11 May
2018
11 May
'18
5:23 a.m.
Hello Everyone,
Considering there is a good chunk of routing-savvy HAMs here, I thought
I'd use you as a sounding board on what would be a good router to buy.
Specifically, I have a project to consolidate the current adhoc setup of
three consumer grade "routers" to one larger, better router. I'm
considering something like a:
https://mikrotik.com/product/CCR1009-7G-1C-1Splus
<https://mikrotik.com/product/CCR1009-7G-1C-1Splus>
or maybe https://mikrotik.com/product/rb1100ahx4
<https://mikrotik.com/product/rb1100ahx4>
I'm looking for something that is:
- very stable
- offer long term software updates (a support contract might be fine)
- Has strong support for IPv4 NAT (to better the consumer routers
mentioned above) for the three IPs we have onsite
- maybe some L2 segmenting and vlan'ing support for traffic isolation
- has performance to grow into
- has a decent GUI UI for others in the club who can't / won't cope
with a CLI
- ACLs to limit incoming traffic to specific hosts (say limit RDP
traffic to just some people to some hosts, etc)
- maybe.. just maybe support SSL VPNs or IPSEC
- maybe dual power supplies
- stretch goal: native support for IPv6
- I have no need for dynamic routing protocols. This is a single
site and statics are fine
For background on our needs, the site supports a multi-RF link repeater
system has:
- two unique IRLP nodes (low use)
- one Echolink node (low use)
- one WIresX enabled Yaesu System Fusion repeater (decent use)
- One three band Icom Dstar stack (1.2Ghz DD system as well) (decent
use)
- One Internet enabled Motorola DMR repeater (decent use)
- backhaul of rarely used multi-county 3.4Ghz wifi network
- other random needs for remote management (SSH, RDP, etc)
I believe something like a Miktrotik would be fine for our low-end needs
but maybe something from Ubiquiti or others would be fine. I'm perfectly
comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird
of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same
point), etc. I personally think a lot of the lower tier vendor's
products have come a LONG way so I don't need/want/care for "carrier"
grade.
If you have any other recommendations for a quality but not too
expensive router, I'd love to hear it!
--David
KI6ZHD
11 May
11 May
6:10 a.m.
You might consider one of the routers from PFW Hardware
(http://www.pfwhardware.com/). I’m using their PFW200, which comes
pre-loaded with OpnSense. The PFW200 seems to be no longer available, but
you would probably want the PFW400 (four ports instead of three) or PFW800
(six ports). Rack mounting is available, if that’s important to you.
OpnSense is related to M0n0wall and PFSense, but most of the codebase has
been rewritten to be more secure and maintainable. If you look on their
website (OpnSense.org) the discuss their development philosophy, which I
find impressive.
It has lots of features, and a nice GUI.
73,
Lynn. V31LK / N8AF
On Thu, May 10, 2018 at 10:23 PM David Ranch <amprgw(a)trinnet.net> wrote:
>
> Hello Everyone,
>
> Considering there is a good chunk of routing-savvy HAMs here, I thought
> I'd use you as a sounding board on what would be a good router to buy.
> Specifically, I have a project to consolidate the current adhoc setup of
> three consumer grade "routers" to one larger, better router. I'm
> considering something like a:
>
> https://mikrotik.com/product/CCR1009-7G-1C-1Splus
> <https://mikrotik.com/product/CCR1009-7G-1C-1Splus>
>
> or maybe https://mikrotik.com/product/rb1100ahx4
> <https://mikrotik.com/product/rb1100ahx4>
>
>
> I'm looking for something that is:
> - very stable
> - offer long term software updates (a support contract might be fine)
> - Has strong support for IPv4 NAT (to better the consumer routers
> mentioned above) for the three IPs we have onsite
> - maybe some L2 segmenting and vlan'ing support for traffic isolation
> - has performance to grow into
> - has a decent GUI UI for others in the club who can't / won't cope
> with a CLI
> - ACLs to limit incoming traffic to specific hosts (say limit RDP
> traffic to just some people to some hosts, etc)
> - maybe.. just maybe support SSL VPNs or IPSEC
> - maybe dual power supplies
> - stretch goal: native support for IPv6
> - I have no need for dynamic routing protocols. This is a single
> site and statics are fine
>
>
> For background on our needs, the site supports a multi-RF link repeater
> system has:
>
> - two unique IRLP nodes (low use)
> - one Echolink node (low use)
> - one WIresX enabled Yaesu System Fusion repeater (decent use)
> - One three band Icom Dstar stack (1.2Ghz DD system as well) (decent
> use)
> - One Internet enabled Motorola DMR repeater (decent use)
> - backhaul of rarely used multi-county 3.4Ghz wifi network
> - other random needs for remote management (SSH, RDP, etc)
>
>
> I believe something like a Miktrotik would be fine for our low-end needs
> but maybe something from Ubiquiti or others would be fine. I'm perfectly
> comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird
> of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same
> point), etc. I personally think a lot of the lower tier vendor's
> products have come a LONG way so I don't need/want/care for "carrier"
> grade.
>
>
> If you have any other recommendations for a quality but not too
> expensive router, I'd love to hear it!
>
> --David
> KI6ZHD
>
6:37 a.m.
Hi David,
I use MikroTiks both at home and for work (our production Webservers and
Database machines run through them).
Also I have a solution I will be documenting which will allow you to get
route-able 44.x.x.x (AMPRnet) public IP addresses over VPN and have found
an economical provider to do the BGP via a virtual host. Initial setup and
testing is looking good. I hope to publish soon, though I have Hamvention
and SeaPac coming up.
On Thu, May 10, 2018 at 9:23 PM, David Ranch <amprgw(a)trinnet.net> wrote:
>
> Hello Everyone,
>
> Considering there is a good chunk of routing-savvy HAMs here, I thought
> I'd use you as a sounding board on what would be a good router to buy.
> Specifically, I have a project to consolidate the current adhoc setup of
> three consumer grade "routers" to one larger, better router. I'm
> considering something like a:
>
> https://mikrotik.com/product/CCR1009-7G-1C-1Splus <
> https://mikrotik.com/product/CCR1009-7G-1C-1Splus>
>
> or maybe https://mikrotik.com/product/rb1100ahx4 <
> https://mikrotik.com/product/rb1100ahx4>
>
>
> I'm looking for something that is:
> - very stable
> - offer long term software updates (a support contract might be fine)
> - Has strong support for IPv4 NAT (to better the consumer routers
> mentioned above) for the three IPs we have onsite
> - maybe some L2 segmenting and vlan'ing support for traffic isolation
> - has performance to grow into
> - has a decent GUI UI for others in the club who can't / won't cope
> with a CLI
> - ACLs to limit incoming traffic to specific hosts (say limit RDP
> traffic to just some people to some hosts, etc)
> - maybe.. just maybe support SSL VPNs or IPSEC
> - maybe dual power supplies
> - stretch goal: native support for IPv6
> - I have no need for dynamic routing protocols. This is a single site
> and statics are fine
>
>
> For background on our needs, the site supports a multi-RF link repeater
> system has:
>
> - two unique IRLP nodes (low use)
> - one Echolink node (low use)
> - one WIresX enabled Yaesu System Fusion repeater (decent use)
> - One three band Icom Dstar stack (1.2Ghz DD system as well) (decent
> use)
> - One Internet enabled Motorola DMR repeater (decent use)
> - backhaul of rarely used multi-county 3.4Ghz wifi network
> - other random needs for remote management (SSH, RDP, etc)
>
>
> I believe something like a Miktrotik would be fine for our low-end needs
> but maybe something from Ubiquiti or others would be fine. I'm perfectly
> comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird of
> a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same point),
> etc. I personally think a lot of the lower tier vendor's products have
> come a LONG way so I don't need/want/care for "carrier" grade.
>
>
> If you have any other recommendations for a quality but not too expensive
> router, I'd love to hear it!
>
> --David
> KI6ZHD
>
7:14 a.m.
Hi David,
I have used the RB1100AHx2 and currently have the CCR1009-7G-1C-1Splus.
The latter fulfills all your requirements, and so does the RB1100AHx4,
without any issues regarding performance.
But unless you have a need for the SFP and SFP+ slots, I would rather
recommend the RB1100AHx4 Dude Edition.
This one has an internal SSD disk, which allows you to run 2
applications which are problematic without it and which you may want to
have.
- The Dude Server - which is a nice monitoring tool which needs storage
space and is write intensive. It could be run on a SD card, but it fares
better on the SSD
- The user manager, a light Radius implementation, which also works
better on the SSD
The AHx4 Dude Edition also allows you to add additional storage via MII
or SATA, which may come in handy, and supplementary allows a telecom
power supply.
Marius, YO2LOJ
On 11.05.2018 07:23, David Ranch wrote:
>
> Hello Everyone,
>
> Considering there is a good chunk of routing-savvy HAMs here, I
> thought I'd use you as a sounding board on what would be a good router
> to buy. Specifically, I have a project to consolidate the current
> adhoc setup of three consumer grade "routers" to one larger, better
> router. I'm considering something like a:
>
> https://mikrotik.com/product/CCR1009-7G-1C-1Splus
> <https://mikrotik.com/product/CCR1009-7G-1C-1Splus>
>
> or maybe https://mikrotik.com/product/rb1100ahx4
> <https://mikrotik.com/product/rb1100ahx4>
>
>
> I'm looking for something that is:
> - very stable
> - offer long term software updates (a support contract might be fine)
> - Has strong support for IPv4 NAT (to better the consumer routers
> mentioned above) for the three IPs we have onsite
> - maybe some L2 segmenting and vlan'ing support for traffic isolation
> - has performance to grow into
> - has a decent GUI UI for others in the club who can't / won't cope
> with a CLI
> - ACLs to limit incoming traffic to specific hosts (say limit RDP
> traffic to just some people to some hosts, etc)
> - maybe.. just maybe support SSL VPNs or IPSEC
> - maybe dual power supplies
> - stretch goal: native support for IPv6
> - I have no need for dynamic routing protocols. This is a single
> site and statics are fine
>
>
> For background on our needs, the site supports a multi-RF link
> repeater system has:
>
> - two unique IRLP nodes (low use)
> - one Echolink node (low use)
> - one WIresX enabled Yaesu System Fusion repeater (decent use)
> - One three band Icom Dstar stack (1.2Ghz DD system as well)
> (decent use)
> - One Internet enabled Motorola DMR repeater (decent use)
> - backhaul of rarely used multi-county 3.4Ghz wifi network
> - other random needs for remote management (SSH, RDP, etc)
>
>
> I believe something like a Miktrotik would be fine for our low-end
> needs but maybe something from Ubiquiti or others would be fine. I'm
> perfectly comfortable with a CLI and I'm decently versed in Mikrotik
> (a bit weird of a UI), IOS (but I don't want to pay for Cisco prices,
> JUNOS (same point), etc. I personally think a lot of the lower tier
> vendor's products have come a LONG way so I don't need/want/care for
> "carrier" grade.
>
>
> If you have any other recommendations for a quality but not too
> expensive router, I'd love to hear it!
>
> --David
> KI6ZHD
>
2:47 p.m.
I would go with a small itx pc with dual gygabit nic and a 4 port pcie gygabit nic. that
give you 6 nic in a box.
Run this under Openwrt, or opensense or pfsense. You could even run miKrotiK OS
you can have a small ssd in there and 4 gig of ram to be sure all is ok and this setup
would be able to do all of your need and even more.
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de David
Ranch <amprgw(a)trinnet.net>
Envoyé : 11 mai 2018 00:23
À : AMPRNet working group
Objet : [44net] OT: Recommendations for a small to medium size router for a multi-purpose
repeater site
Hello Everyone,
Considering there is a good chunk of routing-savvy HAMs here, I thought
I'd use you as a sounding board on what would be a good router to buy.
Specifically, I have a project to consolidate the current adhoc setup of
three consumer grade "routers" to one larger, better router. I'm
considering something like a:
https://mikrotik.com/product/CCR1009-7G-1C-1Splus
[https://i.mt.lv/mtv2/fb_mikrotik.jpg]<https://mikrotik.com/product/CCR10…
MikroTik Routers and Wireless - Products:
CCR1009-7G-1C-1S+<https://mikrotik.com/product/CCR1009-7G-1C-1Splus>
mikrotik.com
MikroTik Wireless systems, Switches, Ethernet routers, RouterBOARD products, Antennas and
Accessories
<https://mikrotik.com/product/CCR1009-7G-1C-1Splus>
or maybe https://mikrotik.com/product/rb1100ahx4
<https://mikrotik.com/product/rb1100ahx4>
I'm looking for something that is:
- very stable
- offer long term software updates (a support contract might be fine)
- Has strong support for IPv4 NAT (to better the consumer routers
mentioned above) for the three IPs we have onsite
- maybe some L2 segmenting and vlan'ing support for traffic isolation
- has performance to grow into
- has a decent GUI UI for others in the club who can't / won't cope
with a CLI
- ACLs to limit incoming traffic to specific hosts (say limit RDP
traffic to just some people to some hosts, etc)
- maybe.. just maybe support SSL VPNs or IPSEC
- maybe dual power supplies
- stretch goal: native support for IPv6
- I have no need for dynamic routing protocols. This is a single
site and statics are fine
For background on our needs, the site supports a multi-RF link repeater
system has:
- two unique IRLP nodes (low use)
- one Echolink node (low use)
- one WIresX enabled Yaesu System Fusion repeater (decent use)
- One three band Icom Dstar stack (1.2Ghz DD system as well) (decent
use)
- One Internet enabled Motorola DMR repeater (decent use)
- backhaul of rarely used multi-county 3.4Ghz wifi network
- other random needs for remote management (SSH, RDP, etc)
I believe something like a Miktrotik would be fine for our low-end needs
but maybe something from Ubiquiti or others would be fine. I'm perfectly
comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird
of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same
point), etc. I personally think a lot of the lower tier vendor's
products have come a LONG way so I don't need/want/care for "carrier"
grade.
If you have any other recommendations for a quality but not too
expensive router, I'd love to hear it!
--David
KI6ZHD
![https://i.mt.lv/mtv2/fb_mikrotik.jpg]<https://mikrotik.com/product/CCR10…](https://i.mt.lv/mtv2/fb_mikrotik.jpg]%3Chttps://mikrotik.com/product/CCR1009-7G-1C-1Splus%3E){kind=link}
12 May
12 May
4:53 p.m.
I appreciate all the comments so far and please keep them coming if you
have an opinion!
I would go with a small itx pc with dual gygabit nic
and a 4 port pcie gygabit nic. that give you 6 nic in a box.
The issue I have with using a PC is most of these solutions DON'T
support any sort of L2 switching in an ASIC. Sure, they can do this in
software bridging code but this is not optimal. Then it comes down to
more purpose built , hardened hardware. I can try to buy some
industrial PC cases, etc but it gets WAY more expensive in a hurry when
you go that route. I've done it many times in the past but since I have
to build something that might have to hand over to someone else one day,
I think it would be best to be a little more mainstream.
Run this under Openwrt, or opensense or pfsense. You
could even run miKrotiK OS
I DO like the concept of running OpenWRT as the availability of getting
updated binaries should be a lot longer. The thing I worry about is the
slow demise of OpenWRT like what we all saw with say DD-WRT, Tomatoe,
etc. DD-WRT is still "kinda" around in the beta releases but it sure
seems like it's on "failing life support". Mikrotik seems to have a
strong feature set with more commercial support. I'm willing to pay for
if it's worth it. It sure seems like Ubiquiti has been coming up with
available routers, etc. too from their Wifi roots but no one here has
advocated for them. That's ok as there has to be like 30+ router vendors
out there. I just need one. :-)
you can have a small ssd in there and 4 gig of ram to
be sure all is ok and this setup would be able to do all of your need and even more.
One thing I'm unclear on with Mikrotik is their different generations of
hardware. I DO want to make sure I get the newer generation so, in
theory, I get the longer supported OS support. Does anyone know if the
CCR1009-7G-1C-1Splus is a new generation of hardware or is it older?
Regarding buying a box that can run "The Dude" on an internal SSD, do
Wifi, or other stuff on the side. That was something I was planning on
running on a separate machine with say TICK, Zabbix, etc. Not sure but
I seriously worry if something goes south in that system, can it harm
the router. That's NOT acceptable in my book.
Finally, Pete M brought up the topic I was waiting for: security quality
of code. Mikrotik has had some bad vulnerabilities recently that
morphed into at least two different worms. I also know that no company
is perfect. In these two examples, anyone intentionally exposing a
device's admin interface to the raw Internet is seriously asking for
it. That's REGARDLESS of who manufacture's the device. That won't
happen in this installation but I would like to confirm that most people
have been happy with Mikrotik or other proposed vendor's hardware and
software otherwise.
I also know that some people use firewalls as their primary router.
Juniper's SRX300 line is their new hardware gen but it costs $1000 which
is exorbitant for us. I imagine similar products from Fortinet, Palo
Alto, etc. are similarly priced though say a Cisco ASA5506 is cheaper.
Yes, I can get used but then I won't get the support or updated code but
I also then worry about some vendor's support for IPIP, etc. I'm really
just needing a quality router.
--David
KI6ZHD
2191
days inactive
2192
days old
5 comments
5 participants
participants (5)
-
David Ranch -
K7VE - John -
Lynn Grant -
Marius Petrescu -
pete M