Router is too powerful??

[PenguinMaster]

I have a Dell PowerEdge r210 II with an Intel Xeon E3-1240 v2, 8GB ECC RAM, and a 120GB SSD in it. I have PfSense installed as the OS. I find that for me (a home power user) it has way to many features and it’s overwhelming, in addition I never see the cpu usage go over 5% so I feel like I’m wasting power and not taking advantage of the server. The only actual thing I need to change on my router is the DNS servers because I prefer cloud flare and the QoS because we had looked into switching to VoIP in the future for our phones. I had the idea of switching to a Ubiquiti USG or a USG-Pro but I saw that the maximum throughput is really low when you enable things like IDS or IPS (see photo), and we have an internet connection that is 200Mb/s so the USG would throttle the connection. We had considered switching to Verizon and they have a 1Gb/s connection speed, so future proofing would also be appreciated. Do I need to enable these features or would either of these routers work, or would I need something like a Dream Machine? 

[Windows7ge]

It's an old CPU but for home use it's still more power than what you'll find in most modern consumer routers. My only concern would be how much power it draws. Old LGA1155 hardware wasn't the most efficient.

 

I cannot comment on the overhead caused by VLANs. Some people here will definitely have an answer for you though on that.

 

If you have the technological know-how to setup PFsense to do what you need it should handle a 1Gig connection fine and your VLANs. It does seem to have some trouble with routing 10Gig though. If you ever plan to go that far down the road.

[PenguinMaster]

4 hours ago, Windows7ge said:

It's an old CPU but for home use it's still more power than what you'll find in most modern consumer routers. My only concern would be how much power it draws. Old LGA1155 hardware wasn't the most efficient.

 

I cannot comment on the overhead caused by VLANs. Some people here will definitely have an answer for you though on that.

 

If you have the technological know-how to setup PFsense to do what you need it should handle a 1Gig connection fine and your VLANs. It does seem to have some trouble with routing 10Gig though. If you ever plan to go that far down the road.

I just saw on eBay that there are lots of good deals for ubiquiti EdgeRouters, which I know will probably also have lots of features I won’t use but I would expect the power usage to be lower and there is also a mobile app. Would you recommend?

[Windows7ge]

3 minutes ago, Chickenfans said:

I just saw on eBay that there are lots of good deals for ubiquiti EdgeRouters, which I know will probably also have lots of features I won’t use but I would expect the power usage to be lower and there is also a mobile app. Would you recommend?

I like Ubiquiti as a prosumer company for good high-end networking equipment without going full-enterprise with price-tags to match but for your use case here if you need IPS or IDS I'd have to look at the performance metrics too to tell you if a Ubiquiti EdgeRouter can do the speeds you need. I don't know it off the top of my head but if all you needed was VLANs and if you could get it for the right price then yeah I'd go for it.

[Falcon1986]

@Chickenfans

 

Most people do not need IDS or IPS even if you're being extra paranoid about internet security. A good firewall should be enough.

 

If you do need it, however, you should realize that enabling these features puts extra load on the network device's CPU. In the case of Ubiquiti's USG (and any of it's other UniFi gear that can act as a gateway or firewall/router), you're diverting CPU resources from general firewall/routing tasks to also take on the more intense roles of IDS or IPS, which will slow down network performance altogether. While the feature is available in the UniFi controller, you don't have to use it. In my opinion, if you absolutely need IDS or IPS, your current pfSense machine might do a way better job than a USG!

 

I can't say with full confidence that I've seen IDS or IPS in Ubiquiti's EdgeRouter series (a different line than UniFi). That doesn't mean that the feature isn't there; it just means that it might be something you have to activate through the CLI, which is what makes this line of Ubiquiti products unique to UniFi. If the feature is available, it might be worth it to see if hardware offloading helps (activated/deactivated through the CLI).

[PenguinMaster]

On 8/6/2020 at 8:49 AM, Falcon1986 said:

@Chickenfans

 

Most people do not need IDS or IPS even if you're being extra paranoid about internet security. A good firewall should be enough.

 

If you do need it, however, you should realize that enabling these features puts extra load on the network device's CPU. In the case of Ubiquiti's USG (and any of it's other UniFi gear that can act as a gateway or firewall/router), you're diverting CPU resources from general firewall/routing tasks to also take on the more intense roles of IDS or IPS, which will slow down network performance altogether. While the feature is available in the UniFi controller, you don't have to use it. In my opinion, if you absolutely need IDS or IPS, your current pfSense machine might do a way better job than a USG!

 

I can't say with full confidence that I've seen IDS or IPS in Ubiquiti's EdgeRouter series (a different line than UniFi). That doesn't mean that the feature isn't there; it just means that it might be something you have to activate through the CLI, which is what makes this line of Ubiquiti products unique to UniFi. If the feature is available, it might be worth it to see if hardware offloading helps (activated/deactivated through the CLI).

Ok, I will look into all the Ubiquiti options before I make my decision then. Thanks!

[PenguinMaster]

@Falcon1986 @Windows7ge

 

I found that the Ubiquiti EdgeRouter 12 is the best option for me. Thanks for the input everyone!

[Windows7ge]

I think this is going to be worth mentioning for future projects. One of the reasons Ubiquiti has very advanced features at a much lower price than the likes of CISCO is because of things like using much weaker CPU's. Most people don't need the power but when you want to do a lot of analysis on network packets a stronger CPU is definitely a necessity at higher speeds and this is when something like pfSense would be your least expensive option.

 

But as Falcon1986 said a firewall should do such as well for you if you'd like to go with Ubiquiti for your router.

[TeflonBilly]

My network setup is a pfsense router paired with an used external AP.
 

The Router is a all in one barebones Supermicro 1U SuperServer:
Supermicro SYS-5018A-TN7B:
Intel Atom C2758 (8C/8T) 2.40 GHz (TDP 20W)

32GB DDR3 1600MHz ECC RAM
120GB Intel SSD
7x 1GB RJ45 ports

I honestly don't have a very good impression of Ubiquiti, I've just converted all of my network gear (switches and AP) to Ruckus based stuff (ICX 6430-48P & ICX 6450-48P Gigabit Switches, and Zoneflex 7982 AP). Not cheap, but very available in good condition on ebay particularly now with there being constant large upgrade cycle in institutional/industrial switching gear there is a constant stream of quality barely used equipment. I got my Ruckus AP for $35 and it looked brand new.

If you don't mind staying one generation or at most two behind, you can get really high quality stuff that's made to last and just work.