TOOB 900dwn/900up router

[Maverick24m1]

Hi,

We've just had our new FTTP fitted and its been great.

But the Sagemcom router is very front end limited and I have multiple port forwarding and servers running at home.

I changed over to my existing Linitx APU2 Pfsense box that had, up until recently had an uptime of 19months!

I have now found that he maximum throughput is only (i know - sorry!) 450.00 ish mbps up and down and I'm maxing the processor core assigned. There is a few threads online with "tweaks" but ive not had much luck other than making it a bit more consistent

I have an aruba AP315 on every floor (stupid townhouse) so don't need anything with WIFI, and a 24p mikrotik switch that is coping so far.

Without having to sell a kidney - is there any suggestions on a more capable router? something rack mountable would help keep things tidy too but not essential

 

[ChrisD.]

What's your budget?

 

[Maverick24m1]

350? Maybe a touch more? Or am I being unrealistic?

 

[ChrisD.]

You could probably build a SFF PC for the budget and run pfSense on it, or perhaps use a Netgate appliance however for rackmount you're looking at a lot more money.

 

[WJA96]

Contact LinITX and ask them what they would suggest. They might have an upgrade path. Failing that I can certainly recommend the Mikrotik RB4011 (in non-WLAN guise because you don't need it and the one without WLAN is a lot cheaper.)

 

[Maverick24m1]

Ive had a look at a few SFF units but i quite like having 3 or more ports and NICs are another minefield!

The 4011 is an impressive unit - i had an old 2011 and it was a slog of a machine! but they seem to have improved on that massively!

@WJA96 - would you recommend the 4011 (non Wlan) over a CCR1009-7G-1C-PC?

Thankyou for all the information so far!

 

[ChrisD.]

But the Sagemcom router is very front end limited and I have multiple port forwarding and servers running at home.

By the way, you really should consider running a VPN server and accessing your internal network that way.

 

[WJA96]

Ive had a look at a few SFF units but i quite like having 3 or more ports and NICs are another minefield!

The 4011 is an impressive unit - i had an old 2011 and it was a slog of a machine! but they seem to have improved on that massively!

@WJA96 - would you recommend the 4011 (non Wlan) over a CCR1009-7G-1C-PC?

Thankyou for all the information so far!

I can’t say. I’ve never used that device. The RB4011 is just a BEAST of a pocket router. It’s passive and comes with rack ears. The only fly in the ointment is that the 10 ‘switched’ ports are really 2 x 5Gb switch chips so you can feed it 10Gbps through the SFP+ port but it cuts to 5 Gbps once it’s in the router itself. But for the money I don’t think there’s a router on the market to touch it. The only reason it’s not the No.1 recommended router on the planet is folks can’t be bothered to learn RouterOS.

 

[Caged]

I'd use MikroTik boxes more if they could do DNS conditional forwarding without having to do L7 traffic inspection to mark the packets and then doing a destination NAT thing on them

 

[WJA96]

I'd use MikroTik boxes more if they could do DNS conditional forwarding without having to do L7 traffic inspection to mark the packets and then doing a destination NAT thing on them

Isn’t that coming in RouterOS 7? Lol!

 

[Caged]

I'm just spoilt because it's all so easy in Junos but the price tags make it not an option for many use cases

 

[Avalon]

APU2 can NAT at 750Mbit ish, or at least - in synthetic testing - that’s where I landed. If you’re otherwise happy an R210-II or R220 is a cheap rack mount option for £100ish used, but £60-70 gets you an SFF i3 6100, 4GB and some form of storage, throw a Intel T2 or T4 NIC at it and you have a low power box that will do near line speed. You could always virtualise with all the fun that brings and use the APU2 for CARP which mitigates the most obvious downside with virtualisation.

 

[thewanted]

We've just had our new FTTP fitted and its been great.

Hey,

Have you ever run a Thinkbroadband.com broadband quality monitor against your toob connection? I'm really interested to see the ping jitter and if there is any packet loss.

 

[Rainmaker]

I changed over to my existing Linitx APU2 Pfsense box that had, up until recently had an uptime of 19months!

I have now found that he maximum throughput is only (i know - sorry!) 450.00 ish mbps up and down and I'm maxing the processor core assigned. There is a few threads online with "tweaks" but ive not had much luck other than making it a bit more consistent

You just need to tell FreeBSD that the NICs have multiple queues available. It defaults to a single queue per NIC. Instructions are here. Failing that, any Linux based distro (IPFire, VyOS, bare Linux CLI) will give you full duplex gigabit without breaking sweat, out of the box. Source: I had an APU2C4 and loved it.

Edit: The page has been updated since I last read it. For pfSense 2.5 and above the tweaks (using all NIC queues) are active by default and give full gigabit out of the box also. Be aware that pfSense 2.5 is buggy atm and is shipping with an insecure and broken WireGuard module. I'd suggest Linux or OPNSense personally. Either way, the box you have is perfectly adequate, no need to spend again.

 

[benftl]

The Sagemcom is pretty poo. It gives you a choice of 3 subnets to use and you can't define your own which personally I've never seen on any other router.

@Maverick24m1 did you ever get the Linitx APU2 performing at full speed? I might have to get myself one though I've never used Opnsense etc before - hopefully the learning curve won't be too steep

 

[Avalon]

The Sagemcom is pretty poo. It gives you a choice of 3 subnets to use and you can't define your own which personally I've never seen on any other router.

@Maverick24m1 did you ever get the Linitx APU2 performing at full speed? I might have to get myself one though I've never used Opnsense etc before - hopefully the learning curve won't be too steep

I can’t recall a single consumer Sagem product that I have ever liked, either modem, router or phone, they have all been crap.

As the current custodian of an APU2, they are great little devices, low power, small, silent, surprisingly capable with decent hardware support in most OS’, but if buying new now, i’m not sure that’s where I would be putting my money. Last I looked (I haven’t actually done a build or even racked a server in months at this point) as little as £45 got you an ADI-SA2X-BE with dual i210’s on ebay, better CPU/more RAM and the seller had hundreds to shift. Realistically any low end ex corp desktop with a spare PCIe is ideal for a firewall, they’re usually very quiet (it’s an office machine) and reasonably efficient, and as long as it supports AES-NI CPU wise, you can get decent OVPN performance, or better yet use Wireguard if your end point provider supports it. If you want small/cute then NUC size options exist, even single NIC can be made to work via VLAN as long as you accept you are limited to the port bandwidth in any one direction (less of an issue in non symmetrical WAN situations), you can also go USB NIC, though that comes with its own issues under OPN/PF or BSD in general.

 

[FreeStream]

Currently running a HP T620, apparently capable of just about doing 1G up and down and the fact it uses 50-60% CPU on my 550/75 FTTP connection makes sense.

Fitted with a quad port NIC, idles at<10W averages about 14W.

for £80 + a NIC seems pretty capable!

 

[Cyber-Mav]

I can’t say. I’ve never used that device. The RB4011 is just a BEAST of a pocket router. It’s passive and comes with rack ears. The only fly in the ointment is that the 10 ‘switched’ ports are really 2 x 5Gb switch chips so you can feed it 10Gbps through the SFP+ port but it cuts to 5 Gbps once it’s in the router itself. But for the money I don’t think there’s a router on the market to touch it. The only reason it’s not the No.1 recommended router on the planet is folks can’t be bothered to learn RouterOS.

Vpn throughput is not 10gbps on it

 

[Avalon]

Vpn throughput is not 10gbps on it

Did I miss someone saying it could VPN at 10Gbit? I mean the post you quote clearly doesn’t say it can NAT at 10Gbit (2x5Gbit) let alone VPN.

 

[Cyber-Mav]

How fast can it vpn then?