Hello Everyone,
Considering there is a good chunk of routing-savvy HAMs here, I thought I'd use you as a sounding board on what would be a good router to buy. Specifically, I have a project to consolidate the current adhoc setup of three consumer grade "routers" to one larger, better router. I'm considering something like a:
https://mikrotik.com/product/CCR1009-7G-1C-1Splus https://mikrotik.com/product/CCR1009-7G-1C-1Splus
or maybe https://mikrotik.com/product/rb1100ahx4 https://mikrotik.com/product/rb1100ahx4
I'm looking for something that is: - very stable - offer long term software updates (a support contract might be fine) - Has strong support for IPv4 NAT (to better the consumer routers mentioned above) for the three IPs we have onsite - maybe some L2 segmenting and vlan'ing support for traffic isolation - has performance to grow into - has a decent GUI UI for others in the club who can't / won't cope with a CLI - ACLs to limit incoming traffic to specific hosts (say limit RDP traffic to just some people to some hosts, etc) - maybe.. just maybe support SSL VPNs or IPSEC - maybe dual power supplies - stretch goal: native support for IPv6 - I have no need for dynamic routing protocols. This is a single site and statics are fine
For background on our needs, the site supports a multi-RF link repeater system has:
- two unique IRLP nodes (low use) - one Echolink node (low use) - one WIresX enabled Yaesu System Fusion repeater (decent use) - One three band Icom Dstar stack (1.2Ghz DD system as well) (decent use) - One Internet enabled Motorola DMR repeater (decent use) - backhaul of rarely used multi-county 3.4Ghz wifi network - other random needs for remote management (SSH, RDP, etc)
I believe something like a Miktrotik would be fine for our low-end needs but maybe something from Ubiquiti or others would be fine. I'm perfectly comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same point), etc. I personally think a lot of the lower tier vendor's products have come a LONG way so I don't need/want/care for "carrier" grade.
If you have any other recommendations for a quality but not too expensive router, I'd love to hear it!
--David KI6ZHD
You might consider one of the routers from PFW Hardware (http://www.pfwhardware.com/). I’m using their PFW200, which comes pre-loaded with OpnSense. The PFW200 seems to be no longer available, but you would probably want the PFW400 (four ports instead of three) or PFW800 (six ports). Rack mounting is available, if that’s important to you.
OpnSense is related to M0n0wall and PFSense, but most of the codebase has been rewritten to be more secure and maintainable. If you look on their website (OpnSense.org) the discuss their development philosophy, which I find impressive.
It has lots of features, and a nice GUI.
73,
Lynn. V31LK / N8AF
On Thu, May 10, 2018 at 10:23 PM David Ranch amprgw@trinnet.net wrote:
Hello Everyone,
Considering there is a good chunk of routing-savvy HAMs here, I thought I'd use you as a sounding board on what would be a good router to buy. Specifically, I have a project to consolidate the current adhoc setup of three consumer grade "routers" to one larger, better router. I'm considering something like a:
https://mikrotik.com/product/CCR1009-7G-1C-1Splus https://mikrotik.com/product/CCR1009-7G-1C-1Splus
or maybe https://mikrotik.com/product/rb1100ahx4 https://mikrotik.com/product/rb1100ahx4
I'm looking for something that is: - very stable - offer long term software updates (a support contract might be fine) - Has strong support for IPv4 NAT (to better the consumer routers mentioned above) for the three IPs we have onsite - maybe some L2 segmenting and vlan'ing support for traffic isolation - has performance to grow into - has a decent GUI UI for others in the club who can't / won't cope with a CLI - ACLs to limit incoming traffic to specific hosts (say limit RDP traffic to just some people to some hosts, etc) - maybe.. just maybe support SSL VPNs or IPSEC - maybe dual power supplies - stretch goal: native support for IPv6 - I have no need for dynamic routing protocols. This is a single site and statics are fine
For background on our needs, the site supports a multi-RF link repeater system has:
- two unique IRLP nodes (low use) - one Echolink node (low use) - one WIresX enabled Yaesu System Fusion repeater (decent use) - One three band Icom Dstar stack (1.2Ghz DD system as well) (decentuse) - One Internet enabled Motorola DMR repeater (decent use) - backhaul of rarely used multi-county 3.4Ghz wifi network - other random needs for remote management (SSH, RDP, etc)
I believe something like a Miktrotik would be fine for our low-end needs but maybe something from Ubiquiti or others would be fine. I'm perfectly comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same point), etc. I personally think a lot of the lower tier vendor's products have come a LONG way so I don't need/want/care for "carrier" grade.
If you have any other recommendations for a quality but not too expensive router, I'd love to hear it!
--David KI6ZHD
Hi David,
I use MikroTiks both at home and for work (our production Webservers and Database machines run through them).
Also I have a solution I will be documenting which will allow you to get route-able 44.x.x.x (AMPRnet) public IP addresses over VPN and have found an economical provider to do the BGP via a virtual host. Initial setup and testing is looking good. I hope to publish soon, though I have Hamvention and SeaPac coming up.
On Thu, May 10, 2018 at 9:23 PM, David Ranch amprgw@trinnet.net wrote:
Hello Everyone,
Considering there is a good chunk of routing-savvy HAMs here, I thought I'd use you as a sounding board on what would be a good router to buy. Specifically, I have a project to consolidate the current adhoc setup of three consumer grade "routers" to one larger, better router. I'm considering something like a:
https://mikrotik.com/product/CCR1009-7G-1C-1Splus < https://mikrotik.com/product/CCR1009-7G-1C-1Splus%3E
or maybe https://mikrotik.com/product/rb1100ahx4 < https://mikrotik.com/product/rb1100ahx4%3E
I'm looking for something that is:
- very stable
- offer long term software updates (a support contract might be fine)
- Has strong support for IPv4 NAT (to better the consumer routers
mentioned above) for the three IPs we have onsite
- maybe some L2 segmenting and vlan'ing support for traffic isolation
- has performance to grow into
- has a decent GUI UI for others in the club who can't / won't cope
with a CLI
- ACLs to limit incoming traffic to specific hosts (say limit RDP
traffic to just some people to some hosts, etc)
- maybe.. just maybe support SSL VPNs or IPSEC
- maybe dual power supplies
- stretch goal: native support for IPv6
- I have no need for dynamic routing protocols. This is a single site
and statics are fine
For background on our needs, the site supports a multi-RF link repeater system has:
- two unique IRLP nodes (low use)
- one Echolink node (low use)
- one WIresX enabled Yaesu System Fusion repeater (decent use)
- One three band Icom Dstar stack (1.2Ghz DD system as well) (decent
use)
- One Internet enabled Motorola DMR repeater (decent use)
- backhaul of rarely used multi-county 3.4Ghz wifi network
- other random needs for remote management (SSH, RDP, etc)
I believe something like a Miktrotik would be fine for our low-end needs but maybe something from Ubiquiti or others would be fine. I'm perfectly comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same point), etc. I personally think a lot of the lower tier vendor's products have come a LONG way so I don't need/want/care for "carrier" grade.
If you have any other recommendations for a quality but not too expensive router, I'd love to hear it!
--David KI6ZHD
Hi David,
I have used the RB1100AHx2 and currently have the CCR1009-7G-1C-1Splus.
The latter fulfills all your requirements, and so does the RB1100AHx4, without any issues regarding performance.
But unless you have a need for the SFP and SFP+ slots, I would rather recommend the RB1100AHx4 Dude Edition.
This one has an internal SSD disk, which allows you to run 2 applications which are problematic without it and which you may want to have.
- The Dude Server - which is a nice monitoring tool which needs storage space and is write intensive. It could be run on a SD card, but it fares better on the SSD
- The user manager, a light Radius implementation, which also works better on the SSD
The AHx4 Dude Edition also allows you to add additional storage via MII or SATA, which may come in handy, and supplementary allows a telecom power supply.
Marius, YO2LOJ
On 11.05.2018 07:23, David Ranch wrote:
Hello Everyone,
Considering there is a good chunk of routing-savvy HAMs here, I thought I'd use you as a sounding board on what would be a good router to buy. Specifically, I have a project to consolidate the current adhoc setup of three consumer grade "routers" to one larger, better router. I'm considering something like a:
https://mikrotik.com/product/CCR1009-7G-1C-1Splus https://mikrotik.com/product/CCR1009-7G-1C-1Splus
or maybe https://mikrotik.com/product/rb1100ahx4 https://mikrotik.com/product/rb1100ahx4
I'm looking for something that is: - very stable - offer long term software updates (a support contract might be fine) - Has strong support for IPv4 NAT (to better the consumer routers mentioned above) for the three IPs we have onsite - maybe some L2 segmenting and vlan'ing support for traffic isolation - has performance to grow into - has a decent GUI UI for others in the club who can't / won't cope with a CLI - ACLs to limit incoming traffic to specific hosts (say limit RDP traffic to just some people to some hosts, etc) - maybe.. just maybe support SSL VPNs or IPSEC - maybe dual power supplies - stretch goal: native support for IPv6 - I have no need for dynamic routing protocols. This is a single site and statics are fine
For background on our needs, the site supports a multi-RF link repeater system has:
- two unique IRLP nodes (low use) - one Echolink node (low use) - one WIresX enabled Yaesu System Fusion repeater (decent use) - One three band Icom Dstar stack (1.2Ghz DD system as well) (decent use) - One Internet enabled Motorola DMR repeater (decent use) - backhaul of rarely used multi-county 3.4Ghz wifi network - other random needs for remote management (SSH, RDP, etc)
I believe something like a Miktrotik would be fine for our low-end needs but maybe something from Ubiquiti or others would be fine. I'm perfectly comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same point), etc. I personally think a lot of the lower tier vendor's products have come a LONG way so I don't need/want/care for "carrier" grade.
If you have any other recommendations for a quality but not too expensive router, I'd love to hear it!
--David KI6ZHD
I would go with a small itx pc with dual gygabit nic and a 4 port pcie gygabit nic. that give you 6 nic in a box.
Run this under Openwrt, or opensense or pfsense. You could even run miKrotiK OS
you can have a small ssd in there and 4 gig of ram to be sure all is ok and this setup would be able to do all of your need and even more.
De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de David Ranch amprgw@trinnet.net Envoyé : 11 mai 2018 00:23 À : AMPRNet working group Objet : [44net] OT: Recommendations for a small to medium size router for a multi-purpose repeater site
Hello Everyone,
Considering there is a good chunk of routing-savvy HAMs here, I thought I'd use you as a sounding board on what would be a good router to buy. Specifically, I have a project to consolidate the current adhoc setup of three consumer grade "routers" to one larger, better router. I'm considering something like a:
https://mikrotik.com/product/CCR1009-7G-1C-1Splus [https://i.mt.lv/mtv2/fb_mikrotik.jpg]https://mikrotik.com/product/CCR1009-7G-1C-1Splus
MikroTik Routers and Wireless - Products: CCR1009-7G-1C-1S+https://mikrotik.com/product/CCR1009-7G-1C-1Splus mikrotik.com MikroTik Wireless systems, Switches, Ethernet routers, RouterBOARD products, Antennas and Accessories
https://mikrotik.com/product/CCR1009-7G-1C-1Splus
or maybe https://mikrotik.com/product/rb1100ahx4 https://mikrotik.com/product/rb1100ahx4
I'm looking for something that is: - very stable - offer long term software updates (a support contract might be fine) - Has strong support for IPv4 NAT (to better the consumer routers mentioned above) for the three IPs we have onsite - maybe some L2 segmenting and vlan'ing support for traffic isolation - has performance to grow into - has a decent GUI UI for others in the club who can't / won't cope with a CLI - ACLs to limit incoming traffic to specific hosts (say limit RDP traffic to just some people to some hosts, etc) - maybe.. just maybe support SSL VPNs or IPSEC - maybe dual power supplies - stretch goal: native support for IPv6 - I have no need for dynamic routing protocols. This is a single site and statics are fine
For background on our needs, the site supports a multi-RF link repeater system has:
- two unique IRLP nodes (low use) - one Echolink node (low use) - one WIresX enabled Yaesu System Fusion repeater (decent use) - One three band Icom Dstar stack (1.2Ghz DD system as well) (decent use) - One Internet enabled Motorola DMR repeater (decent use) - backhaul of rarely used multi-county 3.4Ghz wifi network - other random needs for remote management (SSH, RDP, etc)
I believe something like a Miktrotik would be fine for our low-end needs but maybe something from Ubiquiti or others would be fine. I'm perfectly comfortable with a CLI and I'm decently versed in Mikrotik (a bit weird of a UI), IOS (but I don't want to pay for Cisco prices, JUNOS (same point), etc. I personally think a lot of the lower tier vendor's products have come a LONG way so I don't need/want/care for "carrier" grade.
If you have any other recommendations for a quality but not too expensive router, I'd love to hear it!
--David KI6ZHD
I appreciate all the comments so far and please keep them coming if you have an opinion!
I would go with a small itx pc with dual gygabit nic and a 4 port pcie gygabit nic. that give you 6 nic in a box.
The issue I have with using a PC is most of these solutions DON'T support any sort of L2 switching in an ASIC. Sure, they can do this in software bridging code but this is not optimal. Then it comes down to more purpose built , hardened hardware. I can try to buy some industrial PC cases, etc but it gets WAY more expensive in a hurry when you go that route. I've done it many times in the past but since I have to build something that might have to hand over to someone else one day, I think it would be best to be a little more mainstream.
Run this under Openwrt, or opensense or pfsense. You could even run miKrotiK OS
I DO like the concept of running OpenWRT as the availability of getting updated binaries should be a lot longer. The thing I worry about is the slow demise of OpenWRT like what we all saw with say DD-WRT, Tomatoe, etc. DD-WRT is still "kinda" around in the beta releases but it sure seems like it's on "failing life support". Mikrotik seems to have a strong feature set with more commercial support. I'm willing to pay for if it's worth it. It sure seems like Ubiquiti has been coming up with available routers, etc. too from their Wifi roots but no one here has advocated for them. That's ok as there has to be like 30+ router vendors out there. I just need one. :-)
you can have a small ssd in there and 4 gig of ram to be sure all is ok and this setup would be able to do all of your need and even more.
One thing I'm unclear on with Mikrotik is their different generations of hardware. I DO want to make sure I get the newer generation so, in theory, I get the longer supported OS support. Does anyone know if the CCR1009-7G-1C-1Splus is a new generation of hardware or is it older? Regarding buying a box that can run "The Dude" on an internal SSD, do Wifi, or other stuff on the side. That was something I was planning on running on a separate machine with say TICK, Zabbix, etc. Not sure but I seriously worry if something goes south in that system, can it harm the router. That's NOT acceptable in my book.
Finally, Pete M brought up the topic I was waiting for: security quality of code. Mikrotik has had some bad vulnerabilities recently that morphed into at least two different worms. I also know that no company is perfect. In these two examples, anyone intentionally exposing a device's admin interface to the raw Internet is seriously asking for it. That's REGARDLESS of who manufacture's the device. That won't happen in this installation but I would like to confirm that most people have been happy with Mikrotik or other proposed vendor's hardware and software otherwise.
I also know that some people use firewalls as their primary router. Juniper's SRX300 line is their new hardware gen but it costs $1000 which is exorbitant for us. I imagine similar products from Fortinet, Palo Alto, etc. are similarly priced though say a Cisco ASA5506 is cheaper. Yes, I can get used but then I won't get the support or updated code but I also then worry about some vendor's support for IPIP, etc. I'm really just needing a quality router.
--David KI6ZHD
-
David Ranch -
K7VE - John -
Lynn Grant -
Marius Petrescu -
pete M