Got the usual paranoia vibes after listening to this fellow
I do have an ASUS ax86 pro router, and I did realize that it stopped getting fw updates (had to manually flash to the latest one just now).
What cool tech kids actually see as a decent router (with wifi 6 support), that they would actually seem fit to use at home?
I have been looking at MicroTik for some time, but not being a devops\network engineer, I feel that I can only configure a helloWorld level of setup, hopefully making things not worse than it is right now.
Looks interesting. But I have bad history from installing custom fw on routers. Last time it was a tplink (I think), where installing was easy, but going back was comparable to doing a colonoscopy to myself with the tools, I found in the garage. And had that experience twice, with every time being resorted into booting the router into some very special service recovery mode through a series of very specific stepsâŚ
I would really want to buy something that âjust worksâ(+good).
ASUS actually contributes to Merlin. Itâs overall pretty stable and almost 1 to 1 with the stock firmware and going back uses the same process as flashing Merlin or stock firmware would be.
I did just now read through the features, and did see a lot of things that are already there. Think Iâll give it a try when my vacation starts. Thanks
Ubiquiti Unifi if you want mostly advanced but easy config, and dont mind the price
Same for Alta Labs.
Firewalla if you want a fully home focused product with advanced security, but super simple options and interface and dont mind shelling out the money to have the majority âjust handled for youâ.
Mikrotik if you want huge customizability and advanced features and want to configure it more like professional equipment or just want all the features for the least money
Opnsense if you want to turn a PC you have with multiple network ports into a router/firewall and want to learn more about configuration
OpenWRT if you want to convert your current consumer grade router into something more featured and secure and you have a model that supports it.
Used enterprise equipment off Ebay if you want to configure them like real professional equipment (cause it is) and learn all about networking but donât mind dealing with possible licensing issues, you have a far away place to mount them because they are very loud, and your electricity costs are very low cause they suck a lot of power, but you get a whole lot of hardware and features for very low price.
I jumped in without being a network engineer/devops and I do admit that it can be a bit daunting with the amount of things you can set up. But the documentation and a couple of their youtube videoâs really helped me get started. Especially getting a basic setup done was pretty ok with that. And from there I started tinkering a bit
Currently running a hAP ax², which does all I need for now. Iâm happy with the switch to MikroTik! But I get that it can be a bit much when youâre just diving in.
This one looks interesting. I never do much configuration on a router - setup pppoe, wifiâs⌠and maybe a scheduler for daily reboots (seem to have better time with internet stability). And maybe that âgame modeâ, although I have never seen something work better here. So, I guess, Iâm the average user when it comes to this type of equipement.
But if to look at this beauty, Firewalla Gold Plus: 2.5G Cyber Security Firewall & Router Protecting | Firewalla, what would I need to have a wireless network? A separate module, which connects through ethernet? (meaning that if I have 3 devices, connected through ethernet, I would be using that last port for wifi, right?)
I do understand that this is an interesting topic to dive into, but I already work in development, and my threshold for diving into documentations and learning some new technology has been reached for this yearâŚ
Basically, I feel completely fine for giving someone money for their product⌠as long as that product earned it. If I had a friend close by, good in this sort of stuff, I wouldnât hesitate to give him/her some money just to tell me what to buy, and how to configure it properly.
You could be right. But there is one core problem - at this moment I am fully drained for the topic of sitting and learning again something new (home projects with new stuff + learning new software platform solution with intense speed and limited time took everything from me). I feel that my brain simply will not stand for another round of documentations, with learning how routers/switches work and what are the layers of communications inside⌠meaning that I will basically look at the âhello worldâ, not knowing what I actually did and how bad it actually is in terms of security.
If you want all of the automatic security features like the zero trust stuff then you would use the Gold Plus router and their AP7 wireless access point:
You can plug that right into the Gold Plus or you can use a network switch if you want more wired devices, such as this one:
The AP7 device can also be used as mesh units when you buy more of them, either with wired backhaul or wireless backhaul through its 4x4 6GHz band so it has plenty of backhaul bandwidth.
Last yearâs (and latest) plan was to replace my Edgerouter-X in its 9th year of non-stop service with Bananapi BPI-R4 running OpenWrt.
But since ERX is still perfectly fine, and Iâm not gaining much in practice, the BPI-R4 is collecting dust after a mishap. Not incentivised enough to roll out the new router.
Personal preference for me is Unifi gear. I use it both at home and in my production networks. When I first made the change to using them at home I had very little experience with them or networking in general and it was pretty easy to get a safe basic setup going. I did get lucky and the homelab and home network set me up with the ability to slide into a nice gig so Iâm sure Iâm a bit biased there. Their new(er) range of soho equipment might make them a nice option for you too.
How comparable are the all-in-one devices like my asus router to the big guys like Unifi, Firewalla and other solutions, which are a separate switch, requiring to get a separate device for wireless and stuff?
I am speaking about performance, horsepower (if such thing relates to network devices with the same plane of network performance, e.g. 1gb for example) and stuff? And I am speaking in terms of home use.
I basically have two things, which Iâm not happy with, but canât really tell if chasing for better network equipment would do any good:
There is a game, which I constantly play - PathOfExile. From what I can deduct, its network solution is to send many small packages at a time unit, instead of packing them (there are good engineers working for that game, and I think they made it this way for a purpose). Thing here is that if I have something running, like a torrent, with even less than 1mb out(but I can see this happening even with youtube playing music in the back) - 20ms in the game (has its own monitor) increases to 200+. My only thought here is the amount of data packages currently being processed by the router.
Even more silly - dns initialization for a network connection. I can be browsing from a pc, and decide to pick up my phone. The first web request from it will either take some time, or even end up in a failed connection (did see a dns probe error few times).
Depending on the speed of your internet connection, Unifi has a âsmart queuesâ feature that might help with this. I say âmightâ because it seems to be at the client level, rather than app or destination-specific. But thereâs also traffic management options for QoS and the like as well.
The answer here is âit dependsâ â on whether your current configuration is forwarding DNS requests to an external provider (Google, OpenDNS, Cloudflare, Quad9, the DNS servers handed out by your ISP during the routerâs DHCP assignment, etc.) or if it is doing its own recursive DNS lookups. But if itâs hitting the same site as you were hitting on the PC and is still slow, then somethingâs likely going wrong with the DNS caching on the router you have.
Enable QoS (Smart Queues in Unifi speak) and cap your WAN bandwidth to 80% of what it can deliver. That should prevent latency spikes when torrenting. You may also need to limit the global number of torrent connections if the router has a weak CPU.
Ditch your ISPâs crappy DNS servers. I usually use Quad9 (9.9.9.9) with CloudFlare Security (1.1.1.2) as a backup.
One of the few areas Unifi is lacking in is actually QoS. I wish they would provide a more advanced interface there but I doubt it is on their radar right now.
Most routers have QoS features, and how advanced they are as far as options and setup depends on the device. It has been 10 years since I last used Asus so I dont remember their options much but I remember it was basically just an on/off switch I think? Same as Unifi really. You may be able to use this feature on the asus router and solve your problem without getting new hardware though. Your router has a quad core 2ghz CPU, so it should be plenty fine for the traffic and number of packets it is processing. Though I know torrenting is hard on router CPUs due to number of connections.
Firewalla is more advanced in this regard, as you have both static (always on) and adaptive (off unless enough bandwidth is being used). You can also select which queue algorithm is used (though you typically just leave it as fq_codel), and you can also set rules for types of traffic. So you can prioritize gaming and video calls for instance, as well as select which devices QoS is used for or which networks (vlans) it is used on. You could also make a QoS rule specific to your torrent poret and tell it torrent traffic should always be lowest priority to everything else if you wanted.
These types of options Firewalla has are also available on OpnSense, PfSense, and Mikrotik as well. It isnât specific to Firewalla, just that they are all giving you the full options for this feature. Though Firewalla does make using rules for types of traffic far easier than everyone else, as they are a layer7 router (application aware). OpnSense and PfSense need extra plugins to become layer 7 type as well. Unifi is L7 but simply takes away all your options for QoS except for on/off.
Asus is also happy to market you the feature for âgaming trafficâ prioritization for specific network connections/PCs. I do wonder if it actually does something.
Well. It is a 100mbps lined connection (because I simply do not use streaming services⌠making it useless). But the point here is that âif the line is free, or has communication within kbps, all works wellâ. But give it some actual traffic close to 1mbps, and you start rethinking life choices.
Considered this to be a specific DNS server issue. But the simptoms look quite close to each other, bringing up the idea of it being related to something above.
And I canât really catch the moment (its always somewhere, when you least expect it), to actually sit and start playing with network debug tools.
