Router that meet my needs ?

[chrisbati]

Hello,

I have to change my router and I'm looking for a router that meets my needs.
If information is available in the specs of the routers nothing better than users feedbacks !

My requirements:

- Top class Wifi (wifi 6, mega bandwidth, mega coverage)

- Robust in terms of bandwidth management in general (I have 2 servers to stream 4k, teens who are permanently online to play, download, watch 4k content via the web, ...)

- Simple, ergonomic and evident parental control: to block a device, to be able to set a time limit on a device, to be able to define precise time slots (planing for a device)

- Dual wan as simply as possible or with tutorials for newbie available . I have two modem cables so two separate internet connections and I would like to take advantage of efficient load balancing.

Thank you in advance for your opinions and advice!

Chrisbati

 

[Trip]

Trying to find all of the above in a single product, let alone one that's both user-friendly and reliable, is going to tough (at the very least). This is mainly because truly competent dual-WAN is usually only found in wired firewalls, truly reliable pre-draft AX ("Wifi 6") really only exists in certain access points and a small handful of consumer products, and parental controls that are both easy to operate but still fully-featured enough are just plain difficult to find, period. Add to all that the fact you said "mega bandwidth, mega coverage", which, depending on the size of your place, may best best fulfilled by a distributed wifi setup, utilizing multiple mesh nodes or wireless access points ("APs") to provide cleaner, lower dB signal to your endpoints (versus a single all-in-one).

The only single consumer product (or product series) I can think of that may stand a chance of fulfilling all your needs is Asus AiMesh hardware running Merlin firmware (plus scripts to bring in dual-WAN, extra filtering, additional QoS and reliability). Users like @L&LD and many on the Asus sub-forums can help you get all that configured. Hardware-wise, you'd start out with something like an RT-AX88U, and potentially bring in a second (or third) unit (like an RT-AX58U) to server as an additional wifi node(s). That will give you just about the most approachable single-vendor solution available in a consumer product that ticks hopefully all the boxes for you. Still, AiMesh is a work-in-progress and even with Merlin + scripts, the functionality and dual-WAN stability may not be there.

If you can forgo the dual-WAN idea and can fall back to AC wifi for now (there really aren't that many concessions to be made right now in real life), I would take a look at Gryphon, which is probably the best turn-key, distributed wifi capable parental control network product out at the moment.

If either or both of those fall short and you still need more feature depth and/or reliability, then you're probably going to have to run a combo of highly-configurable discrete components (ie. a wired router/firewall to handle dual-WAN, policy and schedule-based access control and proper QoS, combined with separate wifi, either a consumer all-in-one or whole-house "mesh" running in AP/bridge mode, or controller-based APs. I'm talking about the likes of a pfSense or Untangle firewall, combined with an Asus all-in-one or Eero in bridge mode, or better yet, a scalable, wire-first AP product like Ubiquiti UniFi or TP-Link Omada, which would give you full VLAN support (to segment your network properly) and PoE (to send data and power over a single cable to remote devices, very nice for proper placement of APs). The community firewall and small-business class of gear will require some technical buy-in and willingness to learn, but they will ultimately reward you with a level of out-of-the-box capability and reliability that you just won't find in almost any consumer product. The limit at this level will usually be your knowledge, less so the devices themselves.

So those are basically your options. Happy to guide you further in any direction, and I'm sure others will chime in, too.

 

[chrisbati]

@Trip , I didn't expected a so complete and detailed answer, thanks a lot !!!

So you learn me about a lot (probably too much for my knowledge , as you have may understood I'm so a newbie in network) of network information.

So now, If you allow, I have more question
Until now, I only know brand like Asus, Netgear, Tplink, Cisco... never heard about Ubiquity (don't laugh !)
My first choice was an Asus gt-ax11000.

Let's take the problem one by one, I'm really interested in your proposition to split all the requirements in mutliple devices, so first, the router (let's put apart the wifi for now). I was looking at some models and spot the Ubiquity ER4 or ER6p (with POE) or even the ERpro8.

• Those routers have no internal switch, so my understanding is that I cannot use the ethernet port for one same newtork and I have to use a switch plugged in the router to plug all my wired connection of the same network ? (basically I can not use an other eth port to plug more device on my network).
• So with this kind of router, I have all the "power" I need for my network, I assume it can manage a lot of traffic and overall my kids will not be angry because of some lags in their online games
• I assume that I can plug both my cable modem for dual wan (load balancing, failover) ?
• Parental control: I also assume that there's no parental control at this level and It will be on the switch or is it possible to have advanced parental control on the router (blocking a device, number of hours allowed, weekly planning for allowed hours,...)

Also, I don't know If some brand are not "mixable" but I already have those devices in my network infra:

- 2 modem cables
- 1 router Netgear WNDR3700 (also used as switch); this is the one I want to replace
- 1 switch Netgear GS716T-300EUS
- 2 switch Netgear GS108V3
- 1 switch Netgear Nighthawk S8000
- 1 Repeater Netgear EX8000
- 1 Repeater Asus Rp-AC68U

Thanks in advance for your help and advices.

Chrisbati

 

[Trip]

So, first off, I feel obligated to say that as appealing as the advanced firewall route may sound, it is going to take some serious work and learning on your part, and I don't want to discourage you from trying, but I also don't want to send you down the wrong path for your needs if a much more turn-key setup will suffice.

A simpler solution I forgot to mention is running something like Gryphon or Asus+Merlin+scripts setup behind a friendly but reliable dual-WAN router, like a Peplink Balance One Core, with the Peplink set into what's called Drop-In Mode (the Peplink would handle dual-WAN load-balance and fail-over automatically and -- this is key -- transparently pass traffic between both internet connections to router behind it without any network address translation ("NAT") whatsoever, so you could avoid Double-NAT, which complicates and sometimes breaks internet-related services). This type of approach would give you the best of all worlds -- scalable wifi (optionally Wifi 6 w/ Asus), some level of turn-key parental controls, and dual-WAN that actually works (and truse me, dual-WAN even on custom firmwares or certain "faux" dual-WAN products is a far cry from the likes of Peplink).

If the above approach for some reason leaves you wanting more, and you really do want to go with a community/corporate firewall, I'd urge you to take your time and plan a phased roll-out. It's going to take a fair bit of learning on your part to get it configured properly (like, probably weeks of casual learning and trial-and-error). To start with, I would leave your current home network intact, and work at setting up the firewall in a "lab" test environment, gradually getting to know the product and building out your configuration, testing as you go with a few devices acting as your kids' endpoints, your endpoints, IoT, guest access, etc. That way, you can shore up your config and be competent on the product before you go live with it in your home network.

For the firewall platform, while Ubiquiti EdgeRouters and UniFi gateways are nice, they're not the right choice here: neither EdgeOS nor UniFiOS will have the level of access control required to give you the level of parental controls you're looknig for, nor would they be "point-and-click" (you'd have to delve into the command line). Instead, I would look at Untangle or pfSense pre-built appliances (an Untangle z4 or Netgate SG-3100), which will have the features you need and expose all of them in the web GUI; additionally, they're more well-documented and they both offer vendor-direct support that, while fairly expensive, would allow you to implement your setup the right way, the first time, should you want to pay for the privilege of skipping all (most) of the headaches. Not really the case with Ubiquiti (slow email support, user forums and a partially-completed knowledge-base), Mikrotik or any similar "cheap" multi-WAN router vendor.

Now to answer your bullet-points specifically:

• Switching on a router/firewall - You can use multiple ports for switching, certainly, but unless it comes with a hardware switch chip built-in (to offload switching at line-rate speeds -- example: Ubiquiti ER-X or most any home all-in-one router), you'll have to software-bridge the ports into the same subnet (example: Ubiquiti ER-4), which can/will throttle the overall throughput severely, and is generally not recommended. Besides, as I said earlier, if you're thinking of a discrete wired firewall, it's probably best to run a discrete core switch (ideally a managed switch) to offload the responsibility from the router/firewall entirely, and since you already have a GS716Tv3, you can make that your core switch with no additional spend (for now, anyways).
• "Power" - Yes, the firewall OS and hardware I'm thinking of will be able to handle tens of thousands of sessions and hundreds of Mb/s without breaking a sweat -- plenty of horsepower for all the gaming, streaming and general traffic flow for your entire network, without any users having any issues at any time.
• Dual-WAN - Yes, you'll be able to configure two WAN ports easily on any firewall OS / hardware I propose.
• Parental Control - This is just a friendly name for having a pre-made, automatic ability to do the things that you can accomplish with most higher-end firewalls; it's just that with the latter you have to build it out manually, as opposed to having nice pre-created templates and point-and-click shortcuts already laid out for you (which is what you get with the likes of Circle for Disney or Gryphon... except that they cannot be customized beyond a certain level). So yes, parental control is very much doable, but again, you'd have to learn how to create and use network objects, object groups, zones, rules and policies to create the equivalent "parental controls" yourself. Most SNB'ers would cry bloody murder at that, and I get why, I really do (because it shouldn't have to be that hard in 2020...) but unless Asus+Merlin+scripts or those parental products suffice, this is the kind of stuff you're simply going to have to learn in order to make the same levels of control happen for you with a product like pfSense, Untangle or a corporate product like a Fortinet FortiGate.

That was a lot to digest, I know. Take you time with your reply. Happy to help further.

 

[chrisbati]

@Trip , thanks again, complete response with all possible impacts !
So, it was indeed a lot to digest

Even if some parts were not "digestible" for me, your analyse make me realize the way I have to choose ==> Even If I can learn a little, I'm more a "common" end user, so plug&play has to be one of my first requirements, particularly in networks matters.

So, in my pot of view, two possibilities:

- the simple one: Asus GT AX11000, but I'm afraid of dual wan reliability

- the less simple one (in my point of view ): separate dual wan device + Asus GT Ax11000

I'm very enthusiastic with your proposition to have the best of the two worlds but the Peplink Balance One Core price tag is too high for me, overall because I have to buy the Asus router with it.
Is it possible to find a device, more affordable, only for managing the dual wan and the Asus will take the hand for managing all the other stuff ?
I looked for some models and Ubiquiti has some affordable model, but maybe other brand also.

Going with a consumer product (asus) let me with one requirement: reliable dual wan (also afordable and also able to manage and give me all the speed of my two cable modem).

Thanks in advance for your help and advices.

Chrisbati

 

[K-2SO]

There is no simple way to achieve what you want. You'll be disappointed by the difference between marketing and reality with AIO routers. The only way to go is a separate router with proven dual-WAN capabilities and multiple access points. Better quality components, better coverage, better bandwidth, better management, easier upgrades. GT-AX11000 is a ToysRUs item, Star Wars fans section.

 

[Trip]

There are more affordable dual-wan options, yes, but as I said, in order to drop price you're going to have to trade a certain amount of ease-of-use and/or overall quality. Two you might want to check out that are still somewhat user-friendly are the Cisco RV series (namely the RV340) and Draytek Vigor (2915 or 2926), either of which may be a bit cheaper in multiple markets. I would stay clear from any TP-Link and Linksys multi-WAN products. And there is still Ubiquiti ER, Mikrotik RB/CCR or x86 PC hardware running pfSense, Untangle, etc., but that route won't be much cheaper and will be much more technical to setup, especially Mikrotik.

Moving forward, you could certainly give the GT-AX11000 a shot all on its own (and have it handle dual-WAN as well), but do note there is no Merlin firmware for that model (and likely never will be), so you're hanging all the stability and maturity on Asus themselves (and if other models are any indication, that may be a dice roll, at best). If you do buy it, I would plan on trying to implement all items on it right away, so if you need to return it, you still have a window in which to do so.

Another thing to consider is just going back to a single WAN connection. I'm not sure about you're particular circumstances, but the true necessity for multiple WANs is growing ever more scarce these days. I would hope you at least have two separate ISPs, and are not just leasing a second line from the same ISP, as the latter usually won't give you anywhere near the redundancy of having two WANs from different providers.

 

[coxhaus]

Dual WAN has died off because gig internet is so fast that it fulfills all home owners needs. The Cisco RV340 will work with dual WAN well the problem is it is not a multi-gig internet router. It supports failover and load balancing different ways. The real nice thing that the Cisco RV340 supports in terms of dual WAN is you can use a cell for WAN failover so you don't have to pay for 2 active internet lines if that is what you are chasing. You can use a gig internet for the main line and use a cell as a failover to keep you online.

The GT-AX11000 router is very expensive like $449 at B&H. IT is going to be outdated in a year or so when Wi-Fi 6e comes out. It does not seem like a good solution. If you go separates then you only need to replace the wireless AP which will be much cheaper. The resale for all-in-one routers is going to be nothing as there is going to be so many for resale. The good stable wireless APs will have a better resale value than the routers.

 

[chrisbati]

@Trip , going back to single wan connection is where I'm today and the main reason I want to change my setup.

I have two cable connections, from the same ISP. It's not a choice of mine, me and my wife have company package with Internet connection, each of us, so I have two separate connections from the same ISP.

And sometimes I unplug one from my router to plug the other, but it's useless.

What I want is to have the benefit of these two internet connections (both with unlimited traffic) in term of speed and bandwidth and not struggling anymore because everybody at home use the internet connection with heavy activities.

Thinking about that, I think I can live with my actual setup (router, switch, repeater, not perfect parental control) but what I want the most is the benefit of my two connections.

So, the best option is maybe going with peplink added to my setup?

One other (again) question I have is what is "router throughput" is it the max bandwidth it can handle ?
So Peplink One Core is max 600Mbps, is it enough ?

My two internet connections are 125Mbps (down) each but in a couple of month I will get about 400Mbps each.

Thanks in advance for your help and advices.

Chrisbati

 

[K-2SO]

My two internet connections are 125Mbps (down) each but in a couple of month I will get about 400Mbps each.

Go for a single 400Mbps connection. Dual-WAN doesn't mean combined speed of two connections.

 

[chrisbati]

Go for a single 400Mbps connection. Dual-WAN doesn't mean combined speed of two connections.

Ok but I will still have the second internet connection.
By the way, If my first connection si full (no more bandwith because of traffic, so actually 125mbps full used), dual wan doesn't help and redirect the needs to second connection (and so, more bandwidth available) ?

 

[Trip]

A single 125Mb line should be more than enough for a small household, provided you use a router with SQM-based QoS to prevent bufferbloat, which requires a router firmware with a fairness queuing algorithm built into its QoS, and without Merlin the AX11000 is NOT what you'd want.

I would highly recommend an Asus RT-AX88U running Merlin (forget the second 5Ghz radio; it will make less of an impact that you think in your scenario). Set that up with fq_codel as your qdisc (Google or search here for how to do that), then get further help in the Asus sub-forums to accomplish what you want as far as parental controls go. You should be able to accomplish most of what you want via that route.

You may feel like it's a waste to leave the second WAN un-utilized, but in your case it's more hassle and expense that it would be worth, especially since it's just a duplicate line from the same ISP (with probably the same exact upstream infrastructure... thus no real redundancy at all beyond the house). I would leave it be, honestly.

 

[coxhaus]

Where are you going to get 400Mb down on a cable connection? What is your up bandwidth? I would think the RV340 router could handle it.

 

[Trip]

Where are you going to get 400Mb down on a cable connection?

My two internet connections are 125Mbps (down) each but in a couple of month I will get about 400Mbps each.