Looking for a new router recommendation

[Rilot]

At the moment I've got an Asus RT-AC88U at the core of my network and 3 RT-N66Us at the edge. I've got around 100 clients in the house that range from Wired PCs though to a lot of smart devices (plugs, lights, etc.). Broadband is Virgin 350Mbps cable in modem mode.
For years I ran an RT-N66U at the core as it was so reliable. I never had to reboot it, ever. I bought the AC88U when the N66U stopped getting security updates.

Unfortunately, the AC88U has been a very unreliable PoS with various issues ranging from randomly rebooting itself to ports stopping passing any traffic. The WiFi from it has been extremely unreliable too - especially in the 2.4GHz band to the point that all of my IoT devices now connect to it via an N66U as that provides a much more stable connection.

I'm looking for a new router to replace the AC88U. I'm not fussed about WiFi6 or 6E although pretty much everything decent now supports 6.
It needs to be very configurable. I need to be able to set static routes and manually assign static addresses via DHCP. Also needs to be able to override hostnames if needs be.
I bought an Asus GT-AX11000 last year but that lacked one of the critical features of being able to manually assign hostnames to devices from the router. Unfortunately, at the time Merlin wasn't supported on that device so I returned it.

I don't really have a budget in mind. Just need the functionality and above all, reliability.

Considering at the moment:

TP-Link Archer AC5400 or AX11000
Netgear Nighthawk AX6000

Open to any suggestions.

 

[BigT]

Functionality required means rolling your own would be a good solution here I feel if you're up for it. A nice multi-NIC USFF passively cooled computer with your choice of *sense or Sophos XG with access points for WiFI. I guess that's what your using the RT-N66Us for?

My no-name Chinese homebrew pfSense box has given three years of continuous service with reboots only required for OS updates. Just sits there doing it's thing, runs policy based routing for sending some traffic via VPN, acts as my inbound VPN server, VLANs for segregated IoT and guest network, timed internet access, bandwidth throttling as granular as per device, reserved IPs, no problem with gigabit WAN in theory (don't have it but specs suggest it should be fine), multi-WAN at one point with load balancing etc.

And if you don't fancy building and want support then you could just buy a Netgate appliance to get the same. If you really want to go full on then a Mikrotik router (don't know them well enough to recommend a model) offers incredible power and value but a super steep learning curve.

I'm sure a more con/prosumer unit like the ones you suggest would be fine also but it's not my forte so can't offer a good recommendation in that space.

 

[Avalon]

The horrors of Netgate are well documented, I like my devs not outsource, preferably not to think it’s OK to cut holes in the floor of tenants property, illegally evict them, threaten people with guns, jump bail, have international arrest warrants issued, be hauled back and loose the tens of thousands of dollars they got a family member to put up and be quoted as referring to an illegally evicted employee using the N word. It’s even nicer if users aren’t left in a position where the code is worse than the criminal record of the dev, and they blame someone who tried to save them from releasing said horribly broken code because it made his project that they were porting look bad. It’s also nice if they don’t have a proven track record of online harassment because someone forked on them. If that sounds like a company you want to support, buy a Netgate box. If you want pfsense without the drama, go OPNSense.

Honourable mentions to Untangle (free version will do what you want iirc, paid is a fully functional UTM and you get a lot for your money). Sophos XG was running really old OVPN last I looked, I haven’t looked at it in circa 2 years though so it’s probably worth a test drive.

In terms of hardware, as you are on VM it’s only reasonable to point out that they already offer greater than gigabit services and Gig2 looks likely in Q1-2 next year. If you aren’t bothered about going over 900Mbit or so, then an APU2C or newer is a decent buy and will run a wide range of router software, low power, but very capable. ODROID do some OK little boards that run pf (and likely OPN) quite well and also offer dual 2.5Gb. For less money a cheap ex corp SFF desktop with a dual intel NIC would do nicely, you’re literally talking £50-100 and you have the advantage of being able to drop a 2.5Gb or 10Gb card in later, this is offset by a slightly higher power consumption but it doesn’t need to be anything fancy.

The beauty of separating the router from the wifi means you can add AP’s if you want to replace the existing N66u’s or supplement them at a later date.

 

[Rainmaker]

Always +1 to building your own. Avoid anything Asus or Netgate like the plague. I see Avalon has replied while I've been typing so I'll not go into that any further.

If you want off the shelf, the new MikroTik RB5009UG+S+IN looks interesting. It's their new 'homelab' inspired router with 7x gigabit ports, 1x 2.5Gb port and 1x SFP+ cage. It only runs RouterOS 7 (beta) and their updates and learning curve are quite infamous. Good solid gear overall though, and cheap for what they are. Four of them fit in 1U and they're rack mountable if required. The port layout is a bit weird though. A single 10Gb SFP+ for... WAN? Switch uplink? Then a single 2.5Gb for one lucky device, and everyone else is left fighting for gigabit access. I'd have preferred a few 10Gb cages and maybe a couple of 2.5Gb copper ports. As it is, I think it's main use (wasted) would be to connect the 2.5Gb to the cable WAN, pass 10Gb SFP+ to a decent 10Gb switch and go from there. But then what's the point of paying for 8 ports? *shrug* Personally I'd look elsewhere.

The Cisco RV340 can be had quite cheap, but again is only a 1Gb router and VM will soon be beyond that, so, redundant.

Failing that Firewalla always catch my eye. They're Debian based boxes with a lovely GUI on top, mobile app integration and full UTM at line rate multi-gig including DPI at 3Gbps (for the Gold version). They include WireGuard VPN, anti-malware, network protection and endpoint monitoring, encrypted DNS - pretty much everything you could ask for in a nice small fanless package. Worth a nose, but they're expensive though (>£400), and you can get a nicer box for a fraction of the price if you self build.

It's really hard to find a decent box that's (1) capable, (2) not a compromise, (3) well built and supported with good software and (4) offers the connectivity you need without paying through the nose or having tons of expensive unnecessary addons. I'm at a stage where I've tinkered and built my own routers for years, but it'd be nice to just buy something capable and flexible and plug it in. But nothing comes close to x86 with $(preferred distro here) unless you're paying thousands.

 

[uvarvu]

@Rainmaker I think you should liaise with the shop and see if they can start offering builds for routers in either kit or prebuilt form.

[Post reported to get the mods attention]

 

[Maccy]

@Rainmaker I think you should liaise with the shop and see if they can start offering builds for routers in either kit or prebuilt form.

[Post reported to get the mods attention]

There's a customer service section for these kind of posts

 

[Avalon]

@Rainmaker I think you should liaise with the shop and see if they can start offering builds for routers in either kit or prebuilt form.

[Post reported to get the mods attention]

Probably better to have used the product suggestion forum, though realistically it’s such a niche market and those who want the products generally know what they want.

*edit* beaten to it by Maccy

 

[uvarvu]

@Maccy @Avalon Ahhhh cheers just found it! I've added a comment in there as well. It's just that there are quite a lot of spec me router threads and the idea to build your own does come up a lot. I think that if the shop sold something then interest in this sort of thing might increase which is only a good thing right?

 

[Avalon]

@Maccy @Avalon Ahhhh cheers just found it! I've added a comment in there as well. It's just that there are quite a lot of spec me router threads and the idea to build your own does come up a lot. I think that if the shop sold something then interest in this sort of thing might increase which is only a good thing right?

Not really unfortunately. You have an abundance of specific Chinese USFF/NUC size boxes from Quotom etc. You have the well established APU range, you have the ODROID range, and if you want cheap, you can buy an ex corp. SFF desktop for £60 that’s more than capable and a NIC for a few quid. My last router upgrade was a £59.99 Lenovo S510 (i3 6100, 4GB, 500GB HDD and Intel Pro T2). It cost me about £65 all in. Can newer be more efficient? Yes. But spending several hundred pounds to save a few watts doesn’t add up and the performance is pointless on a router, even a UTM at gigabit is fine on that. I don’t see the market, the need or the margin personally.

 

[Mikey]

For me it'd be Sophos XG or Untangle, I prefer the rule creation UI in Sophos XG.

Re hardware indeed the above will cover the requirements, my Untangle is on a Pondesk atom device and my Sophos XG is on a PowerEdge R220 Dell server.

 

[Efour]

I have a TPLink ax6000 and have found the firmware releases very buggy.

i would never buy TPlink again.

 

[Avalon]

I have a TPLink ax6000 and have found the firmware releases very buggy.

i would never buy TPlink again.

It depends on the product, the enterprise/business switches tend to be bullet proof and bring features to a price point and lower end SKU that would cost many times the price from the traditional players. The only time i've really used a consumer TP-Link router I was amazed at what it had to offer compared, long term support, enough configuration options to keep a long time *WRT user happy and rock solid stability - it was literally borrowed from the IT recyclers next door and destined for e-waste, it ended up running as it was for a few years after that other than the occasional firmware update/config change.

 

[Rainmaker]

It depends on the product, the enterprise/business switches tend to be bullet proof and bring features to a price point and lower end SKU that would cost many times the price from the traditional players. The only time i've really used a consumer TP-Link router I was amazed at what it had to offer compared, long term support, enough configuration options to keep a long time *WRT user happy and rock solid stability - it was literally borrowed from the IT recyclers next door and destined for e-waste, it ended up running as it was for a few years after that other than the occasional firmware update/config change.

By sheer chance, I've had two TP-Link switches. The first was just the cheapest offer on the day, when I needed a basic gigabit dumb switch. Metal housing, long warranty and faultless operation for five years now. I only ever rebooted it once, when our electricity mains were upgraded by Scottish Power. The competition (edit: in the same segment/price point) were all plastic jobs with little to no warranty, and cost more. I grabbed a PoE version of the same switch later that year, for the same price as a non-PoE unmanaged switch from Negtear, and it's still going strong upstairs - though I've replaced our core switch with a proper enterprise job now.

Second hand, I've read that their managed switches can do funky things with VLANs compared to the established players so you need to know/work with their quirks, but other than that I've never had cause to say a bad word about them tbh.

Edit: A word and to clarify.

 

[thewanted]

The Cisco RV340 can be had quite cheap, but again is only a 1Gb router and VM will soon be beyond that, so, redundant.

Failing that Firewalla always catch my eye. They're Debian based boxes with a lovely GUI on top, mobile app integration and full UTM at line rate multi-gig including DPI at 3Gbps (for the Gold version). They include WireGuard VPN, anti-malware, network protection and endpoint monitoring, encrypted DNS - pretty much everything you could ask for in a nice small fanless package. Worth a nose, but they're expensive though (>£400), and you can get a nicer box for a fraction of the price if you self build.

The Firewalla looks seriously cool, but I'm curious why you don't consider it redundant like the Cisco RV340 since it only has Gbit ports?

 

[Rainmaker]

The Firewalla looks seriously cool, but I'm curious why you don't consider it redundant like the Cisco RV340 since it only has Gbit ports?

I just had a second look, and you're right. I saw them advertising 3Gbps DPI and assumed (doh) that at least one interface was multi-gig. They use 'multi-gig' more than once, but the specs do say 4x 1Gbe. Poor marketing - or rather, great marketing with no hardware to back it up. In that case, back to plan A: OpenWrt on x86 and upgrade with a 10Gbps card when the WAN necessitates. Job jobbed.

 

[thewanted]

I just had a second look, and you're right. I saw them advertising 3Gbps DPI and assumed (doh) that at least one interface was multi-gig. They use 'multi-gig' more than once, but the specs do say 4x 1Gbe. Poor marketing - or rather, great marketing with no hardware to back it up. In that case, back to plan A: OpenWrt on x86 and upgrade with a 10Gbps card when the WAN necessitates. Job jobbed.

Fair enough I thought I'd missed something and the whole 3Gbps DPI thing is a little cheeky.

Buying a router is a bloody nightmare.

 

[zia]

How about one of these with running openwrt? need something with 4 lan port minimum

https://www.amazon.co.uk/gp/product/B08MTN4GV7/ref=ox_sc_act_title_2?smid=A11MFCPUOFGB6U&psc=1

Zia

 

[Avalon]

How about one of these with running openwrt? need something with 4 lan port minimum

https://www.amazon.co.uk/gp/product/B08MTN4GV7/ref=ox_sc_act_title_2?smid=A11MFCPUOFGB6U&psc=1

Zia

An ex corp desktop will cost 1/3 or less of that, have BIOS upgrade support, low power usage (system I mentioned a few posts ago is now sub 15w and I reckon I can still shave a few more off that), but more importantly a lot more grunt/potential to run additional services (either UTM functions or docker) and an inexpensive path to 2.5/10Gb down the road. As to 4 ports, while valid reasons exist, if that were just to connect additional devices to for simplicity, you are much better off/more efficient doing the switching in hardware than software.

 

[Rilot]

Thanks for tips. Gonna roll my own as suggested.
I've bagged a little Dell Optiplex with an i5 4000 series, 4GB RAM and an HP 4-port Intel-based NIC.

 

[philip2009]

I've run lots of different router OS's Cisco, Juniper, Vyos, pfSense, Untangle, RouterOS(Mikrotik both x86 and embedded), various home routers ... basically(in my opinion) the issue comes down to reliability, let me give you an example. I spent some time setting up pfSense and it ran OK until one of their updates broke it and I couldn't fix the issue, recently I switched to OPNsense and had everything set up great for months - then a few weeks back it started crashing. Don't know what the issue is, don't know if I can fix it. So I'm back to Mikrotik and Router OS which has far less extensibility and user friendliness than OPNsense but just works. Open source is great when it works, but it's somewhat of a gamble regarding updates and possible crashing.