[ale] Router Recommendations?

Derek Atkins derek at ihtfp.com
Fri Feb 10 12:30:01 EST 2017


Thanks.  One user on Amazon did report getting 940Mbps on the pfSense box
(although he used Ubuntu).  I just wanted to make sure there's enough
power on there to do the routing I need without slowing me down..  It
appears the CPU does not include AES-NI, which may affect IPsec
performance?

Also, can anyone confirm that pfSense will successfully policy-route IPv6?
 I saw a complaint on the pfSense forums from 2012 but no follow-up on
whether it had been resolved.

-derek

On Fri, February 10, 2017 12:14 pm, dev null zero two wrote:
> pfsense. a quad core box can do all that and Snort on a gigabit connection
> easily.
>
> Sent from my mobile. Please excuse the brevity, spelling, and punctuation.
>
> On Feb 10, 2017 12:05 PM, "Dustin Priest" <dustin.h.strickland at gmail.com>
> wrote:
>
>> I'd go with the pfSense unit, personally, if for no other reason than I
>> have experience with it and I know it will handle whatever I need it to
>> do.
>> No clue about the Edgerouter.
>>
>>
>> On 2/10/2017 11:55 AM, Derek Atkins wrote:
>>
>>> Hi,
>>>
>>> I got my fiber upgrade installed the other day and it looks like my
>>> poor
>>> Mikrotik router just can't keep up.  When I connect my laptop directly
>>> to my AT&T router speedtest.net gives me 500/950 (don't ask me why it's
>>> only getting 500 down -- I plan to ask).  However, when I connect
>>> through my Mikrotik I get limited to about 150-200 up/down.
>>>
>>> So I'm looking to replace the Mikrotik, but looking for suggestions.
>>> The two options I'm considering at the moment are a Ubiquiti Edgerouter
>>> Pro 8 [0] for $316, or pfSense installed on a 4x1Gb quad-core
>>> celeron[1]
>>> with 8G RAM and 64G mSATA SSD for $310.
>>>
>>> My requirements:
>>>
>>> 1) sustained 1Gbps throughput, even via NAT, tunnels, or other routing
>>> 2) GRE tunnel support (used to tunnel my class-C network)
>>> 3) IPIP (protocol 41) tunnel support (used for HE's IPv6 tunnelbroker)
>>> 4) Some VPN solution (IPsec/OpenVPN/PPTP, for when I travel)
>>> 5) IPv4 policy based routing so I can route my class-C over the GRE
>>>     tunnel and my RC1918 network via NAT (I'm pretty sure everything
>>>     does this)
>>> 6) IPv6 policy based routing so I can have some machines on the IPv6
>>>     tunnel and other hosts on an ISP-supplied IPv6 network and ensure
>>>     packets get routed out the correct method.  (my mikrotik doesn't
>>>     support this!)
>>> 7) Multiple IPs (both v4 and v6) on an interface (I run both my class-C
>>>     and RFC1918 networks on the same LAN)
>>>
>>> What do you all think about these options?  Which would be more likely
>>> to support my requirements?
>>>
>>> Thanks!
>>>
>>> -derek
>>>
>>> [0] https://www.amazon.com/Ubiquiti-Networks-Edgerouter-Router-
>>> ERPro-8/dp/B00IA5J8M8/ref=sr_1_1?s=pc&ie=UTF8&qid=148674190
>>> 9&sr=1-1&keywords=edgerouter+pro
>>> [1] https://www.amazon.com/dp/B01MEGSMRZ?psc=1
>>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant



More information about the Ale mailing list