[BC] Internet Routers

Chris Gebhardt chris at virtbiz.com
Sat Nov 20 23:12:07 CST 2010 

radiowavesokc at gmail.com wrote:
>Dana:
>Do you have a list of recommended routers that a person should use? I'm getting tired of lousy routers, even for residential use. I'd like to find something that will work for years correctly, and provide no breakup issues in streaming (if the connection is acceptable of course).

I'm not Dana, but since I do deal with this from time to time <grin> I thought I'd chime in.  Whenever a customer shows up with whatever the $69 special was at Frys / MicroCenter / BestBuy etc, I know we're in for trouble.  They have very small backplanes and processors so they are not able to keep up with much load.  In an office or home environment that may be OK, but when they come to our datacenter to connect to a 100Mbps or Gigabit Internet uplink that we provide to them, those routers just prove themselves as junk.

You can't go wrong with the Cisco ASA line.  They are pretty well bullet-proof and the standard (for better or worse) by which all competitive products are judged.  In my experience (and we have about 100 of them running around the building) they're generally more stable than competing products, although I would say that Sonicwall runs a close 2nd place.

The small ASA is the ASA 5505.  It's a good little unit, makes a really good little firewall and has some basic VPN capability.   Then there's the 5510, which is its big brother, comes in a full 1U case, and is capable of much more robust transfer, enhanced rules, and much enhanced VPN connectivity (especially when augmented with the optional Security Plus package).   And of course there are other models as well, but past the 5510 you are really looking at something to run a campus or a very large Internet connection.   Expect to pay upwards of $350 for the 5505 and $1000+ for the 5510.

Got sticker shock yet?  Read on.  I have an alternative.

If you have an obsolete old PC and about 20 minutes, check out some of the free (Open Source) routing projects.  If you have even the most mediocre of old computers that has 2 or more NICs (Network Interfaces) on it then you've got the makings of a really great router.

Here are a couple of my suggestions:

SmoothWall Express
http://www.smoothwall.org/
Open source, Linux-based.  Very easy to install and set up.  Just drop the CD in the drive, let it install (it will wipe out whatever is on the hard drive, so make sure you're OK with that), answer the basic questions about your connection and it does the rest.   Then it will reboot as your new router and will be available via a web-based interface for you to configure.

pfSense
http://pfsense.org/
Open source, FreeBSD-based.  Also very easy to install.  Somewhat more involved to configure, but in my opinion also much more flexible depending on what you need it to do.   Installs the same way as Smoothwall Express above, but will take a bit more managing on the web-based interface once it's running so that you get all the right firewall rules specified.

We use Smoothwall on LAN connections with great results.  It is, again in my opinion, a bit easier to use especially for the novice.  We use Smoothwall, for example, on our business office LAN.

We will typically put pfSense in where we might otherwise use a Cisco ASA5510.  For example, on a larger network that may require more specialized rules.  pfSense is also somewhat more adept at creating IPSEC VPS, and in fact it is our defacto standard when interfacing with a remote site's ASA5510 (or better).  If you have multiple IP addresses on your connection (as we provide to nearly all of our customers) then you'll also enjoy pfSense's ability to make use of 1:1 NAT, or create port forwarding based on IP addresses.

My recommendation: if you're replacing a Linksys (or insert comparable brand name here) then try out Smoothwall.   pfSense is probably more than you need, and you really don't want more than you need.  You'll only be frustrated by the additional layers of complexity.

If you're looking to connect via VPN with other sites or you need some really fancy routing rules etc, try out pfSense.  Or if you just find that you're pretty quick at picking up on computer-related stuff.  Who knows, maybe you'll find you prefer pfSense.  But be forewarned that the learning curve may be much steeper!

I hope this helps somebody out.

Chris Gebhardt
VIRTBIZ Internet Services
chris at virtbiz.com | (972) 485-4125

More information about the Broadcast mailing list