the popular OSes are going away. A router
specific device, but x86-64 is available for $144 shipped from Europe. This is
an AMD GX-412TC CPU 6W. Add $50 to get it from a reseller in the USA. Arrived in
3 days for me.

c) Use switches to expand ports. A cheap, dumb 8-port $15 GigE switch is just
fine. TrendNET is what I'm using, but a dumb switch is a dumb switch.  I have
burned out D-Link and Netgear dumb switches, however. Now I buy metal cases only
which helps with switch cooling.  I've seen issues with Netgear home routers
multiple times which showed wifi issues.  Turned off the wifi, connected a
Ubiquiti AP - life is good.

d) WAN performance isn't usually an issue for most people.  LAN performance can
be handled by switches, unless routing between different subnets is necessary.

With all that said, what to use?

* Software: Ars did 3 articles about this topic:
http://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/
is the last one.  That's the software.  Paying more doesn't mean getting better
stuff or even good support.

* Any low-power x86-64 system with enough ethernet ports for your need.  I'm not
anti-Ubiquiti or RouterOS. Just they don't patch as often as I'd like and both
companies have violated the GPL previously.  For a while, the J1900 was the CPU
to get for this stuff.
A few people here have these: https://www.pcengines.ch/apu2c4.htm The older Alix
systems are too slow for most people here.

Other options:
 http://www.mikrotik.com/ and
 https://www.ubnt.com/edgemax/edgerouter/ and
 https://www.ubnt.com/edgemax/edgerouter-lite/

* WiFi: ubiquiti. Is there any other choice for the price?  They make long range
wifi connections that are multi-gig and 200+ miles, if you need it.  The wifi
placement is seldom where you want your router. Why be stuck?

* If you do go with a BSD/Linux distro solution, get Intel NICs. Avoid Realtek.
There are multiple reasons. Life is just easier, faster, lower CPU overhead
using Intel NICs.

I don't have any good advice for grandma or non-techical people. I'd be inclined
to push pfsense/opensense due to their bulletproof upgrade methods and bonehead
backup/restore methods.

DO NOT run edge routers inside a VM.  For LAN routing, VMs are fine. A tiny
config mistake doesn't screw the security for the entire network there.

Get a UPS. Minimally conditioned power is always good. There was an outage here
last weekend - all the clocks were blinking the following morning, but my
servers didn't even beep.  Routing, phone, networking stuff can probably last 6+
hrs on the UPS they are on if I shutdown extra servers that aren't absolutely
critical.  Saw a 1500VA for $130 a few weeks ago.  I'm at the point of replacing
batteries every 5-ish years in mine 2 UPSes. Never regretted having these,
though I have burned out a few cheaper APC and switched to another brand without
the same reputation, CyberPower.


What do other people think? Please review the 3 Ars articles.


On 01/04/2017 10:07 AM, Ken Cochran wrote:
> Hey ALErs & Happy New Year :)
> Looks like I need to get a couple of wireless routers.
> Any updated Words Of Wisdom/pointers on what to seek or avoid?
> 
> My 1st one was an ASUS RT-N16, ran DD-WRT, think I bought as
> refurb, worked great for years, now lightning-damaged (WAN port
> now bad).
> 
> 2nd, ASUS RT-AC68P, also refurb, stock firmware but it's in
> DD-WRT's support list, also lost to lightning.
> 
> 3rd & current, ASUS RT-AC68P (again, liked the last one), another
> refurb, works fine.
> 
> Looking for:
> 1.  Alternative/open-source firmware support (DD-WRT, Tomato,
>     whatever; suggestions?)
> 2.  Not super expensive, umm... <$200 or so?
> 3.  Recommended places to get?  The above 3 all came from NewEgg
>     but who else is good for reburbs?  (Anyone in
>     ATL/Microcenter/Fry's?)
>

More information about the Ale mailing list