2020 Router Recommendations


JesterEE

Recommended Posts

So it's time to upgrade.  I have an ASUS RT-N66U Dark Knight that I have been using since 2013 currently on a 01/2019 version of DD-WRT.  It's been a good workhorse, having lots of firmware flashed to it over the years (Asuswrt-Merlin, Shibby Tomato, BrainSlayer DD-WRT) but it's starting to show it's age.  It has 256MB RAM, so it handles a lot of concurrent connections well in the routing table, but something in DD-WRT isn't behaving and it drops network connectivity after about a week of up-time till I (hard) reboot it.  It's on the fringe of active firmware support being so old, and honestly, I don't want to be bothered trying to fix it flashing yet another firmware.  I think I got my moneys worth by now 🤣.

 

I'm looking for community recommendations (please)!  I don't need anything crazy, just stable.  I toyed with the idea of a small pfSense box + TBD WiFi AP, but for me, right now, that is SUPER overkill.  That route quickly approaches $400+ for a "tiny" solution. That's like 3x what I want to spend, plus, it would have the WiFi AP decoupled from the router which is not ideal for me.  Also, I only need about 1000 sqft. of WiFi coverage and I have a centrally located location for the router, so really, any router will be fine for coverage; no need for a mesh.

 

Here's my want list:

  • <$150 new or used.  Lower is obviously better.
  • Stable!
    • Maybe a scheduled soft reset once a week.
  • Great stock firmware.  Bells and whistles included!
    • Standard stuff like static port mapping, port forwarding, and DMZ
    • More advanced stuff like VLANS, bandwidth monitoring, traffic logging (RFLOW), blocklists, WiFi "client mode", etc.
  • Standard sized residential oriented router
    • no virtualized solutions, no re-purposed PCs
  • 4+ port GbE switch
  • 1 GHz+ dual+ core CPU
  • Fair amount of RAM (128 MB+)
  • Dual band 2.4 GHz 802.11n and 5 GHz 802.11ac support
    • The newer 802.11ax [WiFi 6] is good too, but I don't need it and don't really want to pay the early adopter tax
  • MU-MIMO WiFi
    • Not needed, but it's good tech ... I'd like it if possible.

 

Basically, a solid 2018-2019 router: ASUS RT-AC series, Neargear Nighthawk series, TP-Link Archer Series, etc.  I haven't personally used any of their firmware, so it's hard to know what boxes they all tick even if the hardware specs are good. And you can only troll so much YouTube looking for hints in year old videos.

 

Anyone have experience with any pro-sumer router equipment that likes it and wants to throw out a recommendation?

 

Thanks

-JesterEE

Link to comment
1 hour ago, JesterEE said:
  • <$150 new or used.  Lower is obviously better.
  • Stable!
    • Maybe a scheduled soft reset once a week.
  • Great stock firmware.  Bells and whistles included!
    • Standard stuff like static port mapping, port forwarding, and DMZ
    • More advanced stuff like VLANS, bandwidth monitoring, traffic logging (RFLOW), blocklists, WiFi "client mode", etc.
  • Standard sized residential oriented router
    • no virtualized solutions, no re-purposed PCs
  • 4+ port GbE switch
  • 1 GHz+ dual+ core CPU
  • Fair amount of RAM (128 MB+)
  • Dual band 2.4 GHz 802.11n and 5 GHz 802.11ac support
    • The newer 802.11ax [WiFi 6] is good too, but I don't need it and don't really want to pay the early adopter tax
  • MU-MIMO WiFi
    • Not needed, but it's good tech ... I'd like it if possible.

I personally have a UniFi USG router and separate switches and APs which is way overkill for your needs.  However I can highly recommend the Netgear Nighthawk (an R6700 or R7000). 

 

I also used an Asus RT-N66U for many, many years.  It was a true workhouse, but, I eventually retired it a couple of years ago.  In the interim before moving to the Ubiquiti gear, I used a Netgear R6400.  It was a solid router that I never had to reboot. 

 

I bought an R6700 for my sister's house, but, it ended up not working well with their crappy ISP gear (not a Netgear problem), so I gave that one to my son a couple of months ago.  They love the R6700 as it provides good coverage throughout their 4000 sq. ft. home (very open two-story + basement) including to basement apartment they rent out.  They said it was a much better router than their prior ISP supplied garbage.

 

The R6700/R7000 are basically the same hardware (other than an additional USB port on the R7000) and meet all of the above requirements other than supporting VLANs, ax WiFi, and MU-MIMO.

 

For a price reference, the R7000 is $133 on Amazon

 

https://www.netgear.com/home/products/networking/wifi-routers/R7000.aspx

 

If you want MU-MIMO here are the Netgear models that support that:

https://www.netgear.com/landings/MU-MIMO/

Edited by Hoopster
  • Like 1
Link to comment
10 minutes ago, uldise said:

what are expected total bandwidth? do you need some hardware supported VPN?

150Mbps WAN (Verizon Fios in my area).  1Gbps LAN.  10Gbps LAN can be on my next upgrade 🤤.

 

I do VPNing in Unraid.  I used to do it on my router, but it would really tax the 600 MHz Broadcom chip in the N66U.  The Unraid Wireguard support is really good for incoming connections, and I have dockers for outgoing connections ... I don't see going back to using the router for VPN.

 

-JesterEE

 

 

Link to comment
22 minutes ago, 1812 said:

so.... why not virtualize your firewall on your server via pfsense or sophos/etc...? thats 20-40 dollars for a dual or quad port Nic, then spend 60-80 on a wifi point. 

 

 

I'm hesitant to do that because the network will do down if the array goes down.  Not that it would be a huge deal, but a concern.  But if I'm already going to buy a NIC and WiFi AP ($80-$120), why not just buy a slightly better WiFi AP that does enough of the router stuff to make me happy?  At that point, another $25 will give me a dedicated appliance.  I think that's worth the money.

 

If I intend to go to a more commercial grade firewall in the future, I will surely virtualize it first to get my feet wet.

Link to comment
53 minutes ago, JesterEE said:

150Mbps WAN (Verizon Fios in my area).  1Gbps LAN.  10Gbps LAN can be on my next upgrade 🤤.

 

I do VPNing in Unraid.  I used to do it on my router, but it would really tax the 600 MHz Broadcom chip in the N66U.  The Unraid Wireguard support is really good for incoming connections, and I have dockers for outgoing connections ... I don't see going back to using the router for VPN.

 

-JesterEE

then i would recommend a Mikrotik products, like https://mikrotik.com/product/hap_ac2, much cheaper than your budget.

it can do about 1Gbit WAN, have at least 200Mbit Hardware accelerated Ipsec VPN, some wifi - for me i have a cable on all devices that required more than 50Mbit traffic, so not a big deal.. and if you are familiar with Mikrotik ROS, you have so many configuration options.. 

  • Like 1
Link to comment
21 minutes ago, JesterEE said:

I'm hesitant to do that because the network will do down if the array goes down.  Not that it would be a huge deal, but a concern.  But if I'm already going to buy a NIC and WiFi AP ($80-$120), why not just buy a slightly better WiFi AP that does enough of the router stuff to make me happy?  At that point, another $25 will give me a dedicated appliance.  I think that's worth the money.

 

If I intend to go to a more commercial grade firewall in the future, I will surely virtualize it first to get my feet wet.

I was worried about that too, but after a few years its not a big deal. plus I'm using otherwise wasted cpu cycles, can upgrade or downgrade ram in a flash. I don't have to worry about how much a vpn will tax the processor, or any other performance wall that standard consumer appliances can face without spending hundreds of dollars. the flexibility is also nice to have, not being locked into "this is it, this is all it will ever be." AND the ability to have a variety of different firewall software choices with typically more robust support.

 

but, to each his own. simplicity can also be worth the price :)

 

 

Link to comment
34 minutes ago, JesterEE said:

I'm hesitant to do that because the network will do down if the array goes down.

For planned outages of any length, it's easy to just temporarily stand up your current router for the duration of the maintenance. Hopefully there are no unplanned array stops, I've never had my pfSense VM stop or my array crash, but I am running server grade hardware.

  • Like 1
Link to comment

@klipp01 @Hoopster

Thanks for sharing your recommendations for the ASUS and Netgear Nighthawk.  How is the UI these days on those units?  How "advanced" are the advanced configuration options?  I haven't used a stock firmware in 10 years, partially because they have always been rather dumb and feature starved even for relatively "commonly needed" things.  Hoping not to have that issue in the next purchase.

 

@uldise

I have never used a Mikrotik or looked at RouterOS.  I know the company has a good reputation with networking people but I always thought they were more pro than pro-sumer in pricing.  After looking at their website when you posted, I was surprised that they have some pretty affordable options geared toward a home consumer.  In your opinion, what sets the hardware and software apart from what companies ASUS and Netgear are offering?  Are the RouterOS features the same on all the hardware variants or does it scale up/down with hardware complexity/price-point?

 

I'd likely go with the router you recommended ... the features seems to be inline with what I want and the price is certainly right at <$75 USD!  I see they have an x86 image of RouterOS available.  I might try to spin it up in a VM and test out the interface.

 

@Hoopster @jumperalex

Ya, the Ubiquity ecosystem looks nice, but is way more than I need or plan on needing in the immediate future.  I think of them as the Apple of the networking world ... in both good and bad ways 🙄.  Maybe one day when I have a 30,000 sqft. castle with need of a dozen APs. 😋

 

@1812 @jonathanm

I see where you're going and I think you both have a point.  I think this may be an issue for me because I'm still fairly "new" to Unraid only migrating my server ~6 mos ago.  I seem to be continuously modifying configurations for both dockers and VMs, and I tend to need to reboot the server or stop the VM manager semi-frequently while I get stuff ironed out.  This would completely sever my connection to the local network if I were running a VM router.  I typically only interface with the server via a SSH or WebUI so this could cause some issues with locking myself out.

 

I could do a second video card and add a monitor for terminal access, but I'm trying to avoid that and run administration headless.  This is more a physical/PITA concern than anything else.  Also, if I need another video card, I would be out of PCIE ports on my motherboard (16x/8x VM dedicated GPU, 4x HBA, 8x currently empty) ... so no Ethernet NIC card!  Also, OT, I may want to add another video card for Unraid anyway to dedicate to CUDA tasks on the host, so the PCIE might all be spoken for anyway.  My motherboard does have 2 Ethernet NIC adapters and 1 WiFi NIC adapter though so it may be doable. In your experiences, does VFIO pass-though work well with pfSense VMs?  I envision I could use the motherboard for the router and AP (pass-through 1 Ethernet NIC and the WiFi NIC) and a managed switch for the WAN and LAN.  Is using a wireless NIC device as an AP possible in pfSense?  I'd also have to see how good the wireless signal is but like I said, I have no WiFi range concerns currently.  A single dipole antenna would probably be just fine.

 

I have never run pfSense personally, and configuring it has always scared me to be honest 😲.  It's also way more than I think I need ... like using Thor's hammer for a 1d nail!  I always wanted to spin up a VM and dive into what it can do, but this has been so far off the back-burner it will likely never happen unless I need to do it.  Maybe now's the time...

 

Thanks everyone!

-JesterEE

 

Link to comment
7 minutes ago, JesterEE said:

Thanks for sharing your recommendations for the ASUS and Netgear Nighthawk.  How is the UI these days on those units?  How "advanced" are the advanced configuration options?

Below are a couple of links that may help you regarding the Netgear Nighthawk R7000.  The tutorials in the first link and the manual in the second link should give you a good idea regarding the features of that particular router if it of interest to you.

 

https://www.netgear.com/support/product/r7000.aspx#page-1

 

http://www.downloads.netgear.com/files/GDC/R7000/R7000_UM.pdf

 

The Ubiquiti gear is overkill in my house, but, I still love the idea of separate router/firewall, switches and APs.  I have one USG, two PoE switches (16-port and 8-port) and three APs (two on ceiling and one in-wall).  

Link to comment

Using separate router/firewall and access points is the way to go. You get the ability to upgrade and scale the WIFI portion as needed without having to redo/replace the router. Getting a ubiquity or mikrotik router should serve you well, being able to handle Gigabit or even multi Gigabit ISP connections. Price wise, it's not even more expensive compared to the higher-end consumer wifi all in one routers. Using dedicated router and separate WIFI APs was the best upgrade I ever did for myself, my parents, and sister's family.

Link to comment
40 minutes ago, JesterEE said:

I have never used a Mikrotik or looked at RouterOS.  I know the company has a good reputation with networking people but I always thought they were more pro than pro-sumer in pricing.  After looking at their website when you posted, I was surprised that they have some pretty affordable options geared toward a home consumer.  In your opinion, what sets the hardware and software apart from what companies ASUS and Netgear are offering?  Are the RouterOS features the same on all the hardware variants or does it scale up/down with hardware complexity/price-point?

 

I'd likely go with the router you recommended ... the features seems to be inline with what I want and the price is certainly right at <$75 USD!  I see they have an x86 image of RouterOS available.  I might try to spin it up in a VM and test out the interface.

i have no experience with ASUS or NETGEAR equipment, and yes, RouterOS are all the same for all hardware - it just depends on hardware which processes you can offload on hardware, and which ones are done by CPU. RouterOS is very rich on features on routing switching side.

if you would like to try ROS, yes they have and CHR images - see here: https://wiki.mikrotik.com/wiki/Manual:CHR

and it have 60 day trial version with unlimited speed interfaces. 

according to configuration - ROS have builtin web interface, but more recommended is their Winbox tool - can run it on Linux too.  

Link to comment
9 minutes ago, BRiT said:

Using separate router/firewall and access points is the way to go. You get the ability to upgrade and scale the WIFI portion as needed without having to redo/replace the router. Getting a ubiquity or mikrotik router should serve you well, being able to handle Gigabit or even multi Gigabit ISP connections. Price wise, it's not even more expensive compared to the higher-end consumer wifi all in one routers. Using dedicated router and separate WIFI APs was the best upgrade I ever did for myself, my parents, and sister's family.

i agree with you, but it all depends - i have a flat with three rooms and in this case all in one router like i mentioned before Mikrotik Hap AC2 works very well. But when you live in house with two floors then separate router like https://mikrotik.com/product/hex_s and several AP is a way to go. and you can always add one more AP, other than buy one super duper Wifi device.. 

  • Thanks 1
Link to comment

@JesterEE as mentioned by @jumperalex you might want to check out the Ubiquiti Dream Machine (UDM) as a good all-in-one alternative.  It's a middle ground between the inexpensive consumer grade routers and the more expensive separate networking component approach. It has VLAN and MU-MIMO support and a 4-core 1.7 GHz CPU for handling IDS/IPS/, DPI and other advanced features.

 

It is double ($299) the amount you said you wanted to spend, but, it does everything you were seeking in a combined router/firewall/controller, 4-port gigabit switch, and access point package (other than WiFi ax support).  It is a good introduction to the Ubiquiti UniFi ecosystem.

 

And here is an interesting read comparing several home networking options include the UDM, mesh systems and a traditional Netgear router.

Edited by Hoopster
  • Thanks 1
Link to comment
5 hours ago, uldise said:

and you can always add one more AP, other than buy one super duper Wifi device.. 

The problem with trying to extend coverage with a single super duper Wifi is that the radio communication is two way. Antenna gain at the AP end can only get you so much sensitivity, you also have to deal with the radio and antenna of the client. Sometimes it's just way more effective to add an AP to gain coverage.

 

The beauty of the Unifi AP setup is that you get single point management for all your AP's that just works, as long as you stay on the LT branch of the controller software.

Link to comment
6 hours ago, jonathanm said:

The problem with trying to extend coverage with a single super duper Wifi is that the radio communication is two way. Antenna gain at the AP end can only get you so much sensitivity, you also have to deal with the radio and antenna of the client. Sometimes it's just way more effective to add an AP to gain coverage.

 

The beauty of the Unifi AP setup is that you get single point management for all your AP's that just works, as long as you stay on the LT branch of the controller software.

by adding one more AP i mean connect it to a router/switch by CAT 5e/6 cable, so AP won't work as repeater on single radio.

and BTW Mikrotik has also centralized management called CAPsMan - you simply choose which device would be central manager and connect all other AP to this.

 

Link to comment

I also believe in separating Wifi and Router/Firewall if your budget allows. With $ 150 you are at the tipping point.

I would like to throw in the classic one-two-punch Ubiquiti EdgeRouter X ER-X together one Ubiquiti UniFi UAP AC Long Range UAP-AC-LR Access Point which would come in just little above your budget.

 

They do NOT work together via Unify, so you have to manage them separately, but you are also not immediately "sucked" into the Unify world and stay flexible.

The ER-X Router is a solid device and pretty inexpensive for what it can do. You can use a more powerful / less expensive MikroTik instead or a solution via Unraid. 

The UAP-AC-LR Access Point I would advice not for sending long range but rather because the improved antennas supposedly help with receiving signals from the client. And since it is only 20 bucks more then the Lite Version, one might as well...

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.