Well, I guess our next router will be a more local purchase then
Other than one "failure" (fixed with a reset and restore) I've been very happy with the Draytek 2950 we're using. It's been quite some time that I've reported in here on the product, but here's are the standout features that I'd be loath to give up, as well as a complaint or two.
1. Smartmonitor! Once users appreciate that web traffic etc. is monitored, and a few filters added...abuse virtually disappears. It really does give you complete reporting in terms of anything happening via the WAN connections.
2. Load balancing in our situation really doesn't work effectively. Most web apps, interfaces etc. don't like IP address changes mid-flight, which means for most users, load balancing rules are required. That said, after many months of tweaking, we've managed to arrive at a set of rules that take advantage of both WAN connection advantages. For redundancy, we use two different ISPs which means asymetric upload/download, something we've used to tune performance depending on traffic.
3. The bandwidth reporting functions in the router admin interface make tuning (see above) very clinical.
4. VPN. In particular using SHREW with XP, Vista 64 or Windows7 64 performance has been excellent. The fact that a VPN profile works with iPhone is very handy, particularly when travelling. Both VOIP and RDP work extremely well on the iPhone 3Gs when connected to the Draytek via the iPhone VPN function.
My only complaint really is that with regard to QOS, the router can't do layer 3, as apparently this would require faster hardware. Skype in particular seems to be a slippery application to tune in terms of QOS for this and a few other reasons. You can priorize traffic from IP addresses, but this is akin to pigeon hunting wtih a cannon.
One thing that I would throw in here based on observations of the Netgear FVS336G and Draytek 2950 Dual WAN routers that I've personally tested. Throwing a dual WAN router in to a system is not a magic bullet by any stretch, although sometimes the
marketing hype would suggest this. Once installing one, (and you should buy two if you really want redundance!) expect to spend a few weeks, (then regularly checking), logs/graphs etc. and talking to your users until you get it right. By "right" I mean tweaking load balance rules (and their order) to maximize performance for both users and network devices. Draytek's admin interface does work quite well in terms of stacking the load balance rules for both WAN interfaces. By no means did it happen automatically though! In our case, ISP1 has twice the upstream bandwith of ISP2, however, however ISP2 has 5 times better downstream bandwidth! This means that the interface connected to WAN1 and WAN2 is important as it relates to your rule sets. WAN1 in an auto load balancing session will take all traffic until it's maxed, then the router sends traffic to WAN2. This is fine, but you may want all your web traffic to go to WAN2..and guess what, this might not work either as just sending port 80 traffic to WAN2 will do wierd things...like make iPhone app updates impossible via itunes. Why? iTunes needs more than port 80 to work and it will reject multiple IPs associated with different ports (which would happen if say 443 is going to WAN1 and port 80 to WAN2). Another stinker relates to client sessions maintained by web servers...they will drop a session typically from a client if a new IP shows up...typical of load balancing. The point of all this is that tuning network performance will take some time, and you'll be scratching your head a few times along the way.
Blair, your blog makes for some interesting reading
http://blog.interlockit.com/
Cheers,
