eptesicus

n00b
Joined
Jan 12, 2015
Messages
62
Cincinnati Bell Fioptics is getting installed next week, and I'm going to get their 1000 Mbps by 250 Mbps connection using fiber to the home. This will be a major improvement to my 8/3 WISP PPPOE connection that I'm getting fed up with because my internet is controlled by my county's fiscal court, and they have no business in the ISP business. Anyway... I'm worried that my current Mikrotik RB2011UiAS-RM isn't going to be able to utilize all of that connection with my NAT policies and the number of IPs that I block. I'll also be looking at setting up VPN on the device too, which can affect my speed. Will the RB2011UiAS-RM with a lone 600 MHz CPU be enough? I'm contemplating building a hardware router and install pfSense, Sophos, or ClearOS (I've used pfSense in the past), or going with a Ubiquiti USG-PRO-4, as I have a Unifi 24-port POE switch and a Unifi AP on my network. I like the idea of going with Ubiquiti, but I also like the crazy things I can achieve with Mikrotik or even running another firewall OS on some hardware.

What would YOU do? What should I look for as a minimum to ensure that I get the fastest speed possible? How much am I going to need to spend? I don't mine spending up to $400-500, permitting it's going to be great hardware and it'll do everything that I need, without question.

Thanks for the input.
 
i'd build my own on pfsense, can't beat that speed...

the edgerouter lite/x are nice, but once you start adding features they won't be able to keep up with the gig download... i'm a bit too much of a power user to want them for home... at work, routing some fiber networks, no NAT, no QoS, just simple firewalling and routing, they work awesome...
 
If you're already rockin' Unifi APs and Ubiquiti switches, I'd get their router/gateway too. Costs a bit more, but it just makes management a whole lot easier.
 
i'd build my own on pfsense, can't beat that speed...

the edgerouter lite/x are nice, but once you start adding features they won't be able to keep up with the gig download... i'm a bit too much of a power user to want them for home... at work, routing some fiber networks, no NAT, no QoS, just simple firewalling and routing, they work awesome...

That's kinda what I'm thinking. No NAT or QoS is a turn-off for me. I'm looking at something like the link below. What sort of CPU specs should I look for when being a power-user and running pfSense or something comparable? I want to make sure that I have some headroom and am not going to run it hard all the time.

Something like this: http://www.ebay.com/itm/MITXPC-5-x-...173280?hash=item5d6490daa0:g:CnIAAOSw3mpXMo8y


If you're already rockin' Unifi APs and Ubiquiti switches, I'd get their router/gateway too. Costs a bit more, but it just makes management a whole lot easier.

I wish I could. But looking at it more closely, I'll really miss the capabilities that Mikrotik and pfSense have.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
I think the USG-PRO-4 does everything you mentioned.


Not without dicking with json config files and doing things outside their fancy webUI.

I have had the USG and now the USG Pro 4 - sadly disappointed with quite a few "missing" features from both that I was previously used to with PFSense / OPNSense.
 
Not without dicking with json config files and doing things outside their fancy webUI.

I have had the USG and now the USG Pro 4 - sadly disappointed with quite a few "missing" features from both that I was previously used to with PFSense / OPNSense.

I'm not saying the USG is anywhere near as flexible as pfSense. But the OP didn't mention he was doing anything unusual that might require it.
 
Not without dicking with json config files and doing things outside their fancy webUI.

I have had the USG and now the USG Pro 4 - sadly disappointed with quite a few "missing" features from both that I was previously used to with PFSense / OPNSense.

That's disappointing, and what I was worried about. I wish Mikrotik's GUI wasn't as terrible as it is, and I wish the quality of the hardware/chassis was nicer. I think I'm leaning towards the pfSense or alternative route. However, I still want to make sure that I get the hardware right.


I'm not saying the USG is anywhere near as flexible as pfSense. But the OP didn't mention he was doing anything unusual that might require it.

I didn't get into details, but yes, I want something as free and open to do whatever I want, like pfSense and Mikrotik. So, I'd like to be able to use VPN on only certain types of traffic for certain servers, and I'd like to take advantage of NAT, QOS, and whatever else I can have control over. :)
 
I didn't get into details, but yes, I want something as free and open to do whatever I want, like pfSense and Mikrotik. So, I'd like to be able to use VPN on only certain types of traffic for certain servers, and I'd like to take advantage of NAT, QOS, and whatever else I can have control over. :)

If that's the case, then build a nice pfSense router/firewall and go nuts. You can do damn near anything with those, and build a super-powered system for $300-ish. You can do VPNs, NAT and QoS on the USG from what I've read, but it's not as flexible.

I use a pfSense build myself now, but if I was building from scratch I'd go with the USG. I don't really need that much fine-grained control, and the "unified" control of everything has a lot of appeal to me.
 
If that's the case, then build a nice pfSense router/firewall and go nuts. You can do damn near anything with those, and build a super-powered system for $300-ish. You can do VPNs, NAT and QoS on the USG from what I've read, but it's not as flexible.

I use a pfSense build myself now, but if I was building from scratch I'd go with the USG. I don't really need that much fine-grained control, and the "unified" control of everything has a lot of appeal to me.

I really wish I could try out the USG through an online demo or get my hands on one and be able to return it, but I don't see that happening.
 
I really wish I could try out the USG through an online demo or get my hands on one and be able to return it, but I don't see that happening.

Yeah, Synology has a nice online demo of their NAS software. It'd be nice if UBNT did the same for their software.
 
Thanks all. It sounds like pfSense is the route I should go. I'll start a build thread on their forums to figure out which hardware I should use when having 1000/250 Mbps connection with some VPN. I want to make sure that the CPU I get will be able to get the best speeds possible for the price.
 
Im running a pfsense in a vm with 4 cpu cores and 4gb ram for my 40/20 connection and Ive never seen even 1% cpu usage
 
Im running a pfsense in a vm with 4 cpu cores and 4gb ram for my 40/20 connection and Ive never seen even 1% cpu usage

There's a substantial difference between 40/20 and 1000/250, especially when I want to run OpenVPN on the router. The faster the CPU, the faster the speed through OpenVPN. In some tests I've seen, users are getting only up to 300 Mbps through VPN (which isn't nothing to complain about) on a gigabit connection. I also want to ensure that I'll be able to use what I pay for. If I were to spend $500 building a pfsense router, that might not be enough to get a CPU that'll be able to process traffic at that speed with NAT. So, I have my concerns.
 
Getting PFsense to route 1gbit reliably takes some either expensive hardware or cheper power hungry hardware. It can be done but you are right on the mark at $400-500.

If you like the RB2011 give the RB3011 a shot. I've got one routing a 500mbit connection and it never hits more than 10% CPU.
 
yea, i would probably get a lower end i3 instead of going the power sipping "atom/celeron/whatever they're calling it now" route if you want big throughput on openvpn
 
pretty nice, you could probably get something shallower and cheaper by piecing together a supermicro... i couldn't say how loud/quiet that asus is, though...

i would probably go for the fastest T model i could afford... ~35w?
 
I'm not worried about power so much. I understand that T isn't designed for lower power consumption, but moreso for environments where heat is in issue. Microcenter does have the i3-7100 for $115 that's clocked at 3.9GHz, which wouldn't be bad, since the 7350K isn't on Asus' supported CPU list. I e-mailed ASUS to verify if it'd work. If not, I'll go for the 7100. I dig the features of the ASUS, and wish Supermicro had something similar for the price. I'll keep looking out though.
 
Im running my vm on a DL380 G6 server. I have plenty of cpu power im not using, Im pretty sure a server like this would be overkill for his needs.
 
Im running my vm on a DL380 G6 server. I have plenty of cpu power im not using, Im pretty sure a server like this would be overkill for his needs.

What services/packages are you running? Your connection is only 40/20, right? Doing some research, I need overkill in order to have the fastest speed possible with what I'm going to use the router for. 1000/250 with VPN takes a huge toll on the CPU. Even with the most impressive setups, people are seeing up to 300 Mbps through their VPN on a gigabit fiber connection, and while that's occurring, unencrypted traffic takes a dive.
 
Slightly off topic but how are you guys making these broadcast wireless? Essentially a router is a computer with some fancy software(pfsense in this case) and a bunch of ethernet ports, but how about the wireless part
 
Slightly off topic but how are you guys making these broadcast wireless? Essentially a router is a computer with some fancy software(pfsense in this case) and a bunch of ethernet ports, but how about the wireless part

A separate access point for wireless. I use the Ubiquiti AP-AC-LR at home, and will be adding one or two more for additional coverage. I use a separate switch since I have 14 network cables that need to be connected right now.
 
Last edited:
As an Amazon Associate, HardForum may earn from qualifying purchases.
Back
Top