Is an Edge Router Lite (ERL) a good idea for Gigabit Internet service?

[DanH]

So buying a edge router lite was not a good idea for upgrading to gigabit speed internet?

 

[System Error Message]

So buying a edge router lite was not a good idea for upgrading to gigabit speed internet?

that would be correct. The limitations of hardware NAT show during extreme use. Also if used with PPPOE you will not get gigabit speeds. Essentially the ERL's hardware NAT speed is the same as other router's hardware NAT speeds too. The ERPRO however is much faster with hardware NAT from the 2x faster CPU from the ERL. But if you dont need PPPOE or some sort of overhead than the ERL can do gigabit with hardware NAT.

I just got my final addition to my cluster today. I can get the test going this weekend, could even stream it too but i suspect the whole session would take a few hours.

 

[DanH]

that would be correct. The limitations of hardware NAT show during extreme use. Also if used with PPPOE you will not get gigabit speeds. Essentially the ERL's hardware NAT speed is the same as other router's hardware NAT speeds too. The ERPRO however is much faster with hardware NAT from the 2x faster CPU from the ERL. But if you dont need PPPOE or some sort of overhead than the ERL can do gigabit with hardware NAT.

I just got my final addition to my cluster today. I can get the test going this weekend, could even stream it too but i suspect the whole session would take a few hours.

Well, maybe you can give me some advice. It will be AT&T gigapower to some router (currently have a ERL coming today) to a netgear prosafe gs108t switch out to TV,Roku, PS4, gaming PC, and a Orbi as an AP. I don't want to do anything fancy, just max my connection when downloading. I would like a router in the sub$200 range. Any suggestions? If I have to I will go the Erpro, but would like to save money. Even would like to stay with the ERL if it is fast enough with hardware offload for my needs.

 

[netwrks]

Well, maybe you can give me some advice. It will be AT&T gigapower to some router (currently have a ERL coming today) to a netgear prosafe gs108t switch out to TV,Roku, PS4, gaming PC, and a Orbi as an AP. I don't want to do anything fancy, just max my connection when downloading. I would like a router in the sub$200 range. Any suggestions? If I have to I will go the Erpro, but would like to save money. Even would like to stay with the ERL if it is fast enough with hardware offload for my needs.

Not sure how convoluted the ATT GigaPower set up is.. If you have all the set top boxes, etc, it may make more sense to just set up the Orbi in Access Point mode, plug into the AT&T router, and go from there.. If it's a straight forward set up, (can bridge AT&T modem or set up as transparent) and the ERL doesn't work out, which I think it will, consider purchasing the Ubiquity ERX or ERX-SFP. (faster CPU than ERL but less RAM and less expensive!)

If you check the Ubiquity Forum user's are running gig service on the ERX. (in the 900's Mbps). I currently have 3 ERX-SFP's (but only 250mb service), it doesn't even break a sweat..

 

[System Error Message]

Well, maybe you can give me some advice. It will be AT&T gigapower to some router (currently have a ERL coming today) to a netgear prosafe gs108t switch out to TV,Roku, PS4, gaming PC, and a Orbi as an AP. I don't want to do anything fancy, just max my connection when downloading. I would like a router in the sub$200 range. Any suggestions? If I have to I will go the Erpro, but would like to save money. Even would like to stay with the ERL if it is fast enough with hardware offload for my needs.

The ERL will do gigabit with hardware NAT if theres no PPPOE or such involved. If its as simple as plugging into the modem and not using PPPOE than you will get gigabit speeds, otherwise expect to get around 700-800Mb/s with hardware offload.

While the ERPRO is faster the mikrotik CCR1009 is much better for the price (even if it costs more) as its capable of handling 5Gb/s of NAT without any hardware acceleration and is very fast for vpn to it'd take less of a hit for PPPOE and still do multi gigabit with it.

If you currently have the ERL use it first, if its not fast enough than upgrade. If you are looking to buy one there are many around to choose from.

 

[kvic]

So buying a edge router lite was not a good idea for upgrading to gigabit speed internet?

ERL is more than sufficient for your use case.

Long time users of edgerouters said the performance of USG doesn't reflect the 'clean and lean' state in Edgerouters. For the benefit of doubt, let's not assume ERL will stand poorly in the Ars test even though it shares the same HW as in USG. ERL was never contested in the test.

 

[DanH]

Thanks guys, I am pretty much running it (ERL-3) using the basic setup from the wizard. Has 1 wan, and 1 lan (no bridge). Has a few firewall rules, and that is about it. Fiber is still being ran, so I am currently on cable at 350/25, and it is running fine so far. I don't really know a whole lot about networking, so the wizards were nice, saved me typing...

The only real issue I had was it did not want to upgrade from the initial firmware (1.2) via the web interface and a local file. It kept giving an error after it loaded (reading looked like a lot of people had that issue). Took me good bit to work around that. I ended up loading an old config from the very old tutorial here, rebooted it, then I was able to get online and update it via the CLI. Updated to 1.9, ran the wizard, and I was off to the races. I now have the ERL-3 going to a netgear 108gst108v2 switch, and a Orbi as a AP. All the stuff wired up is running great, and the whole house has wifi at full strength with no dead spots. So far very happy. Next month I guess I will know if it can handle the 1000/1000 fiber. Really, would like to say thank you to the people here though.

 

[kvic]

1000/1000 is like eating a piece of cake for ERL, even at full-duplex. Remember to check and enable various HW acceleration (which are the crown jewels of the Cavium SoC):

ubnt@ubnt:~$ show ubnt offload
IP offload module : loaded
IPv4
forwarding: disabled
vlan : disabled
pppoe : disabled
IPv6
forwarding: disabled
vlan : disabled
pppoe : disabled​

 

[DanH]

1000/1000 is like eating a piece of cake for ERL, even at full-duplex. Remember to check and enable various HW acceleration (which are the crown jewels of the Cavium SoC):

ubnt@ubnt:~$ show ubnt offload
IP offload module : loaded
IPv4
forwarding: disabled
vlan : disabled
pppoe : disabled
IPv6
forwarding: disabled
vlan : disabled
pppoe : disabled​

I have uPNP enabled so forwarding is showing enabled on mine, I assume that shouldn't slow anything down right?

 

[kvic]

I have uPNP enabled so forwarding is showing enabled on mine, I assume that shouldn't slow anything down right?

That's perfectly fine. When showing "enabled" means HW acceleration for that category is turned on. That's a good thing. For example, if your Internet is provisioned over PPPOE, you can enable HW acceleration for PPPOE that will speed things up to a point where any processing overhead is rendered negligible.

Talking about uPNP. There are two uPNP "services" in EdgeOS. The old one "upnp" and the newer one "upnp2". Generally I would think people would prefer "upnp2" unless you have very old and legacy devices at home. It's more secure and robust. It's the same miniupnp binary under the hood for both. But I'm surprised to see EdgeOS integrates and manages it so well. For any self-respecting FW developers complaining about UPNP, perhaps it's time to look around and learn a thing

Btw, to check if you have pinholes open, you can

ubnt@ubnt:~ $ show upnp2 rules
Firewall pin holes
pkts bytes target prot opt in out source destination

NAT port forwards
pkts bytes target prot opt in out source destination

 

[netwrks]

I have uPNP enabled so forwarding is showing enabled on mine, I assume that shouldn't slow anything down right?

UPNP shouldn't but consider using port forwarding, instead od UPNP.

 

[kvic]

UPNP shouldn't but consider using port forwarding, instead od UPNP.

"UPNP" was supposed to be a better technology than static port forwarding. But so many things went wrong in the past and gained bad reputation. Your advice isn't unheard of. It's repeated like a parrot even on this forum..

Sorry, no disrespect here. But people with EdgeOS shall try the "upnp2" service. It enlightened me with the latest state on upnp.

 

[thiggins]

Sorry, no disrespect here. But people with EdgeOS shall try the "upnp2" service. It enlightened me with the latest state on upnp.

So please enlighten us with how UPNP2 is better and has addressed the security problems that UPNP has.

 

[DanH]

That's perfectly fine. When showing "enabled" means HW acceleration for that category is turned on. That's a good thing. For example, if your Internet is provisioned over PPPOE, you can enable HW acceleration for PPPOE that will speed things up to a point where any processing overhead is rendered negligible.

Talking about uPNP. There are two uPNP "services" in EdgeOS. The old one "upnp" and the newer one "upnp2". Generally I would think people would prefer "upnp2" unless you have very old and legacy devices at home. It's more secure and robust. It's the same miniupnp binary under the hood for both. But I'm surprised to see EdgeOS integrates and manages it so well. For any self-respecting FW developers complaining about UPNP, perhaps it's time to look around and learn a thing

Btw, to check if you have pinholes open, you can

ubnt@ubnt:~ $ show upnp2 rules
Firewall pin holes
pkts bytes target prot opt in out source destination

NAT port forwards
pkts bytes target prot opt in out source destination

this look right?

upnp2 {
listen-on eth1
wan eth0
nat-pmp enable
secure-mode enable
}

 

[kvic]

"upnp2" is a service name in EdgeOS that in short describes UBNT's second attempt in integrating UPNP functionality. Under the hood, it's the same miniupnpd that's ubiquitously integrated in open-source based router FW. Seems to me a good integrator is still able to differentiate from less capable ones.

DanH, that's about right. "Secure-mode" here means a client can only request to open a pin hole for itself. You can also look into adding more stringent rules e.g. who can open what port as well as a default rule to deny everything else.

 

[Nullity]

So please enlighten us with how UPNP2 is better and has addressed the security problems that UPNP has.

Respectfully, I agree with your question (and partly with the phrasing), but I think you (especially as a power-figure) should avoid derogatory & flippant phrases like "please enlighten us" when addressing remarkably helpful people like kvic.

 

[thiggins]

Respectfully, I agree with your question (and partly with the phrasing), but I think you (especially as a power-figure) should avoid derogatory & flippant phrases like "please enlighten us" when addressing remarkably helpful people like kvic.

If "please enlighten us" offends you, then you better get off the internet. I was being polite, not flippant.

 

[thiggins]

"upnp2" is a service name in EdgeOS that in short describes UBNT's second attempt in integrating UPNP functionality. Under the hood, it's the same miniupnpd that's ubiquitously integrated in open-source based router FW. Seems to me a good integrator is still able to differentiate from less capable ones.

So UPnP2 is not a new version of the standard. I don't understand why it doesn't have the same problems as UPnP.

 

[sfx2000]

So UPnP2 is not a new version of the standard. I don't understand why it doesn't have the same problems as UPnP.

Different ruleset for the firewall maybe?

 

[thiggins]

Different ruleset for the firewall maybe?

The problems with many implentations of UPnP NAT Traversal are:

• User can't see opened ports
• Ports are left open indefinitely or for many minutes
• User can't control how long ports are opened
• User can't control which applications use UPnP

I think this goes beyond firewall rulesets.