
Homebrew router faces better tests, tougher competition - gvb
http://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/
======
mrbill
I have yet to find a better piece of hardware/software than the Edgerouter
Lite / Edgerouter X for near-gigabit NAT, for the price.

Sure, I could build something x86 that uses more power and costs 2-3x the
price, but it's nice to have a single box that "just works".

Every year or so I look to see if there's anything better, and for the past
2-3 years I have yet to find anything. I had been using the ERL, then bought
an ERX when they came out, switched all my stuff (including ipsec VPN tunnels)
over to it to "test" for a while.. and then a year later, I've not had a
driving reason to switch back to the ERL yet. The ERX is flat-out amazing for
~$50.

I have a system on the "outside" (static IP, hosted server) and then all my
"internal" stuff is behind the EdgeRouter's NAT. Hence, the desire to have
near-gigabit for when I'm transferring stuff to the server on the "outside".

I like Ubiquiti gear; in fact today I set up a UAP-AC-LR access point to test
against the performance of my Google OnHub, which is a year old and seems to
be kinda flakey lately..

~~~
throwaway2048
PCengines x86 APU2 can quite handily do gigabit, including AES acceleration
for stuff like ipsec and gigabit speeds for around $100USD

[http://www.pcengines.ch/apu2.htm](http://www.pcengines.ch/apu2.htm)

It also isn't reliant on binary kernel blob drivers to obtain full speeds, so
you arn't stuck on old kernel versions in the future with known exploits.

~~~
mrbill
I used one of their earlier boards, an ALIX 2D3, a few years ago before
needing >100Mb throughput.

[http://www.pcengines.ch/alix2d3.htm](http://www.pcengines.ch/alix2d3.htm)

------
proctor
I help to maintain a page[0] that keeps a current list of the more powerful
_wireless_ routers that support OpenWRT and DD-WRT. This arstechnica article
is about _wired_ routers (they say an article on wireless versions will be
arriving soon) but maybe it is still helpful.

[0][http://rooftopbazaar.com/routerfirmware/](http://rooftopbazaar.com/routerfirmware/)

~~~
wtallis
That list looks pretty sparse. What's it take to add more entries? For
example, I would expect to see the TP-Link Archer C2600 near the top of the
performance charts given its QCA IPQ8064 SoC and 4-stream ath10k radios. I'm
assuming you aren't actually testing all these models, so it shouldn't take
too long to pull together the relevant information on everything under
[https://downloads.openwrt.org/snapshots/trunk/ipq806x/generi...](https://downloads.openwrt.org/snapshots/trunk/ipq806x/generic/)

Also, if this list ever does grow to be more than two screens long, please add
actual filtering rather than just sorting; some of us are only interested in
routers that don't need proprietary wifi drivers.

~~~
proctor
Thanks for your suggestion! What filters would you like to see there? I have
had some comments also along the lines of it being not obvious enough what the
"sort" buttons do; Do you think the page is to "bare bones?"

As for the C2600, I do not believe it is stable yet, and still being worked
on. I deliberately don't put "trunk" only builds on the page because not
everyone is sufficiently technical to deal with them. It should show up soon
though by the looks of things (will be stable soon-ish).

~~~
wtallis
Definitely include a more detailed explanation of the criteria for inclusion
and rankings, and if possible a breakdown of the sub-scores that went in to
the final score (this can be a separate page per device, since it would
clutter the main chart). It sounds like some of this (the weights, at least)
is subjective, so transparency is important.

If this is really aimed at the less technical/experienced crowd that can't
cope with the command line, then you need a lot more background information
explained: the hardware revision bait and switch business model, what the
benefits actually are of open-source router firmware, the major differences
between DD-WRT and OpenWRT (and LEDE). Explain that Broadcom WiFi is about as
open-source friendly as NVidia graphics, and that DD-WRT can do very little to
help with WiFi issues on those hardware platforms.

It would be great if you could offer guidance for what constitutes _fast
enough_ , ie. that "tri-band" routers won't help anything, client WiFi devices
don't support more than 3 streams, and an ARM processor isn't necessary if
your WAN is only 100Mbps. Also add warnings for devices that only support
100Mb Ethernet on the WAN port or all ports, and make sure to cap the amount
that their WiFi speeds can contribute to the performance score.

Alternatively, if your target audience is people who know generally what kind
of hardware they need and just need to know which product currently delivers
that at the best price and with third-party OS support, then add filters on
major categories like NIC vendor (BRCM/QCA/MTK), built-in flash quantity
(because 8MB isn't always enough), and radio MIMO class.

More generally, it doesn't serve the public good if your chart is just
abstract bragging rights that can be gamed by things like including more RAM
than necessary or a useless extra radio for a 150% price increase. The market
should be _discouraged_ from producing overpriced overpowered devices that
have no real-world use, even if they are to some extent hackable.

------
cwisecarver
We have a Ubiquiti ERL at our office on a gigabit Ting connection. I have
consistently seen 948mbps through it on speed tests. I'm not sure how the
author saw only 200mbps.

~~~
geraldcombs
The ERL supports offloading for various protocols and features. I'm pretty
sure IPv6 offload is disabled by default, at least for older firmware
versions. Not sure about IPv4 or other protocols. Having offload disabled
would have a huge effect on performance.

~~~
mrbill
Both the ERL and ERX have hardware NAT offloading as of 1.8.5 (current
firmware is 1.9.0), but the ERL also has ipsec offloading.

[https://www.reddit.com/r/Ubiquiti/comments/4owurp/erl_vs_erx...](https://www.reddit.com/r/Ubiquiti/comments/4owurp/erl_vs_erx_hwnat/)

~~~
zaroth
Just a random note... there are very limited site-to-site scenarios where the
IPSec offload will actually kick in. I wasn't able to get offload working for
any kind of remote access scenario, meaning it's not usable as a VPN
(unaccellerated strong crypto on the MIPS is < 10 Mbps)

~~~
tbrock
Ubiquity would absolutely own this router space if they made a follow up to
the ERL with fully offloaded IPSec for stronger crypto.

------
walterbell
With a Type-1 hypervisor on a box with an IOMMU, different VMs can serve as
router, NAS, desktop and personal cloud. Router and NAS VMs would have
dedicated PCI devices, the rest can be virtual. Easy to try different router
distros.

~~~
vxxzy
This is similar to what I do. I run Debian as the host machine and then have
guests running on QEMU/KVM. I don't use IOMMU, I simply create a bridge on
each physical ethernet. This allows me to add other "router/vm" on the WAN
side and play with some additional isolated "networks".

~~~
erhardm
Same, but I'm using Open vSwitch[0] to tag internet traffic which goes to the
router VM. I was using IOMMU but on non-Intel NICs the interupts were killing
the throughput in OpenBSD.

[0] - [http://openvswitch.org/](http://openvswitch.org/)

------
anshargal
Would be nice to see how good is more expensive Mikrotik hardware. If $69 hEX
(720MHz MIPS) is the winner in a midrange category, maybe $179 Mikrotik
RB3011UiAS-RM (Dual 1.4 ARM) will just blow away the whole competition?

~~~
AstroJetson
Good question. I use the $69 version (Newegg had it on sale for less) and I'm
very happy with it. Not sure what my overall thruput is, but for all the data
xfers we do we never think it's a network issue. Stuff gets moved in a few
moments.

------
aomix
Making a diy router is a fun project if you're interested in the nitty gritty
details of things like firewall rulesets and dns resolving. And in the end
you're left with a powerful and flexible router.

------
HorizonXP
I went overboard with my own setup. Got a SuperMicro 5018A-FTN4 rack mount
server with an Intel Atom C2758 to serve as my pfSense router. Handles
Internet routing (250/20 Mbps), and has a 10GbE connection to my switch for
the rest of the network for inter-VLAN routing. I have a Cisco Aironet 3702i
delivering WiFi. Very overkill for a house but it was a super fun project.

I should probably do some testing to see its real throughput, to see if my
efforts were worth it. I should blog about it too, because it's likely a
unique setup that would be interesting to others.

------
s_q_b
Roll your own router, especially if it shares a board with the wireless access
point. Commercial configs are radically insecure.

------
vxxzy
For my home setup, I run pfSense on top of QEMU/KVM on an i7 Haswell 1U box
with 2 eth ports. I have a bridge for each eth instead of IOMMU. I can max out
the 1gbps ethernets without a huge hit. I then have a Mikrotik Gigabit 24 port
switch that everything gets hooked into. A bit overkill, but it's nice to
have.

