ISP upgraded network to 2Gbps - Time to update hardware

Hi All,

As the title suggests, my ISP has just “doubled” my internet plan from 1Gpbs to 2Gbps! Their new modem/router combo has a 2.5G nic and while I could just suck it up and use their combo router, I prefer to have control over my network and use my own hardware.

I’m currently rocking an old Linksys WRT1900AC running OpenWRT - it’s served me well over the years, but I’m in the odd situation where my ISP provides more bandwidth than I can handle!

GOALS

  1. Fully utilize the bandwidth available to me. While it would be fun to fully saturate the connection with a single device, I’d rather distribute that bandwidth across multiple devices.

  2. Configure the network as I see fit. I currently run a few VLANs to separate guests/roommates, work, and personal equipment / media - I forward a few ports for some outside access, ya know - typical stuff.

Eventually, I want to run 10G locally and my ISP has a goal is to provide 10G fiber by 2026. By then, dedicated hardware prices should be reasonable… Speaking of budget - I’m thinking around $300?

It seems to me that we’re in a weird situation hardware wise, where 10G gear is real pricey (aside from DIY, ofc) and 2.5/5G is coming in as a stop gap to leverage the current infrastructure before everything is replaced by fiber, but even that is all relatively new.

Solutions?

I have noticed a few of the newer wireless routers sporting a 2.5G NIC like the TP-Link AX6600. And while the new AX wifi spec looks fast, AC is still good enough for me. Plus, I’ve been running OpenWRT for so long that I’m not sure I could go back to your typical consumer featureset…

One product that stood out to me is the new MikroTik RB5009. I’ve heard good things about the company and this device looks to have a feature set that will last a while - sporting a 2.5G NIC, a SPF+ port, and 7 1G ethernet ports. I’d turn my old router into a dumb AP if I went this route.

I have a lot of half-baked ideas about this and could probably ramble on a bit more. But I’m curious to hear your thoughts and suggestions!

I went from openwrt on user grade gear over to Ubiquiti Unifi gear. It was a worthwhile upgrade.

I’ve heard good things about Ubiquiti gear, but I’m not seeing really anything to handle my situation (a 2Gbps WAN connection) without getting into the enterprise gear / 10Gbps SPF+ connections. Their current offering of EdgeRouters don’t look to have support for > 1Gbps either. Am I supposed to look at their “dream machine” line? They look neat, but that’s a lot of software…

I’m sure this whole situation is a small edge case (as least in the US) with consumer internet speeds the way they are in most parts of the country. Maybe I should look at what other countries are doing? Maybe building a DIY router and separate switch is the most cost effective way to go?

Cheapest 2.5Gbit router I found at my “local” vendor is an Asus RT-AX86S:

Type Router
EAN 4711081304302
Manufacturer code 90IG05F0-MO3A00

It sells at around your budget limit here, so it might be cheaper in the US, if available there. (this is an EU model probably) No idea how the user interface is or how well it’s supported by OpenWRT.

What’s your upload speed, 2G down / 2G up (do you need to route/nat/firewall 2Gbps or 4 or …).

You could get an LGA-1200 board with a single 2.5Gbps port, a i3-10105F, small stick of ram, picopsu, a USB stick and keep running OpenWRT on it… possibly for <200 or thereabouts.

This looks like a good option - I’ll add it to the list, thanks!

Oh, I wish it were symmetric! It’s 2G down and 75Mb up :confused: But I really shouldn’t complain, especially living where I do (Alaska). I’d like to route/nat/firewall the 2G into two separate 1G chunks. Setting aside 1G for my machine over the wire and the rest to the WIFI AP that’s shared with the rest of the house. I’m not a network guru by any stretch, but I think that should be doable in the configuration (somehow), or maybe it’ll just work out that way with how the hardware is setup.

That’s the sort of thing I was thinking about with a DIY setup. I do have an OLD i5 NUC that I was going to turn into a dedicated arcade. I could use if it has an expandable PCI lane (I haven’t opened it up in a long time).

I’m still leaning towards that new MikroTik router and will probably see if they’re actually available from someone who will ship here. e.g. Microcenter throws on a ridiculous shipping price for outside the lower 48. I’ll probably end up mulling over my options for a bit and make a decision later next week. I very much appreciate your suggestions, however!

Given your requirements, I would ditch your old wifi Ap and go with this router/ap combo (RB4011iGS+5HacQ2HnD-IN … gotta love engineer’s naming conventions) :

From what I have heard wave2 really makes a huge difference on Mikrotik and makes it a competitive WiFi offering. However 2G will not work when you enable the wave2 package on that(RB4011 Wifi) device. Audience is also a compelling device(can route as well), as is HAP AC3. I am in similar situation as OP and I think I will go with Audience+virtualised router(OPNSense or VyOS).

RB5009 is kind of like a raspberry pi 4 connected to a semi-multi gig switch.

It’s a shame routeros is so locked down.

I’ve been thinking, if you could get something better by using e.g. the odroid n2+ ($95 on ameridroid) (each of the 4 performance cores is 2x the performance of rpi cores + 2 efficiency a53 cores that rpi4 doesn’t have at all) + a usb3 nic + a multi-gig switch of your own.

But the problem is IO, even though the thing uses a usb3.1 hub the SOC has a single USB3.0 going to it.

So you’re limited to 2.5 Gbps up+down … and router needs to move 2Gbps in from internet + 2gbps out towards lan.

If you’re going SBC DIY route, you need something that has PCIe.

Odroid H2+ with a netboard would’ve been perfect, except for the component shortage.

Maybe if you went down the ITX + Celeron route… You’d still stay under 200 with openwrt… and then a fast switch brings it to 300/400, but you can use the x86 box to maybe host stuff at home, or to server things at low bandwidth to the internet.

From my experience a full router OS like Mikrotik or OPNSense is much easier and better to maintain than DIY or even OpenWRT.

RB5009 can do L3 in hardware as well, but I’m not sure Mikrotik will get it’s act together in software to use it.

I can agree with this, especially when it comes to troubleshooting.
With really simple network configurations and almost no custom firewall rules I would say OpenWRT is the more suitable solution.
But as soon as there’s something that can break, it’s much easier to troubleshoot with fully fledged out opnsense than with openwrt. No problems I couldn’t easily solve, while on openwrt I’ve had issues that just don’t have a way of troubleshooting.

This looks like an interesting option - though this brings up a fundamental question about SFP+ - I’m pretty sure there are RJ45 → SFP+ adapters, so are there any known issues / caveats when you use those?

Thanks again for all your help!

nvm on the SFP+ question - after some research they seem to work well for the most part…

It seems like the DIY solution is better feature / cost wise and I can get my hands on an old Dell OptiPlex 3040 (the tower model) for free from the office. I’m curious what the power consumption will be on that though and whether that’s worth it.

When doing DIY - do most people put OPNSense on bare metal? Or do VMs work well (assuming PCI passthrough is an option for the NIC(s)). I don’t see myself using the machine for more than a basic router/firewall/switch, but another VM with Pi-Hole seems like a decent option.

@retox I would think the power consumption would be pretty high, but since you are getting the Dell Optiplex 3040 for free, I don’t think you need to worry about t power consumption. However, you want to make sure the Dell Optiplex 3040 has two separate ethernet ports and make sure they are Intel. The reason is you want one port for the Wan and another port for the Lan. I went with a Netgate (Pfsense) appliance last Christmas and have been pleased with my decision.

I wouldn’t put the Virtrlize version of Opensense directly on the internet for two reasons. First, virtualizing any router software increases the complexity of the solution. Second, it increases the risk of being hacked. The better solution is bare metal. The problem with using the Pi-Hole other than the other objections I raised, is that it only has one ethernet port, and it won’t handle enough bandwidth for a 1Gb connection, let alone a 2Gb link.

You mean LAN, right?

Assuming you don’t factor in the cost of your time, you are right.
E.g: if learning new things and experimenting and eventually becoming the single point of failure for internet connectivity at your place isn’t in the cost comparison …
This coming from someone with two servers in the basement and running pfsense virtualized on truenas :slight_smile: so I think I can talk with some direct experience on the matter.
What the Mikrotik (or something along the lines) gives you is a match to what you had, in your budget, that brings your setup to support the 2.5GB line … what you are thinking about doing is a complete redesign of your network with some (depending on your skills) hours, or tens of hours, to dedicate to the project.
I am all for the second one, but you need to relly be into it … we can help, but in the end it will be on you to be able to stream netflix instead of fiddling with hardware/virtual machines, routing and system updates …

@Dutch_Master good catch on the spelling error, Yes I did mean Lan. I should know better than post an hour after my usual bedtime. I have since corrected it.

1 Like

Well said, and really this ties into the crux of my issue. As much as I enjoy tinkering, there’s a large part of me that’s screaming “YOU HAVE ENOUGH PROJECTS”! Hell, I’ve contemplated just using my ISPs combo unit for everything and taking a chance with its software and the potential of ISP shenanigans.

I’m just not used being in the situation where my ISP is FASTER than almost all of the wired consumer equipment available. Maybe I’m still in a state of shock, but yeah, I wasn’t expecting this so soon…

Part of me wants to just forgo the ISP speed, knowing that it frankly doesn’t matter and I wont ended up seeing much of a difference - note: My monthly bill hasn’t changed at all. I’m more concerned with having “unlimited” bandwidth, as after living for so many years with “fast” capped internet and moving to unlimited lifted a physical stressor out of my life.

The best solution for me would just to find a new router with 2.5Gbps functionality that supports some opensource OS and do a drop in replacement. Sadly, all of this is too new and it’ll take the OS community a bit to catch up.

Anyways, enough rambling/mental flip-flopping

Have any of you played with Macciatobin’s boards before? They support OpenWRT and look to have potential (even 10G!)

1 Like

If you can get the Optiplex 3040 for free, all you need is a capable nic you can install into and a 2.5/5Gbps/10Gbps switch - that’s easily within your budget and is useful stuff to have around the house

Between bare metal and VM, I think bare metal is easier.

I’d go with Debian minimal install, or OpenWRT.

OpenWRT gets you things like nd relaying for IPv6, and a web UI to control multiple wan failover policies, and clicky basic firewall configuration, and that kind of stuff.

Debian gets you access to more software but provides less out of the box guidance for anything (27 different ways of setting up firewalls and 15 different DHCP servers…). Despite choices, you can still just configure interfaces with systemd-networkd, enable ssh, write 5 lines of /etc/iptables/iptables.rules, run dnsmasq as your dhcp and dns server, and there’s your home router.