Need help selecting network gear for new house

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Need help selecting network gear for new house

CrunchiePotatoes

10 posts

Wannabe Geek

#290428 10-Nov-2021 21:46

Hi All

Im just about to move in to a new place and wanting to get some decent networking gear.

Basically I'm looking for a setup with more power and control than what I'd get with a ISP supplied router/AP. For example I want decent wireless performance/stability for a few wifi smart devices and enough firewall control to be able to prevent devices that have no right talking to the internet, phoning home etc.

In terms of devices on the network I would want to support

~4 or 5 Ethernet connected, including a Home Assistant server running on a pi
2 PoE Reolink security Cams (currently just recording to SD card)
WiFi - Several laptops/phones etc and a bunch of wifi smart devices
Future - I'll look to add a NAS and maybe an NVR at some point (perhaps a Synology box that appears to do both, or maybe set up my own...)

The layout of the house is kinda long with lots of walls etc, so thinking two WiFi AP's would be good.

What I have considered so far:

Unifi Dream Machine (or Pro) - from a software point of view it looks like this would give me great control over the network and could easily add a Ubiquti AP. I would still be needing to add some extra switching capability though. Overall Im not sure if this is worth the cost. And not super thrilled with the form factor of the UDM.
A Ubiquiti EdgeRouter ER-X-SFP + a switch (such as the TP-Link TL-SG108PE) + 2 PoE APs (maybe ubiquiti again) - This option is definitely saving some money, Im just a little unsure if the Edgerouter is really appropriate for what I want and what can be done with it?
Instead of the EdgeRouter as above, using something running PFsense - but not sure what the best hardware for that might be...

Are there any good options I have missed?

What would you suggest I try?

Thanks!

phrozenpenguin

842 posts

Ultimate Geek

#2810908 10-Nov-2021 23:05

I would recommend Ubiquiti gear and I use your second bullet point; Edgerouter X SFP and two AC Lite access points. It has been rock solid for years. I'm on 200/20 fibre, not sure how it would handle gigabit.

If you want to go the Pfsense route then prepare for more of a project - selecting hardware, updating software etc etc. It can be great, but depends what you want. I want my internet to work without issue - it isn't a project box for me!

fe31nz

1232 posts

Uber Geek

#2810912 11-Nov-2021 00:56

An ER-X has a tiny CPU, which means that once you have a decent firewall setup with multiple subnets (required if you want to isolate your untrustworthy IoT devices), rebooting it will take ages as it uses its CPU to parse the configuration. Once booted, it should be capable of routing gigabit traffic just fine as it uses routing hardware to offload all of that. But there are some features (such as QoS = Quality of Service) which will prevent offloading if they are enabled, and then the routing speed with any decent firewall setup will drop to well below 200 Mbit/s. Generally the features that prevent offloading are not needed with a high speed connection though - so the decision to use an ER-X really depends on how much a boot time of up to 10 minutes will annoy you. With my ERL, which has slightly bettter CPU, I was eventually getting around 7 minute boot times, and the time taken to make configuration changes was similarly affected. So after using it for a number of years, I replaced it with an ER4, which has a much better CPU, and also more RAM, so that it can handle larger connection tables which can be important if you do torrents as I do. I found that my torrent performance increased noticeably, but other traffic that only uses a single connection or a small number of connections ran at the same speed as with the ERL. I really like and use the full capabilities provided by a router like the ER series. I have even written some scripts that directly use the underlying Debian Linux networking to do some things my ERL and ER4 do not do directly from the Ubiquiti firmware.

A Dream Machine may be overkill - you can run the same control software that you get on a DM as a program on a PC. It does not need to be running all the time, but there are some things that can work better if it is. So if you have a PC that is already running 24/7, you can just install the UniFi software on it and get a cheaper Ubiquiti access point or two. The PC software does use a fair bit of resources on a PC (I think it is all Java, and it also needs a database), but I have it installed on a decent Ubuntu 20.04 PC that does MythTV for my mother and it seems to be working well. I have a Ubiquiti FlexHD access point attached to it. When the time comes to update to the latest WiFi standards (when I have devices that use them), I will be considering getting two APs as I do have one small area of the house where there is fairly bad WiFi signal.

As well as my ER4 and FlexHD, I also have an EdgeSwitch 24 as my Ethernet switch. This is a full commercial grade smart switch with heaps of features and full VLAN control. One of the simplest features is one I like best - it allows you to add names to each Ethernet port in its GUI, so I no longer need to keep track of what is plugged into each port except to give it a descriptive name.

rp1790

738 posts

Ultimate Geek

Lifetime subscriber

#2810955 11-Nov-2021 07:57

I had and Edgerouter and an EdgeSwitch but sold them both to get a UDM Pro and haven't looked back. Love the single pane of glass for management. the form factor is a wee bit of a pain but works out ok in the end.

Don't know if they're available yet but if you can get the UDM Pro SE that comes with standard POE ports. With the number of devices you're talking about you wouldn't need another switch, yet.

timmmay

20589 posts

Uber Geek

Trusted

Lifetime subscriber

#2810956 11-Nov-2021 08:06

My main thought is things change, make sure you make it easy to upgrade devices and cables later. Put in ducting, ethernet everywhere you might possibly want it including to bedrooms that might end up offices, into the ceiling if you think an alarm box might want it, etc. Make duct access easy. Have a central place for devices like routers.

SirHumphreyAppleby

2849 posts

Uber Geek

#2810959 11-Nov-2021 08:13

phrozenpenguin:

If you want to go the Pfsense route then prepare for more of a project - selecting hardware, updating software etc etc. It can be great, but depends what you want. I want my internet to work without issue - it isn't a project box for me!

As capable as my ERL was, I really hated having to do anything with it. I found I had to look up how to do things on the rare occasions I needed to reconfigure something, especially if it involved IPv6 as that was completely absent from the UI. The pfSense interface is comparatively easy to use and I'm pleased I switched back.

There is only one issue with pfSense (although arguably it's an ISP issue)... PPPoE. For this reason alone, if your ISP uses PPPoE, you must use a CPU with a fairly high clock speed as PPP uses a single core. This assumes you don't run any add ons to pfSense (I don't), which may also require extra processing power for other tasks.

CrunchiePotatoes

10 posts

Wannabe Geek

#2811142 11-Nov-2021 15:00

fe31nz:

An ER-X has a tiny CPU, which means that once you have a decent firewall setup with multiple subnets (required if you want to isolate your untrustworthy IoT devices), rebooting it will take ages as it uses its CPU to parse the configuration. Once booted, it should be capable of routing gigabit traffic just fine as it uses routing hardware to offload all of that. But there are some features (such as QoS = Quality of Service) which will prevent offloading if they are enabled, and then the routing speed with any decent firewall setup will drop to well below 200 Mbit/s.

That's a great point about the ER-X, definitely not keen on long boot times and drops in performance with more features required. I'll take a look at once of the higher end models

CrunchiePotatoes

10 posts

Wannabe Geek

#2811144 11-Nov-2021 15:01

SirHumphreyAppleby:

There is only one issue with pfSense (although arguably it's an ISP issue)... PPPoE. For this reason alone, if your ISP uses PPPoE, you must use a CPU with a fairly high clock speed as PPP uses a single core. This assumes you don't run any add ons to pfSense (I don't), which may also require extra processing power for other tasks.

What is considered a high clock speed here? is 1 Ghz enough?

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

SirHumphreyAppleby

2849 posts

Uber Geek

#2811152 11-Nov-2021 15:12

CrunchiePotatoes:

What is considered a high clock speed here? is 1 Ghz enough?

For gigabit PPPoE, no.

My current pfSense box is a virtual machine running on an Intel i7. I have recently obtained a Pentium N4200 (1.1-2.5GHz) which I am hoping will be fast enough with boost enabled. An i3 would be better, but the N4200 has the advantage of not being very power hungry.

Also, for best results use Intel network cards.

phrozenpenguin

842 posts

Ultimate Geek

#2812914 15-Nov-2021 00:07

Trying to put things in context here.

- A longer boot time - how often do you reboot your router (my ER-X has uptime of 10 months, and that was because I physically moved it including removing power)? Although an Edgerouter 4 would be better specs than and ER-X, its also 3x the price.

- An i7 for a router (pfsense). Seems excessive - cost, energy use, size, thermals etc. I understand why it makes sense for some people, but as a first step for an isp supplied router it seems overkill.

- You haven't mentioned budget, and the options you are talking about span quite a range!

chevrolux

4962 posts

Uber Geek
Inactive user

#2812955 15-Nov-2021 07:02

Ubiquiti just don't make good routers. Only UBNT thing worth getting are thr Unifi APs. A unifi nightmare machine is just VERY expensive junk that has to be over spec'd just sonit can generate all the pretty images in the dashboard. It's routing configurafion is still made for kids. The EdgeRouters are pretty nice hardware wise, but that software sucks just as much too - its 2021, you shouldn't need to use a CLI (or edit config files) to configure a router.

If you're comfortable installing and configuring pfSense, go hard. These days though, pfSense seems overkill in a home situation. If you want a highly configurable router, you won't do better than Mikrotik. The RB4011, or the new RB5009, smashes everything else out of the park at that price point.

cyril7

9058 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2812957 15-Nov-2021 07:06

Hi, I agree with Sam @chevrolux, the APs are good, the routers are just a pain the ar$e. I manage a couple of Edgerouters at work, they are both on death row, RB4011's will replace them, way more flexible devices. That said the learning curve is quite steep. As for pfsense, recently set one up for another GZ member, it replaced an aging virtual firewall on a host with many other required VMs so it made sense, but in reality from a power consumption perspective teh RB4011 will eat it hands down, both on network performance and power consumption, especially when you factor in the pppoe limitations of pfsense.

Cyril