router Advice on 1G/10G Router (Not AP)

[qwazwak]

So my network is an absolute mess and I'm looking to clean it up. The current setup is an old WNDR3400v2 providing DHCP and a Nighthawk X6 R8000 as an AP. The current network is almost entirely 100Mb, has no more ethernet ports free, and has horrible wiring. I want to rework as much as I can and my current plan is to install DD-WRT onto the Nighthawk to act as a ballin' AP and buy a router/switch to act as the hub/DHCP server. I've searched and cannot find any 1Gb or 10Gb router/switches, of course I've seen many AP-routers but no router-switches. As far as I know I'll probably end up needing enterprise grade gear for this. I really want to set this up as only one box for the hub (or chain it to switches in the future for expansion) however because of not finding any router-switches I may have to get a DHCP router and connect it to a big switch. My worry with this is whether all devices will be able to connect to the switch then go directly to the other device, or if they will all go into the switch then the DHCP router then back to the switch then to another device.

 

TL;DR

• Do Any Cheap Large 1Gb/10Gb DHCP/Router-Switches Exist? I don't need it to be an AP but if it has the capacity I can just turn it off.
  • I also really want/almost need it to be able to run DD-WRT
• If I have a DHCP server/router going to a switch, will clients connect 'through' the router or just go 'into' the switch and directly back 'out'
• And should I just get a DHCP Router-switch combo (one box) or should I get a router then connect that to a big switch?

 

TL;DRv2

• Router+Switch vs. RouterWithAlotOfPorts
• Any cheap many-port-routers what can use DD-WRT (with gigabit)?

[Electronics Wizardy]

If you want a router that is 1gb w/o ap look at the ubiquity edge router. You can also build you own router using pfsense, untangle, or make your own with linux/freebsd. If you want a prograde solution you can get cisco products, but there much more expensive. 

 

Don't get 10gb if you don't have more than 1gb comming into your house. Just get a 10gb switch.

[qwazwak]

2 minutes ago, Electronics Wizardy said:

If you want a router that is 1gb w/o ap look at the ubiquity edge router. You can also build you own router using pfsense, untangle, or make your own with linux/freebsd. If you want a prograde solution you can get cisco products, but there much more expensive. 

It looks amazing so far, do you know if it can run DD-WRT?

I would love to build my own router, but I'd like atleast 8-10 usable ports and that many gigabit NIC cards is gonna cost..

I've 

 

2 minutes ago, Electronics Wizardy said:

Don't get 10gb if you don't have more than 1gb comming into your house. Just get a 10gb switch.

I had an idea for 10gb where the router and 1-2 ports on the switch were 10gb and teamed so if clients did have to pass through the router there would be no bottleneck.

[Guest]

21 minutes ago, qwazwak said:

TL;DR

• Do Any Cheap Large 1Gb/10Gb DHCP/Router-Switches Exist? I don't need it to be an AP but if it has the capacity I can just turn it off.
• If I have a DHCP server/router going to a switch, will clients connect 'through' the router or just go 'into' the switch and directly back 'out'
• And should I just get a DHCP Router-switch combo (one box) or should I get a router then connect that to a big switch?

• Not in 10gig - they're all DC top of rack gear.
• Depends - if they're on the same subnet they'll just go in the switch and backout. If they're destined for a different subnet or VLAN on a different switch, they'll return to the router. (L3 switches are a little different).
• Depends - most routers in the SMB/ent space are designed to talk to a switch whereas consumer gear all have 4-6 port switches built in. (There's actually a difference in circuit design between multiple ports on a router and a switch being built into a router

Have you done CCNA or CCENT? An EdgeRouter Lite may be a good learning tool - they can be a pain with more advanced stuff on them but for basic WAN in, DHCP and NAT they're fairly simple.

Edited June 6, 2016 by Windspeed36

[qwazwak]

9 minutes ago, Windspeed36 said:

• Not in 10gig - they're all DC top of rack gear.
• Depends - if they're on the same subnet they'll just go in the router and backout. If they're destined for a different subnet or VLAN on a different switch, they'll return to the router. (L3 switches are a little different).
• Depends - most routers in the SMB/ent space are designed to talk to a switch whereas consumer gear all have 4-6 port switches built in. (There's actually a difference in circuit design between multiple ports on a router and a switch being built into a router

Have you done CCNA or CCENT? An EdgeRouter Lite may be a good learning tool - they can be a pain with more advanced stuff on them but for basic WAN in, DHCP and NAT they're fairly simple.

What does DC mean?

 

I have attached the best I can explain, Does your explanation explain when using a router with lots of ports/a router and switch in one?

 

Ah ok.

 

What do CCMA and CCENT mean, and what is an EdgeRouter Lite?

[Guest]

3 minutes ago, qwazwak said:

What does DC mean?

 

I have attached the best I can explain, Does your explanation explain when using a router with lots of ports/a router and switch in one?

 

Ah ok.

 

What do CCMA and CCENT mean, and what is an EdgeRouter Lite?

• DC - data centre - either a business or area of a business that is designed as a data centre (UPS's, generators, good physical security, enterprise routing and switching, SLA's from WAN carriers)
• Ubiquiti EdgeRouter Lite - good SMB router.
• CCNA is Cisco Certified Networking Associate (CCENT is part of CCNA, you're CCENT certified when you pass exam 1 of CCNA). It is a course that gives you an understanding of fundementals behind routing, switching and network connectivity.

If you've got 2 devices connected to the same switch trying to communicate to eachother, the switch will use the destination MAC address of the packets and look it up in its ARP table or mac address table - it will then know that address Y is on port 4 and send the packets to that port.

 

If the MAC address isn't in that switch, in the case that it's on a different subnet or VLAN, the switch will forward the packets to the router who will then look at the IP address (not the MAC address) of the destination and send the packets to the port on the router associated with that IP address.

[qwazwak]

2 minutes ago, Windspeed36 said:

• DC - data centre - either a business or area of a business that is designed as a data centre (UPS's, generators, good physical security, enterprise routing and switching, SLA's from WAN carriers)
• Ubiquiti EdgeRouter Lite - good SMB router.
• CCNA is Cisco Certified Networking Associate (CCENT is part of CCNA, you're CCENT certified when you pass exam 1 of CCNA). It is a course that gives you an understanding of fundementals behind routing, switching and network connectivity.

What is an SMB router, and what would be the difference between that and just a normal router?

 

2 minutes ago, Windspeed36 said:

If you've got 2 devices connected to the same switch trying to communicate to eachother, the switch will use the destination MAC address of the packets and look it up in its ARP table or mac address table - it will then know that address Y is on port 4 and send the packets to that port.

 

If the MAC address isn't in that switch, in the case that it's on a different subnet or VLAN, the switch will forward the packets to the router who will then look at the IP address (not the MAC address) of the destination and send the packets to the port on the router associated with that IP address.

Ahhhh, Okay. So they can connect using only the switch if the switch knows the destination address, if not it goes to the DHCP server.. Is that correct?

[Electronics Wizardy]

28 minutes ago, qwazwak said:

It looks amazing so far, do you know if it can run DD-WRT?

I would love to build my own router, but I'd like atleast 8-10 usable ports and that many gigabit NIC cards is gonna cost..

I've 

 

I had an idea for 10gb where the router and 1-2 ports on the switch were 10gb and teamed so if clients did have to pass through the router there would be no bottleneck.

You need 2 ports on a router, lan and wan. Every thing you can use a switch(unlesss you need dual wan.)

[qwazwak]

1 minute ago, Electronics Wizardy said:

You need 2 ports on a router, lan and wan. Every thing you can use a switch(unlesss you need dual wan.)

Oh yeah..

Is the Ubiquity EdgeRouter essentially a DHCP server, and what can it do?

[Guest]

1 minute ago, qwazwak said:

What is an SMB router, and what would be the difference between that and just a normal router?

 

Ahhhh, Okay. So they can connect using only the switch if the switch knows the destination address, if not it goes to the DHCP server.. Is that correct?

• SMB routers contain more features relative to a small or medium business. Things like VLAN's, RADIUS authentication for VPN's (Microsoft Active Directory support through RADIUS server), more VPN tunnels with higher throghput, IPSEC VPN's (site to site), better warranty support (advanced replacement)
• No - doesn't quite work like that. The packets will go back to the router if they're not for a connection on the switch but the routers routing table that was defined by DHCP will solve it. DHCP or dynamic host configuration protocol ties IP addresses to MAC addresses and host names - giving out the IP addresses, not actually doing any routing.

[Electronics Wizardy]

1 minute ago, qwazwak said:

Oh yeah..

Is the Ubiquity EdgeRouter essentially a DHCP server, and what can it do?

Its does nat(i think it also has a firewall. It can also do dhcp and dns.

[Guest]

1 minute ago, qwazwak said:

 

Is the Ubiquity EdgeRouter essentially a DHCP server, and what can it do?

An EdgeRouter is a standard SMB router-  as mentioned above it has additonal features but its core functionality is still the same - routing table, DHCP server to assign addresses as well as NAT.

[qwazwak]

3 minutes ago, Windspeed36 said:

• SMB routers contain more features relative to a small or medium business. Things like VLAN's, RADIUS authentication for VPN's (Microsoft Active Directory support through RADIUS server), more VPN tunnels with higher throughput, IPSEC VPN's (site to site), better warranty support (advanced replacement)
• No - doesn't quite work like that. The packets will go back to the router if they're not for a connection on the switch but the routers routing table that was defined by DHCP will solve it. DHCP or dynamic host configuration protocol ties IP addresses to MAC addresses and host names - giving out the IP addresses, not actually doing any routing.

So in theory there could be a bottleneck between the main router/Hub/dhcp server and the switch?

 

Sidenote, does VLAN allow you to essentially section off clients/devices into groups that they can only connect/communicate in? If so does it allow for venn-diagram-like overlaps of devices?

 

 

2 minutes ago, Electronics Wizardy said:

Its does nat(i think it also has a firewall. It can also do dhcp and dns.

2 minutes ago, Windspeed36 said:

An EdgeRouter is a standard SMB router-  as mentioned above it has additional features but its core functionality is still the same - routing table, DHCP server to assign addresses as well as NAT.

Correct me if i'm wrong, but does this mean I could connect it to a big ol' switch and it'd all work?

[Guest]

1 minute ago, qwazwak said:

So in theory there could be a bottleneck between the main router/Hub/dhcp server and the switch?

 

Sidenote, does VLAN allow you to essentially section off clients/devices into groups that they can only connect/communicate in? If so does it allow for venn-diagram-like overlaps of devices?

 

 

Correct me if i'm wrong, but does this mean I could connect it to a big ol' switch and it'd all work?

• Yes - this is why you then get layer 3 switches. Switches by default are a layer 2 device meaning that they interact based on a physical address or MAC. Layer 3 switches cover both layer 2 and layer 3 - the IP address layer. This means that you can offload some of the work of the router onto the switch thus limiting that bottleneck.
• VLAN's or virtual lans allow for you to segregate network traffic. If you want 2 different VLAN's to then talk to eachother, you normally then need to send that traffic back to the router. It's great for isolating guest networks from standard networks or having one network specific to VOIP or streaming with different traffic proritisation.
• In the broadest sense, yes. Are you willing to learn the basics of confugring a router? If not, stick to the consumer Asus/TP Link gear

[qwazwak]

10 minutes ago, Windspeed36 said:

• Yes - this is why you then get layer 3 switches. Switches by default are a layer 2 device meaning that they interact based on a physical address or MAC. Layer 3 switches cover both layer 2 and layer 3 - the IP address layer. This means that you can offload some of the work of the router onto the switch thus limiting that bottleneck.
• VLAN's or virtual lans allow for you to segregate network traffic. If you want 2 different VLAN's to then talk to eachother, you normally then need to send that traffic back to the router. It's great for isolating guest networks from standard networks or having one network specific to VOIP or streaming with different traffic proritisation.
• In the broadest sense, yes. Are you willing to learn the basics of confugring a router? If not, stick to the consumer Asus/TP Link gear

Ahh, I think I saw some things about that in a TP-Link managed switch I was using a couple months ago.

Ahh, I think I'm gonna try and set that up.

Awesome, Part of the reason I'm starting this project is while I know my way around computer hardware,I only have a surface understanding of networking and really want to learn how to network things correctly and well.

Oh also, what is the difference between the Ubiquiti EdgeRouter and Ubiquiti EdgeRouter Lite and which is better for this project?

[8uhbbhu8]

I was going to comment on this but Damn good job Windspeed.  I can't think of anything you didn't cover. (Got my CCNT, CCNA, CCNA R&S, CCNA Sec,+Linux Basics this year) 

 

Wish I had thought of building my own router and switch earlier....

[Guest]

1 hour ago, qwazwak said:

Oh also, what is the difference between the Ubiquiti EdgeRouter and Ubiquiti EdgeRouter Lite and which is better for this project?

There isn't actually a standard EdgeRouter. You've got the following lineup.

• Lite
• PoE 5
• ER 8
• ER Pro 8

The Lite and PoE 5 share the same hardware but the 5 is obviously 5 port with a built in 3 port switch as well as PoE - ideal for small businesses that need a PoE supply for AP's.

 

The 8's are higher performance ones designed for enterprise use - SFP links, more ports, higher performance. Note that it is recomended to use external DHCP forn anything more than 200 clients on the rack mount SKU's.

[leadeater]

Also to add to what has already been said, business/enterprise networking equipment won't run or shouldn't run DD-WRT. These implement all the required features so there is no reason you would want to run DD-WRT on them and even if you could it will perform worse, non optimized for the hardware etc etc, but I think you have already figured this out.

 

From my limited use of a Ubiquiti Edgerouter Lite I was rather disappointed with it's features and management interface, much less than I am used to but to be fair I'm comparing to products that cost 10 to 100+ times more. Good devices however but I did have compatibility issues with some of my equipment but I'm fairly sure those were to blame not the Edgerouter.

 

Hindsight I would have gone with the Ubiquiti USG Pro 4 for it's integration with UniFi Controller since I was also putting in some AP AC Pro's, or stumped up for another FortiGate.

[Guest]

2 hours ago, leadeater said:

Also to add to what has already been said, business/enterprise networking equipment won't run or shouldn't run DD-WRT. These implement all the required features so there is no reason you would want to run DD-WRT on them and even if you could it will perform worse, non optimized for the hardware etc etc, but I think you have already figured this out.

 

From my limited use of a Ubiquiti Edgerouter Lite I was rather disappointed with it's features and management interface, much less than I am used to but to be fair I'm comparing to products that cost 10 to 100+ times more. Good devices however but I did have compatibility issues with some of my equipment but I'm fairly sure those were to blame not the Edgerouter.

 

Hindsight I would have gone with the Ubiquiti USG Pro 4 for it's integration with UniFi Controller since I was also putting in some AP AC Pro's, or stumped up for another FortiGate.

What didn't you like about the ER's? The USG's do sweet dick all at the moment. They've only just added IPSec VPN support in the latest firmware revision and 802.1x support for VLAN's.

[leadeater]

5 minutes ago, Windspeed36 said:

What didn't you like about the ER's? The USG's do sweet dick all at the moment. They've only just added IPSec VPN support in the latest firmware revision and 802.1x support for VLAN's.

Thanks for the info, the marketing is strong with that product then .

 

Having the option to setup site to site VPNs via the web interface while nice is broken and doesn't fully work, or support all the configurations that is actually possible (i.e. VTI). If you use CLI to setup the VPN touching anything in the VPN web interface totally screws it and you have to drop the config and re-setup.

 

Couldn't get GRE tunneling working between it and a FortiGate (totally blaming the FortiGate here though).

 

Can't set individual per interface/VLAN DHCP relay servers, only a global list of DHCP IP addresses and then apply this per interface/VLAN. Not useful for me where I need different DHCP relay lists for different VLANs.

 

The dashboard graphs and RX/TX utilization statistics are incorrect and don't shown on a per VLAN interface basis, only on the physical interface. It shows stuff on the VLAN interfaces but its just flat out wrong, by a lot.

 

Can't remember exactly what it was but there was something to do with setting up OSPF but really was minor, clearly not worth remembering heh.

 

Rest of the stuff I don't like are all web UI related, most things I find easier to do via CLI. NAT rules for example.

 

It's not like I'm a target customer for Ubiquiti routers though, I was just setting one up for a friend who recently got fibre and I was taking advantage of that fact to put a server at his place so I could dual site configure my network. The cost of a ERLite 3 is just so low it was worth trying that first before buying another FortiGate 60D. I'm still running the ERLite 3 but I will likely replace it at some point, while off though.

[qwazwak]

10 hours ago, leadeater said:

Also to add to what has already been said, business/enterprise networking equipment won't run or shouldn't run DD-WRT. These implement all the required features so there is no reason you would want to run DD-WRT on them and even if you could it will perform worse, non optimized for the hardware etc etc, but I think you have already figured this out.

Yeah, that makes sense.

 

10 hours ago, leadeater said:

From my limited use of a Ubiquiti Edgerouter Lite I was rather disappointed with it's features and management interface, much less than I am used to but to be fair I'm comparing to products that cost 10 to 100+ times more. Good devices however but I did have compatibility issues with some of my equipment but I'm fairly sure those were to blame not the Edgerouter.

How is it as a 'learning router' and/or a super(ish) budget DHCP server/router? Do you know if It can run DD-WRT?

 

13 hours ago, Windspeed36 said:

The 8's are higher performance ones designed for enterprise use - SFP links, more ports, higher performance. Note that it is recomended to use external DHCP forn anything more than 200 clients on the rack mount SKU's.

The most clients it would ever serve is at maximum 75. The current router only serves under 25-30 clients.

 

 

Also, any advice on what to look for in switches?

[leadeater]

2 hours ago, qwazwak said:

How is it as a 'learning router' and/or a super(ish) budget DHCP server/router? Do you know if It can run DD-WRT?

Very good, under the hood it runs Vyatta which they have then modified to fit their requirements and added a web UI. Don't know about DD-WRT but this falls under the why? Everything you need should already be in the product as is. What is it in DD-WRT that you need? Can say if it can do it or not.

 

@Windspeed36 Would be able to answer these questions better than I can though.

[qwazwak]

2 minutes ago, leadeater said:

Very good, under the hood it runs Vyatta which they have then modified to fit their requirements and added a web UI. Don't know about DD-WRT but this falls under the why? Everything you need should already be in the product as is. What is it in DD-WRT that you need? Can say if it can do it or not.

 

@Windspeed36 Would be able to answer these questions better than I can though.

What is Vyatta? 

[brwainer]

2 hours ago, qwazwak said:

What is Vyatta? 

Vyatta is an operating system that is custom built for switching and routing. It's a bit like PFSense but with a lot less features, and more switch focused than routing focused. At least that's my understanding of it. My only experience is a single lab in college where we used a few virtual vyatta switches in our GNS3 network.

[Guest]

5 minutes ago, brwainer said:

Vyatta is an operating system that is custom built for switching and routing. It's a bit like PFSense but with a lot less features, and more switch focused than routing focused. At least that's my understanding of it. My only experience is a single lab in college where we used a few virtual vyatta switches in our GNS3 network.

 

2 hours ago, qwazwak said:

What is Vyatta? 

Pretty much what @brwainer wrote - it's a linux based routing OS however since it was bought out by Brocade it stopped being developed. Vyos exists as a community version and is open source.

5 hours ago, qwazwak said:

Yeah, that makes sense.

 

How is it as a 'learning router' and/or a super(ish) budget DHCP server/router? Do you know if It can run DD-WRT?

 

The most clients it would ever serve is at maximum 75. The current router only serves under 25-30 clients.

 

 

Also, any advice on what to look for in switches?

Haven't tried running DDWRT on it - as a budget SMB router, it'll be fine - you won't need the options that seperate it from a Fortigate or similar.

 

As for switching, you can probably settle with a dumb layer 2 switch that isn't managed - Netgear, Cisco (Linksys), DLink - they're all pretty much the same. If you're looking at L3 managed that's a different story. If you wanna learn, see if you can pickup a cheap 2960x - keep in mind it's entirely CLI to do anything though.