[ale] Recommended (or not) routers
Alex Carver
agcarver+ale at acarver.net
Wed Jan 4 12:11:57 EST 2017
I've seen that Ars article before. The J1900 is still available on
Amazon for about $150. I was planning on getting that one sometime this
year to replace my old Linksys WRT. I'll convert the WRT to AP/switch
duty once replaced.
Building one from an x86 or ARM machine is also useful for logging, live
monitoring, active threat detection and defense and a few other services
since you can stuff the machine with RAM and swap space. Don't overload
the router too much with services, split services off that don't really
need to be on the router itself. Raspberry Pis, Beagle Bones and other
SBCs are very useful for internal services. For example, take DHCP and
DNS off the router and park it on another system. VPN would benefit
from that, too (I run OpenVPN on a Pi 2 and it works reasonably well,
initial negotiation is slow but data is fast after that).
For the grandma application, especially remote applications, I would
hang a very simple Pi Zero or other tiny SBC behind the router, set up a
port forward so you can SSH into the Pi using key authentication (no
password) and then you can SSH back into the router from the LAN side
(also with key auth). That will keep access to the router one step
removed from the Internet behind two different password protected keys.
You can then patch as needed. The only trick is if something messes up
and blocks access to the Pi. But if the router isn't overloaded with
services then updates should be straightforward.
On 2017-01-04 08:10, DJ-Pfulio wrote:
> My Recommendations for technical people:
>
> 1) Keep wifi away from routing. Use APs which can be placed / upgraded as
> needed. Using PoE means just running a CAT5e cable to the best location for the
> AP (center of a house, ceiling?). Ubiquiti makes different APs for whatever you
> need. The $58 "n" version is more than most people need, since their WAN isn't
> any faster. They make all sorts of APs. Want a grid? Fine. Also, their Android
> management app handles the setup nicely. They have a java app too - I've never
> used it.
>
> 2) Avoid "home" routers. They aren't patched enough. Unpatched IoT will be a
> global issue more than it is currently. This applies to routers as well. If the
> OS isn't patched constantly, avoid it.
>
> 3) Avoid after market firmware that isn't patched/updated monthly. Check the
> dd-wrt/tomato/openwrt releases. The last stable release for my prior router was
> 2011! Search "Asus router hacked"
>
> So .... what does that leave?
>
> a) Use a minimal OS that is constantly patched as the router software. That is
> probably a mainstream minimal BSD or mini-Linux distro.
>
> b) Use 64-bit hardware with as many ethernet ports as needed for subnets/VLANs
> and WiFi APs. 32-bit versions of the popular OSes are going away. A router
> specific device, but x86-64 is available for $144 shipped from Europe. This is
> an AMD GX-412TC CPU 6W. Add $50 to get it from a reseller in the USA. Arrived in
> 3 days for me.
>
> c) Use switches to expand ports. A cheap, dumb 8-port $15 GigE switch is just
> fine. TrendNET is what I'm using, but a dumb switch is a dumb switch. I have
> burned out D-Link and Netgear dumb switches, however. Now I buy metal cases only
> which helps with switch cooling. I've seen issues with Netgear home routers
> multiple times which showed wifi issues. Turned off the wifi, connected a
> Ubiquiti AP - life is good.
>
> d) WAN performance isn't usually an issue for most people. LAN performance can
> be handled by switches, unless routing between different subnets is necessary.
>
> With all that said, what to use?
>
> * Software: Ars did 3 articles about this topic:
> http://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/
> is the last one. That's the software. Paying more doesn't mean getting better
> stuff or even good support.
>
> * Any low-power x86-64 system with enough ethernet ports for your need. I'm not
> anti-Ubiquiti or RouterOS. Just they don't patch as often as I'd like and both
> companies have violated the GPL previously. For a while, the J1900 was the CPU
> to get for this stuff.
> A few people here have these: https://www.pcengines.ch/apu2c4.htm The older Alix
> systems are too slow for most people here.
>
> Other options:
> http://www.mikrotik.com/ and
> https://www.ubnt.com/edgemax/edgerouter/ and
> https://www.ubnt.com/edgemax/edgerouter-lite/
>
> * WiFi: ubiquiti. Is there any other choice for the price? They make long range
> wifi connections that are multi-gig and 200+ miles, if you need it. The wifi
> placement is seldom where you want your router. Why be stuck?
>
> * If you do go with a BSD/Linux distro solution, get Intel NICs. Avoid Realtek.
> There are multiple reasons. Life is just easier, faster, lower CPU overhead
> using Intel NICs.
>
> I don't have any good advice for grandma or non-techical people. I'd be inclined
> to push pfsense/opensense due to their bulletproof upgrade methods and bonehead
> backup/restore methods.
>
> DO NOT run edge routers inside a VM. For LAN routing, VMs are fine. A tiny
> config mistake doesn't screw the security for the entire network there.
>
> Get a UPS. Minimally conditioned power is always good. There was an outage here
> last weekend - all the clocks were blinking the following morning, but my
> servers didn't even beep. Routing, phone, networking stuff can probably last 6+
> hrs on the UPS they are on if I shutdown extra servers that aren't absolutely
> critical. Saw a 1500VA for $130 a few weeks ago. I'm at the point of replacing
> batteries every 5-ish years in mine 2 UPSes. Never regretted having these,
> though I have burned out a few cheaper APC and switched to another brand without
> the same reputation, CyberPower.
>
>
> What do other people think? Please review the 3 Ars articles.
>
>
> On 01/04/2017 10:07 AM, Ken Cochran wrote:
>> Hey ALErs & Happy New Year :)
>> Looks like I need to get a couple of wireless routers.
>> Any updated Words Of Wisdom/pointers on what to seek or avoid?
>>
>> My 1st one was an ASUS RT-N16, ran DD-WRT, think I bought as
>> refurb, worked great for years, now lightning-damaged (WAN port
>> now bad).
>>
>> 2nd, ASUS RT-AC68P, also refurb, stock firmware but it's in
>> DD-WRT's support list, also lost to lightning.
>>
>> 3rd & current, ASUS RT-AC68P (again, liked the last one), another
>> refurb, works fine.
>>
>> Looking for:
>> 1. Alternative/open-source firmware support (DD-WRT, Tomato,
>> whatever; suggestions?)
>> 2. Not super expensive, umm... <$200 or so?
>> 3. Recommended places to get? The above 3 all came from NewEgg
>> but who else is good for reburbs? (Anyone in
>> ATL/Microcenter/Fry's?)
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
More information about the Ale
mailing list