Recommended SOHO UFB routers at the moment?

Forums › New Zealand Broadband › Recommended SOHO UFB routers at the moment?

MrTomato

151 posts

Master Geek
+1 received by user: 37

Lifetime subscriber

#312299 4-Apr-2024 20:05

I need to buy a new router for my fibre connection, and just wanted to do a bit of a survey as to what's generally recommended at the moment.

In an ideal world, it'd be one that'll be suitable for hyperfibre in the next couple of years, but either way it certainly needs to handle gigabit traffic without any drama or slowdown. I have quite a 'detailed' network, and there are three people here working from home full-time now, so I don't want anything consumer-grade; but, equally, I'm not going to pay for Cisco enterprise-grade gear either! I don't need WiFi built in - I have a separate access point, and most of the traffic is Ethernet-based anyway.

The last time I checked (probably about five years ago now), Ubiquiti EdgeRouters seemed to be thought of as the best bet. Is this still the case? Or perhaps using a full-blown PC with two NICs, running some sort of specialised Linux distribution?

Sorry for being unfashionably out of the loop here, and thank you.

Lycopersicon lycopersicum

Spyware

3818 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

#3214317 4-Apr-2024 20:34

Switch $1099.05 + GST https://mikrotik.com/product/crs312_4c_8xg_rm

Router $1548.70 + GST https://mikrotik.com/product/ccr2116_12g_4splus

Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

MrTomato

151 posts

Master Geek
+1 received by user: 37

Lifetime subscriber

#3214339 4-Apr-2024 22:10

Spyware:

Router $1548.70 + GST https://mikrotik.com/product/ccr2116_12g_4splus

Thanks for the recommendation, but there's got to be something between "TP-Link stocking stuffer" and "trying to run a small but well-appointed ISP", surely?

Lycopersicon lycopersicum

nztim

4012 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#3214345 4-Apr-2024 22:43

MrTomato:
Spyware:

Router $1548.70 + GST https://mikrotik.com/product/ccr2116_12g_4splus

Thanks for the recommendation, but there's got to be something between "TP-Link stocking stuffer" and "trying to run a small but well-appointed ISP", surely?

That is the sweet spot, you can buy something consumer for $1-300 or you can spend $1-1500 on an SMB Mikrotik solution, or soend $3-5000 on enterprise ciscon/fortigate/sonicwall

you wanted SMB and you were given it :)

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

MrTomato

151 posts

Master Geek
+1 received by user: 37

Lifetime subscriber

#3214350 4-Apr-2024 23:05

nztim: you wanted SMB and you were given it :)

Haha! Fair enough.

Dialling back the ambition for a moment, how are we feeling about the MikroTik RB5009 or RB4011? (Not that anyone seems to have any of the RB5009 series in stock in New Zealand at the moment, though...)

Lycopersicon lycopersicum

Handle9

11924 posts

Uber Geek
+1 received by user: 9675

Trusted

Lifetime subscriber

#3214352 4-Apr-2024 23:27

nztim:
MrTomato:

Thanks for the recommendation, but there's got to be something between "TP-Link stocking stuffer" and "trying to run a small but well-appointed ISP", surely?

That is the sweet spot, you can buy something consumer for $1-300 or you can spend $1-1500 on an SMB Mikrotik solution, or soend $3-5000 on enterprise ciscon/fortigate/sonicwall

you wanted SMB and you were given it :)

Or roll your own with an OPNSense or PFsense box running on low power network appliances. Less money but more work.

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#3214353 5-Apr-2024 00:34

MrTomato:

nztim: you wanted SMB and you were given it :)

Haha! Fair enough.

Dialling back the ambition for a moment, how are we feeling about the MikroTik RB5009 or RB4011? (Not that anyone seems to have any of the RB5009 series in stock in New Zealand at the moment, though...)

Well you havent really explained your requirements. You said "a detailed network and 3 people who work from home". Honestly; 3 people who work from home is nothing. Any consumer grade router will work with that. What are your "detailed network" requirements?

That said; I have a RB5009 and its great. Im not doing anything majorly complex but a bit more than a consumer grade router could do. For example I have an IP sec connection into Oracle cloud, have Wireguard running on it too. And its possibly a bit over powered for that :) It could do some hyperfiber stuff as it has an SFP+ port and a 2.5Gb port... but you're not going to be able to make full use of a 4 or 8Gb connection.

Mighty Ape

Shop now at Mighty Ape (affiliate link).

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#3214354 5-Apr-2024 01:06

I am writing in support of the previous posts for Mikrotik.

I do Systems and Networks for a couple of ISPs and the only equipment which I am happy deploying because I know it won't cause hassles is Draytek and Mikrotik. Of those 2 I prefer Mikrotik because it does more stuff and has a familiar CLI.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

FailedWOF

48 posts

Geek
+1 received by user: 28

#3214356 5-Apr-2024 02:33

You may want to look into a Ubiquiti UDM Pro or UDM SE?

But otherwise another vote for OPNsense. I run it as a 4 vCPU VM. On an i5-4570 (Lenovo M93p desktop) I get 4.5gbps inter-vlan using iPerf (testing between 2 Windows 2k22 servers on different subnets). With the same VM but running on a Dual Xeon E5-2620 v3 r730xd I get 6gbps. Both have dual port Broadcom 578xx 10gb NICs with LACP to a Dell PowerConnect stack.

I got the 4570 6 years ago for $400, but you shouldn't be paying more than ~$500 for i5-8500 these days (I sometimes see them advertised up around $800, which is a rip). An 8500 will handle 1gbps without even breaking a sweat, and give plenty of headroom for at least 4gbps hyperfibre. Comparative CPU performance benchmarks say 8gbps might be a stretch, but that's just a guess.

I also run a Mikrotik 10gb switch (CRS309), Cisco and Ubiquiti 1gb switches, and Ubiquiti wifi. IMO, complexity wise it's runs Unifi < OPNsense < pfSense < Cisco < Dell < Mikrotik.

OPNsense < pfSense because I find the OPNsense interface cleaner and better laid out.

Cisco < Dell < Mikrotik, because even though Cisco is CLI, being a defacto 'industry standard' there is a massive amount of tutorials, examples, and well written documentation for any scenario. Dell has a GUI with reasonable help and explanations of each setting (although it's a bit clunky and I prefer the Cisco-esque CLI for making actual changes). Mikrotik was quite a learning curve when I first got the CRS309 and I ran into issues with some of the documentation in the wiki's. I'm pretty comfortable with it now, but getting it up and running did my head in. Mikrotik switches will be my go to if I ever replace the Dell's, although with an 8x5xNBD warranty to 06/12/2094 (yes, still 70 years left) they could theoretically outlive me.

nztim

4012 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#3214438 5-Apr-2024 11:19

MrTomato:

Haha! Fair enough.

Dialling back the ambition for a moment, how are we feeling about the MikroTik RB5009 or RB4011? (Not that anyone seems to have any of the RB5009 series in stock in New Zealand at the moment, though...)

RB5009 will be good for 2gbps HF as you have a 10G port and a 2.5Gport

If you want 4gbps HF you will need to go with @Spyware 's recommendation as you will need 2x 10G ports

again as others have said you need to elaborate on your requirements.

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

Jase2985

13730 posts

Uber Geek
+1 received by user: 6202

ID Verified

Lifetime subscriber

#3214445 5-Apr-2024 11:50

MrTomato:

In an ideal world, it'd be one that'll be suitable for hyperfibre in the next couple of years

That's your biggest catch right now. You could get a decent SOHO gigabit router for less than $250, and upgrade down the line when you need to get HF, hopefully by then the prices have dropped a little.

cddt

1965 posts

Uber Geek
+1 received by user: 1904

#3214568 5-Apr-2024 13:45

MrTomato:

Or perhaps using a full-blown PC with two NICs, running some sort of specialised Linux distribution?

If you want to go this route, the fashionable thing to do is look at a fanless x86 mini-PC with multiple ethernet ports. Go to Aliexpress and search for "opnsense" and you'll find dozens of choices with different CPUs, RAM, etc. The N100 based devices are extremely popular, most have 4x 2.5G ports. E.g. https://www.aliexpress.com/item/1005004822965821.html - if you want to save money you can go with an older model CPU. "Topton" seems to be a decent brand which I've seen a few good reviews for...

My referral links: BigPipe | Mercury

Dell

Shop now for Dell laptops and other devices (affiliate link).

MrTomato

151 posts

Master Geek
+1 received by user: 37

Lifetime subscriber

#3214718 5-Apr-2024 16:47

Many thanks for all the recommendations, suggestions and advice in response to my original question - I really appreciate it.

In the end, I decided to (back)order a MikroTik RB5009UG+S+IN. It has all the features I need, the speed will be more than adequate for the next 3-5 years (by my estimation - I think 2Gbps will be about right for us in the coming years), and I like the look of its innovative passive cooling solution and multiple redundant power inputs. (And its price too!)

I suspect that the next step when I have to go through this again will be a custom PC running OPNsense or similar.

Lycopersicon lycopersicum

nztim

4012 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#3215455 8-Apr-2024 09:04

MrTomato:

In the end, I decided to (back)order a MikroTik RB5009UG+S+IN. It has all the features I need, the speed will be more than adequate for the next 3-5 years (by my estimation

Make sure that

Input chain rule from the WAN (yes you need one) only allows established/related traffic.
Forward rule from your WAN/LAN (yes you need one) only allows established/related traffic.
MAC Discovery/MAC Winbox/MAC Telnet are all disabled from the WAN (and possibly a DMZ if you are going to create one)

If is very easy to plonk one of these devices onto the internet and have a security issue.

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

MrTomato

151 posts

Master Geek
+1 received by user: 37

Lifetime subscriber

#3215473 8-Apr-2024 09:59

nztim:

Make sure that

Input chain rule from the WAN (yes you need one) only allows established/related traffic.
Forward rule from your WAN/LAN (yes you need one) only allows established/related traffic.
MAC Discovery/MAC Winbox/MAC Telnet are all disabled from the WAN (and possibly a DMZ if you are going to create one)
If is very easy to plonk one of these devices onto the internet and have a security issue.

All very useful - thank you.

Lycopersicon lycopersicum

MrTomato

151 posts

Master Geek
+1 received by user: 37

Lifetime subscriber

#3228054 8-May-2024 19:00

For the benefit of anyone finding this thread in the future:

In the end I ordered a Mikrotik RB5009UG+S+IN. It's now a month in, and I'm absolutely delighted with it - it's shown itself to be fast, flexible, reliable and excellent quality. Very highly recommended.

Lycopersicon lycopersicum