Highest Throughput Dual WAN router?

[jackycar]

Hi all. Currently using Cisco RV340 load balancing a 1gbps Viewqwest and 500mbps m1 connection.

Was all working fine until I added a 2nd torrent seedbox to the setup. A Synology NAS, on top of my Intel NUC seedbox.

Now cpu usage constantly hits 100% and my house internet goes on and off.

For full disclosure, this setup goes through to a Netgear Orbi RBK852 mesh wifi with 3 separate satellites

I love this cisco, if not for this 100% cpu usage issue, and the fact the overall throughput is limited at 933mbps, which defeats the purpose of load balancing 1.5gbps of WAN altogether.

I'd like to ask. What's the fastest dual wan router out there on the market now for my requirement? Hopefully with load balancing as well as I don't wanna "waste" my secondary WAN connection

Would it be the Unifi Dream Machine Pro? Or Edgerouter? Which model has better performance?

 

[firesong]

Hi all. Currently using Cisco RV340 load balancing a 1gbps Viewqwest and 500mbps m1 connection.

Was all working fine until I added a 2nd torrent seedbox to the setup. A Synology NAS, on top of my Intel NUC seedbox.

Now cpu usage constantly hits 100% and my house internet goes on and off.

For full disclosure, this setup goes through to a Netgear Orbi RBK852 mesh wifi with 3 separate satellites

I love this cisco, if not for this 100% cpu usage issue, and the fact the overall throughput is limited at 933mbps, which defeats the purpose of load balancing 1.5gbps of WAN altogether.

I'd like to ask. What's the fastest dual wan router out there on the market now for my requirement? Hopefully with load balancing as well as I don't wanna "waste" my secondary WAN connection

Would it be the Unifi Dream Machine Pro? Or Edgerouter? Which model has better performance?

Would you consider building your own pfSense box? That way you can have as high performance as desired - just increase the RAM and processor capability as needed.

https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/

 

[jackycar]

Would you consider building your own pfSense box? That way you can have as high performance as desired - just increase the RAM and processor capability as needed.

https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/

Scared to do that. That's why I went with Cisco initially.. Easy GUI..

 

[xiaofan]

Hi all. Currently using Cisco RV340 load balancing a 1gbps Viewqwest and 500mbps m1 connection.
Was all working fine until I added a 2nd torrent seedbox to the setup. A Synology NAS, on top of my Intel NUC seedbox.
Now cpu usage constantly hits 100% and my house internet goes on and off.
For full disclosure, this setup goes through to a Netgear Orbi RBK852 mesh wifi with 3 separate satellites
I love this cisco, if not for this 100% cpu usage issue, and the fact the overall throughput is limited at 933mbps, which defeats the purpose of load balancing 1.5gbps of WAN altogether.
I'd like to ask. What's the fastest dual wan router out there on the market now for my requirement? Hopefully with load balancing as well as I don't wanna "waste" my secondary WAN connection
Would it be the Unifi Dream Machine Pro? Or Edgerouter? Which model has better performance?

UDM Pro does not even support Dual WAN Load Balancing.

You may want to give pfSense a try. You can read the posts from Brother TanKuanW.

 

[Mach3.2]

Scared to do that. That's why I went with Cisco initially.. Easy GUI..

You also configure pfsense with a GUI, it's basically like a normal router on steroids.

How powerful it is, depends on what hardware you throw at it. I'm running mine as a VM on a i7 4770 machine with 4 cores allocated, and it can comfortably route 1Gbps+ of iperf traffic the last time I checked. Will probably get better performance if I run it bare metal.

 

[jackycar]

UDM Pro does not even support Dual WAN Load Balancing.

You may want to give pfSense a try. You can read the posts from Brother TanKuanW.

Aware of That. Super wasted UDM Pro don't have load balancing else it'd be perfect. Nice GUI awesome specs.

Really no other more user friendly options other than pfsense? I don't mind paying more for ease of use. Reason is time is scarce and I don't wanna troubleshoot too much

 

[xiaofan]

Aware of That. Super wasted UDM Pro don't have load balancing else it'd be perfect. Nice GUI awesome specs.

Really no other more user friendly options other than pfsense? I don't mind paying more for ease of use. Reason is time is scarce and I don't wanna troubleshoot too much

pfSense is really user friendly, in fact I feel it is much easier to use than Asus or OpenWRT, if you want to do more advanced stuff.

 

[TanKianW]

Aware of That. Super wasted UDM Pro don't have load balancing else it'd be perfect. Nice GUI awesome specs.

Really no other more user friendly options other than pfsense? I don't mind paying more for ease of use. Reason is time is scarce and I don't wanna troubleshoot too much

Actually I don't know where you get the info that you need to "trouble-shoot too much". Maybe you are intimidated by my lengthy pfsense thread! Hah.

The thread kind of "add up" over a period of time, as the users become more and more advanced. The video tutorial on the first page is still easy to follow.

There are so many "self-proclaimed network noobs" that shared with me their success stories with pfsense, you can even find a few on my thread. So I will assume most who overcome the obstacle to give it a try, will surely be able to get it up and running in no time. For the less confident users, it even comes with an initial set up wizard.

Another solution is to limit the (P2P) torrenting peers and seeder slots, to prevent your network traffic getting congested with the DL/UL. Then no need to change anything at your side.

OR you can look for @mrkiasu to see what kind of consumer solution he could offer you.​

 

[jackycar]

Actually I don't know where you get the info that you need to "trouble-shoot too much". Maybe you are intimidated by my lengthy pfsense thread! Hah.

The thread kind of "add up" over a period of time, as the users become more and more advanced. The video tutorial on the first page is still easy to follow.

There are so many "self-proclaimed network noobs" that shared with me their success stories with pfsense, you can even find a few on my thread. So I will assume most who overcome the obstacle to give it a try, will surely be able to get it up and running in no time. For the less confident users, it even comes with an initial set up wizard.

Another solution is to limit the (P2P) torrenting peers and seeder slots, to prevent your network traffic getting congested with the DL/UL. Then no need to change anything at your side.

OR you can look for @mrkiasu to see what kind of consumer solution he could offer you.​

interesting.

which model specifically would u recommend for PFSENSE? will consider giving it a go.

 

[HexenHeretic]

Just want to share my experience here.

I bought a 2nd hand i5 4590 mini pc and a dual port NIC some years back to try out pfsense, full setup via GUI only without issues.
There's some learning curve compared to the consumer ASUS and maybe UniFi, but took a less than a day to fully familiarize.
Took a couple more days to fully setup my Snort rules and that's about it.

I'm running dual WAN failover, main on VQ 1Gbps and failover to M1 500Mbps, 1x synology NAS that was setup as a VPN controller and torrent box, some occasional torrenting on PC.
Don't think I've ever seen CPU usage on the pfsense going past 50% even with the Snort IPS/IDS and torrenting. Don't think UDM or UDM Pro can even beat this CPU usage.

I've later offloaded the torrenting to an offsite seedbox after I've 2 drives that wore out in 3years in my synology.

 

[TanKianW]

interesting.

which model specifically would u recommend for PFSENSE? will consider giving it a go.

I am not sure how "heavy" your torrent/seed load could get, which could vary quite a bit among different users. And I know heavy torrent load can really stress the network out.

You can visit the pfSense thread to consider the various options (A, B or C). For users with higher workload, I do recommend a system with dedicated NIC card. A proper Dual-WAN set up, will need at least 4x 1G ports (2 for WAN, 2 for LAN) and a managed switch.

https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/

*As a reference, I do hit 30-40% CPU load when my max combined (torrent) DL speed came close to ~850Mbps with max global connections set at 10k. This is with IDS/IPS and pfblocker filter all on. And I could still surf the internet with ease, with other family members still watching streaming without hiccups. My set up can also be found on my pfSense thread.

For your use case, I will go with a Dual-WAN + VLAN set up. Where 1 (ISP) WAN was mapped to a VLAN used for torrenting, servers or yourself, another (ISP) WAN mapped to VLANs used by other family members (Eg. kids pc, mobile devices, wifi). Then set for each WAN to fail over (the other) when either one is down. In this way, you get to use "both" ISP at one time and also achieve fail-over. Something like this:

*Ignore the yellow square (Recycled image)

Eg. main LAN on WAN_01, Mobile VLAN on WAN_02:

 

[hwzlite]

@jackycar fyi/a on Critical Cisco Bugs Open VPN Routers to Cyberattacks

 

[jackycar]

I am not sure how "heavy" your torrent/seed load could get, which could vary quite a bit among different users. And I know heavy torrent load can really stress the network out.

You can visit the pfSense thread to consider the various options (A, B or C). For users with higher workload, I do recommend a system with dedicated NIC card. A proper Dual-WAN set up, will need at least 4x 1G ports (2 for WAN, 2 for LAN) and a managed switch.

https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/

*As a reference, I do hit 30-40% CPU load when my max combined (torrent) DL speed came close to ~850Mbps with max global connections set at 10k. This is with IDS/IPS and pfblocker filter all on. And I could still surf the internet with ease, with other family members still watching streaming without hiccups. My set up can also be found on my pfSense thread.

For your use case, I will go with a Dual-WAN + VLAN set up. Where 1 (ISP) WAN was mapped to a VLAN used for torrenting, servers or yourself, another (ISP) WAN mapped to VLANs used by other family members (Eg. kids pc, mobile devices, wifi). Then set for each WAN to fail over (the other) when either one is down. In this way, you get to use "both" ISP at one time and also achieve fail-over. Something like this:

*Ignore the yellow square (Recycled image)

Eg. main LAN on WAN_01, Mobile VLAN on WAN_02:

Wow this looks amazing!! 10k max connections on torrents??
For dual wan with load balancing would vq and m1 work together? I'm using vq 1gbps and m1 500mbps. With this setup I can max out the total 1.5gbps?

Currently my cisco can do load balancing but can't even go over 1gbps.

For pfsense I have to build a rig for it?any builders or off the shelf offerings for your setup?

 

[jackycar]

Just want to share my experience here.

I bought a 2nd hand i5 4590 mini pc and a dual port NIC some years back to try out pfsense, full setup via GUI only without issues.
There's some learning curve compared to the consumer ASUS and maybe UniFi, but took a less than a day to fully familiarize.
Took a couple more days to fully setup my Snort rules and that's about it.

I'm running dual WAN failover, main on VQ 1Gbps and failover to M1 500Mbps, 1x synology NAS that was setup as a VPN controller and torrent box, some occasional torrenting on PC.
Don't think I've ever seen CPU usage on the pfsense going past 50% even with the Snort IPS/IDS and torrenting. Don't think UDM or UDM Pro can even beat this CPU usage.

I've later offloaded the torrenting to an offsite seedbox after I've 2 drives that wore out in 3years in my synology.

This is awesome. Can I ask why u run failover instead of load Balancing?

 

[TanKianW]

Wow this looks amazing!! 10k max connections on torrents??
For dual wan with load balancing would vq and m1 work together? I'm using vq 1gbps and m1 500mbps. With this setup I can max out the total 1.5gbps?

Currently my cisco can do load balancing but can't even go over 1gbps.

For pfsense I have to build a rig for it?any builders or off the shelf offerings for your setup?

"Set" at 10k. You no need to hit 10k in order to achieve your max DL speed.

I am not sure with VQ. I managed to get load balancing set up on M1+MR (static IP) and ST+MR (static IP).

You will hit >1G from "running tests/benchmarks". Realistically, you will only hit >1G on combined usage. (Eg. My kids using M1 for netflix streaming, I'm using VQ for DLing). I have never hit >1G (max~850Mbps) on a single P2P box (unless doing 2 different tasks/connections at a single time). But with two P2P devices, I will hit a combined usage of >1G. Take note that your bottleneck will also be at your devices side, if it is only at 1G.

I believe your Cisco router is using 1G for downstream LAN, thus can't go >1G on client (receiving) side.

You can build your own pfSense box (mini pc) OR check out Page 1 of my pfSense thread on the other Options.

*Any further questions on pfSense feel free to ask on the pfSense thread.​

 

[HexenHeretic]

This is awesome. Can I ask why u run failover instead of load Balancing?

4 reasons:

1) lazy to setup and test load balancing

2) even if I did setup load balancing, it's not like I can test or get above 1Gbps anyway.
My LAN cables and devices/clients/routers/switches are limited to 1Gbps, so what's the point?

3) I hardly maximize 500Mbps on my combined normal usage even with seeding my torrents

4) rather to use the processing power on IDS/IPS where the benefits can be seen rather than load balancing where I can hardly get any due to 3)

 

[jackycar]

4 reasons:

1) lazy to setup and test load balancing

2) even if I did setup load balancing, it's not like I can test or get above 1Gbps anyway.
My LAN cables and devices/clients/routers/switches are limited to 1Gbps, so what's the point?

3) I hardly maximize 500Mbps on my combined normal usage even with seeding my torrents

4) rather to use the processing power on IDS/IPS where the benefits can be seen rather than load balancing where I can hardly get any due to 3)

Can you help a noob understand how one can see the benefits of IDS IPS? With the sheer number of connections on torrent won't it clash?

 

[HexenHeretic]

Can you help a noob understand how one can see the benefits of IDS IPS? With the sheer number of connections on torrent won't it clash?

I'm not sure if I can explain it properly or correctly, I think it's better to ask this from the others in the pfsense thread.

Personally, I think IPS/IDS itself IS the benefit of using pfsense.
I'm not sure if the consumer routers nowdays have it or not, but I doubt so.
UniFi UDM series have it, but hits severely on router performance from what I last read a few years ago.

IPS/IDS, Intrusion Prevention System and Intrusion Detection System, has 2 options on pfsense I think? Snort and something else that I forgot.
It is something like a "smart" detection of suspicious traffic + personalized firewall rules kind of thing.
I don't know how it detects the suspicious traffic part, but it catches alot of these "suspicious" traffic everyday.

My opinion is that you use it if you need it.
Reason being the learning curve is fairly high if you don't know what it does and/or how to implement, and there's alot of maintenance for a few months on the rules. I think I still do maintenance on the rules once every 2-5 months to date?

My own main use case is that I can connect directly to my Synology NAS directly using IP address without going thru use of VPN, this is restricted to my office's IP address only and blocks out all other external IP addresses from any attempts to connect.
I also use it to block attempted VPN connections that does not belong to certain mobile telco or from my office's ip address.
Think I also block my IP cameras from communicating out to WAN.

 

[loganrunning]

Can you help a noob understand how one can see the benefits of IDS IPS? With the sheer number of connections on torrent won't it clash?

layman's perspective. it helps to block malware, links to malware sites, and drive-by installations, especially when you have users who are wilfully living on the edge lol.

the analogy is when you use advert and pop-up blockers. you get used to the calmer environment quickly. when you disable those features, or use a device without that protection, you are rudely reminded of what you left behind.

as for the wilful users (usually teenagers or young adults lol), just show them the list of "naughty sites" associated with their machines. up to you as network owner, on what to do next

 

[jackycar]

layman's perspective. it helps to block malware, links to malware sites, and drive-by installations, especially when you have users who are wilfully living on the edge lol.

the analogy is when you use advert and pop-up blockers. you get used to the calmer environment quickly. when you disable those features, or use a device without that protection, you are rudely reminded of what you left behind.

as for the wilful users (usually teenagers or young adults lol), just show them the list of "naughty sites" associated with their machines. up to you as network owner, on what to do next

Understood now thanks!