Home CPE choice

Hopefully this e-mail is considered operational content

The recent thread on the new linkys kit and ipv6 support got me thinking about CPE choice.

What good off the shelf solutions are out there? Should one buy the high end d-link/linksys/netgear products? I've had bad experiences with those (netgear in particular).

Should one get a "real" cisco router? The 877 or something? Maybe an ASA or the new small business targeted ISR (can't recall the model number off hand right now). There is mikrotik but I'm not so sure about the operating system.

Is there a market for a new breed of CPE running OpenWRT or pfsense on hardware with enough CPU/RAM to not fall over?

Granted that won't cost $79.00 at best buy. However it seems to me that decent CPE is going to run a couple hundred dollars in order to have sufficient ram/cpu.

My current home router is a cisco 1841. I keep my 6mbps DSL line pretty much saturated all the time. Often times my wife will be watching Hulu in the living room, I'll be streaming music and running torrents (granted I have tuned my Azures client fairly well) all at the same time and it's a good experience. Running that kind of traffic load through my linksys would cause it to need a reboot once or more a day.

What are folks here running in SOHO environments that doesn't require too frequent oil changes

Given a marked lack of $significant funding for home routing, I rock
BSD boxen all over. At one point we had several doing OSPF in my
apartment (because we could) but I moved and am now behind a single
Sun Netra ($30) with BSD, natd, and iptables. Works beautifully.

If you're only interested in real routing hardware, I'd probably go
with the low-end cisco SOHO stuff, or if you still have a 2600 sitting
around and only roll DSL, that will work nicely.

-Jack Carrozzo

I have a small HP dummy terminal I installed a CFIDE card in with m0n0wall that has run beautifully for the past 3 years. Barely has any power draw and cost me a whopping $100 after shipping. I keep a few of the dummy terminals around in case this one dies (it's about 6 years old and came from a heavy-use banking application).

Joe

I run Astaro on a p-4 celey i had lying around. Get far more than any little router you'll see..can't beat the price.

Hopefully this e-mail is considered operational content

The recent thread on the new linkys kit and ipv6 support got me
thinking about CPE choice.

What good off the shelf solutions are out there? Should one buy the
high end d-link/linksys/netgear products? I've had bad experiences
with those (netgear in particular).

Should one get a "real" cisco router? The 877 or something? Maybe an
ASA or the new small business targeted ISR (can't recall the model
number off hand right now). There is mikrotik but I'm not so sure
about the operating system.

Is there a market for a new breed of CPE running OpenWRT or pfsense on
hardware with enough CPU/RAM to not fall over?

Granted that won't cost $79.00 at best buy. However it seems to me
that decent CPE is going to run a couple hundred dollars in order to
have sufficient ram/cpu.

My current home router is a cisco 1841. I keep my 6mbps DSL line
pretty much saturated all the time. Often times my wife will be
watching Hulu in the living room, I'll be streaming music and running
torrents (granted I have tuned my Azures client fairly well) all at
the same time and it's a good experience. Running that kind of
traffic load through my linksys would cause it to need a reboot once
or more a day.

What are folks here running in SOHO environments that doesn't require
too frequent oil changes

I run FreeBSD on a PIII; I can easily saturate my 15mbit cable
connection without it breaking a sweat. I also have a couple Cisco
2610's, one of which is my ipv6 tunnel endpoint.

-M

Juniper's SSG5 and SRX100 are nice options for home. I've enjoyed an SSG5
for awhile now. SRX100 for junos. SSG5's pop up on ebay occasionally for a
few $100.

-Iain

Hopefully this e-mail is considered operational content

The recent thread on the new linkys kit and ipv6 support got me thinking about CPE choice.

What good off the shelf solutions are out there? Should one buy the high end d-link/linksys/netgear products? I've had bad experiences with those (netgear in particular).

Should one get a "real" cisco router? The 877 or something? Maybe an ASA or the new small business targeted ISR (can't recall the model number off hand right now). There is mikrotik but I'm not so sure about the operating system.

Is there a market for a new breed of CPE running OpenWRT or pfsense on hardware with enough CPU/RAM to not fall over?

Granted that won't cost $79.00 at best buy. However it seems to me that decent CPE is going to run a couple hundred dollars in order to have sufficient ram/cpu.

My cable provider provides me with a modem which is just a bridge, so all I need is a router box for firewall / nat, etc. I have a Soekris-box, Soekris isn't really cheap though.

But I recently noticed this device, it is $69.95 and has IPv6 out of the box I think (no DSL/WAN though !):

http://routerboard.com/pricelist.php?showProduct=90
http://wiki.mikrotik.com/wiki/IPv6/Overview_and_examples

Haven't tried it yet, I think someone might have mentioned Mikrotik on this list though.

Also it's little brother will soon be available:

$39.95, 'available on end of March 2010'

http://routerboard.com/pricelist.php?showProduct=56

Would that be the right price-range ?

I'm running IPcop on a mini ITX machine (old processor out of my laptop T5500), a cheapo stick of memory and a sata to CF adaptor with a 4gb CF card. All in all cost me about $350. Been running IPcop's for about 6 years now on various hardware going back to a dual p3 500 with 256mb of ram and no complaints aside from ipv6 support which is slated for the 2.x branch. I have a 50/10 cable line which I have kept saturated for multiple days at a time, 5 public IP's about 60 firewall rules and 3 network interfaces (LAN, WAN and guest wireless). I migrated from a PPPOE dsl provider to cable about a year and a half ago. Also physically moved about that time and never powered off the device, or had any issues whatsoever.

The UI is a bit weird, but once you set it up you never touch it.

17:16:19 up 568 days, 19:36, 0 users, load average: 0.00, 0.00, 0.00

What good off the shelf solutions are out there? Should one buy the high end

d-link/linksys/netgear products? I've had bad experiences with those
(netgear in particular).

Should one get a "real" cisco router?

IMHO, you should look to Japan, Korea and China for suppliers. Even if you
are small, you may be pleasantly surprised at the response from a Chinese
manufacturer. If you specify a box with Linux-based firmware, then the
manufacturer has low design costs, and can ammortise them across many
customers because that Linux build can be used again and again.

The easiest way to spec it is to find an existing DSL CPE that is based
around Linux and ask them how much to make noname boxes for you
so that you can put your own sticker on.

Better yet, form a buying club with folks that you meet at the next NANOG
BOF and you are certain to get decent responses.

Is there a market for a new breed of CPE running OpenWRT or pfsense on
hardware with enough CPU/RAM to not fall over?

Such CPE has been available for years which is why OpenWRT was created
in the first place. I believe OpenWRT has limited DSL drivers?

Granted that won't cost $79.00 at best buy. However it seems to me that
decent CPE is going to run a couple hundred dollars in order to have
sufficient ram/cpu.

Ignore BestBuy prices. You don't know their margin and it WILL vary product
to product. With a bit of web searching I found a 5 yr old device, Netcomm
NB5 ADSL modem/router that runs Linux and retails for $99 Australian.

What are folks here running in SOHO environments that doesn't require too
frequent oil changes

Ignore what people tell you. Go talk to Chinese manufacturers and explain what
you need. You are doing them a favor by providing free market data to them so
that they begin to understand that there is an ISP market that wants DSL
routers that are Linux based, flexible, support IPv6, and can be
branded by the ISP.

Fact is, that all those name brand boxes at BestBuy also come from Chinese
manufacturers anyway. The brand name companies are middlemen that provide
specs, some design work, and checking manufacturing quality. The only tricky
part of the equation is manufacturing quality, but why not copy the ISP pioneers
of the 1990s. They did not do extensive trials and evaluations of
routers and switches.
Instead, they found out what the early entrants were using and bought
the same stuff.
So do some digging to find out what Chinese factories are building kit
for Billionton,
Netgear and all the rest.

--Michael Dillon

Some people have said that the Fritz!box is quite good. No idea if it's approved for use in the US.

Nick

Nick,

Thanks for posting this. I wasn't aware of this product. It looks pretty cool.

Given a marked lack of $significant funding for home routing, I rock
BSD boxen all over.

Cool. I'm looking at pfsense to replace my cisco. I want to move the router to my lab for CCIE studies.
Have you tried pfsense, or do you find the built in functionality/configuration system to be sufficient? I've
only used bsd in an end user setting. The more I read, the more it seems that for software routing BSD is a
better packet pusher.

  At one point we had several doing OSPF in my
apartment (because we could)

Oh yeah. I hear that.

  but I moved and am now behind a single
Sun Netra ($30) with BSD, natd, and iptables. Works beautifully.
   

Iptables on bsd? Not pf? Interesting. I'm pretty familiar with Iptables myself and have been wanting to
pickup pf. Can you dive into why you went with iptables instead of pf? Was it familiarity or functionality or...?

If you're only interested in real routing hardware, I'd probably go
with the low-end cisco SOHO stuff, or if you still have a 2600 sitting
around and only roll DSL, that will work nicely.
   
Right. I have a 2600 in my lab.

I have a small HP dummy terminal I installed a CFIDE card in with m0n0wall that has run beautifully for the past 3 years.

No moving parts I take it? I think I've played with m0n0wall in the past.

  Barely has any power draw and cost me a whopping $100 after shipping.

Very nice.

  I keep a few of the dummy terminals around in case this one dies (it's about 6 years old and came from a heavy-use banking application).
   
There you go.

Astaro looks cool. I hadn't heard of it before. Thanks for sharing.

Hi, Charles -- as a few hardware points to consider:

Both the Soekris and Alix hardware is still very solid. We've been using them in a few research projects for a couple of years now and haven't had a single failure. Both can push ~20Mbit/sec with in-kernel packet forwarding and NAT.

Alix2d2: 500Mhz Geode, 256MB DDR, 2x100Mbit ethernet, USB, CF, 2x miniPCI, $110 + enclosure ($10) /power ($6)

Soekris net5501: 500Mhz Geode, 512MB DDR, 4x 100Mbit ethernet, USB, CF, miniPCI, PCI, $300 + power

If you want to move a step up, there's a really nice new option on the market in the form of Intel "Pineview" atom-based systems, but the selection of embedded/router boards is more limited than it is with the Geodes. Advantech just released a single or dual core, 1.6Ghz, fanless atom-based system that draws about 15W that can easily handle 100Mbps:

http://www.advantech.com.tw/products/AIMB-212/mod_1-DCLYTN.aspx

(2x gigabit ethernet ports onboard)

The drawback is that it's kinda spendy - about $220, IIRC, plus about $40 for 2GB DRAM and another $10 for a power supply - but it's a great little box. Takes 12V in so you can use a small power supply with it, not a big ITX beast (or an expensive inline ITX). And if you find yourself needing 5x RS232 ports, well, now you have 'em. (You're paying for an embedded controller...) We just got 20 of them and are able to handle a few hundred MB/sec of reading off of an SSD, etc. I haven't yet tried forwarding full gigabit through it, but it's probably ... around the limit.

Don't go with the old Atom-based systems you might find on ebay. The "pineview" based ones are the first ones out that are fanless -- and the I/O controller is a *lot* better on these systems. If you go with an Atom system off of, say, Newegg, be careful with the chipset selection.

  -Dave

<snip>

Running IPcop on a circa 1995 PIII, 128 Mb Ram, I believe its 5Gb disk 3 of
5 I originally setup about 10 years ago when I decided on this platform (2
have died so far), total cost $0 using repurposed systems. It runs a DHCP
LAN/Wan with a small dmz off it and other than security based upgrades
hasn't been touched since it was installed. I just checked, its been up 496
days without a hiccup this time, probably since our last power outage which
was longer than the 10 minutes my little ups will manage

Had a problem the other day and my provider "unamed", "Largest BC/Canada/DSL
provider" finally got it fixed. One of the things they said was broken is
the 12 year old DSL modem they provided and so they sent me a free
replacement to get things up to speed. But wait, this is where things get
interesting, they sent me an IP4 based NAT router. I called back and
said, "That won't work I need at leat a couple of Internet Reachable
addresses to use.".

Long story short, they are no longer providing addresses anymore, only Nat
(was a battle but I managed to get them to send me a replacement
modem/bridge instead), thus said Company will be recovering thousands of
addresses over the next little while from all their residential customers to
use somewhere else and lowering the functionality for the customer.

On a side note, IPV6 was not available, was not in their plans, and there
was no beta list, volunteer list, interest list, etc for people to express
interest with.

In the 1990's this Company was praised for its forward thinking

cheers

Yeah, the one unfortunate ting in the J-series and SRX-series is that after 9.6
you have to put in a whole bunch of config to turn it back into a router.
JunOS on these "services" routers now wants to behave like a netscreen
until bludgeoned otherwise. The way to achieve this is not intuitively
obvious, especially the forwarding-options mpls (which affects inet,
not just mpls) and the flow stuff.

Owen

Here's a useful template for those that care:

security {
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                    bgp;
                    ospf;
                    router-discovery;
                }
            }
            interfaces {
                all;
            }
        }
    }
    alg {
        dns disable;
        ftp disable;
        h323 disable;
        mgcp disable;
        msrpc disable;
        sunrpc disable;
        real disable;
        rsh disable;
        rtsp disable;
        sccp disable;
        sip disable;
        sql disable;
        talk disable;
        tftp disable;
        pptp disable;
    }
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
        }
    }
    flow {
        allow-dns-reply;
        tcp-session {
            no-syn-check;
            no-syn-check-in-tunnel;
            no-sequence-check;
        }
    }
}

They have a very rich VoIP implementation and are really good for the less technical user. But for more eloborate setups they are a bit rigid, telnet to the box and you void warranty etc. Got a few hundred thousand in the field and most people seem to be happy with them.

A limited set of IPv6 features is available in beta for some models, very basic interface to support various flavours of native connectios and tunnels. Small firewall interface to punch some pinholes (bit buggy still, being worked on). Enough for your average connection demands.

As far as I know they aren't certified for US. Most of the boxes come with ISDN (the have german origins) and DECT base station, so next to the regular WiFi there is a lot of other stuff that needs changing an certification for the US market. My guess however is that those things are primairly driven by demand and if you order a truckload things can be fixed.

At home I run cisco, but I guess that's due to my background. It's stable, flexible and I'm used to the interface.

From a consumer perspective I'm really impressed by the latest Draytek Vigor (2130n). Pretty amazing RG which has a rich and easy to use future set and has a full and working IPv6 box on board. Unfortunately this doesn't include a VoIP client or DSL interface, both are being worked on I was told. It's build around a linux stack so everything is there: routing, firewalling. Mostly via the webinterface some only via cli (ssh/telnet). SNMP is included.

For the DSL there is a workaround using the Vigor 120 box, which can tie DSL to ethernet and even is able to translate PPPoA into PPPoE. With the latest firmware it can also handle IPv6 on those PPP sessions. And since it's standard PPPoE out of the back it's also an easy fix for other RGs. Tested it yesterday together with an airport express and worked perfectly. Only problem I found was the airport seems to lack IPv6 support on it's PPPoE stack, which I was testing for.

Enough for the plugging of the vendors Shameless plug for myself:

I'm compiling a list of IPv6 ready CPE to be presented at RIPE-60, any hints and tips on what is out there and experiences so far are welcome off list. I'm about to send a simple questionair to known vendors, if you happen to be a CPE manufacturer and want to be included please contact me.

Thansk,

MarcoH

Charles N Wyble <charles@knownelement.com> writes:

Should one get a "real" cisco router? The 877 or something?

871 works very well here. You may find on heap on eBay. But *don't* get
an 861. Last time i checked there was no IOS with IPv6 support for this
model.

My current home router is a cisco 1841. I keep my 6mbps DSL line pretty
much saturated all the time. Often times my wife will be watching Hulu
in the living room, I'll be streaming music and running torrents
(granted I have tuned my Azures client fairly well) all at the same time
and it's a good experience.

If it's working stick to it.

Jens

Charles N Wyble <charles@knownelement.com> writes:

Have you tried pfsense, or do you find the built in
functionality/configuration system to be sufficient?

AFAIK IPv6 is not supported via the GUI, but everything else is okay.
       
Jens