Suggestions on a VPN Solution

scottalanmiller

VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.

JaredBusch

Use an ERL at both sites, not an ER8, you have zero need for anything like that.

Do not use the ERX, without a console port, you lose troubleshooting.

If you want switch ports on your router, then go with the ERPoE.

scottalanmiller

I agree, once we dug into it, the ERL sounds like the right solution. Two ERLs are dirt cheap and an upgrade from what is there now, too. Solid site to site solution.

JaredBusch

@scottalanmiller said in Suggestions on a VPN Solution:

VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.

That is an over broad assumption, but is generally a solid assumption.

If it is a locally installed application that just connects to the database at the main site, it will work great.

If it is a application launched form a shared drive, it will likely run like shit.

jrc

@JaredBusch said in Suggestions on a VPN Solution:

@scottalanmiller said in Suggestions on a VPN Solution:

VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.

That is an over broad assumption, but is generally a solid assumption.

If it is a locally installed application that just connects to the database at the main site, it will work great.

If it is a application launched form a shared drive, it will likely run like shit.

It is a locally installed application that connects to a DB at the main site (running on the SBS server).

Is there a comprehensive list of the differences between an ER8, ERL and ERLX somewhere? Ubiquities site is not too clear on this.

JaredBusch

@jrc said in Suggestions on a VPN Solution:

@JaredBusch said in Suggestions on a VPN Solution:

@scottalanmiller said in Suggestions on a VPN Solution:

VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.

That is an over broad assumption, but is generally a solid assumption.

If it is a locally installed application that just connects to the database at the main site, it will work great.

If it is a application launched form a shared drive, it will likely run like shit.

It is a locally installed application that connects to a DB at the main site (running on the SBS server).

Is there a comprehensive list of the differences between an ER8, ERL and ERLX somewhere? Ubiquities site is not too clear on this.

Their data sheet clearly lists all of the models.
https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf

JaredBusch

@jrc Seriously, you only want to look at an ERL. Your router should not be your switch also.

So buy a pair of ERL, upgrade the firmware to 1.9.1, run the first run wizard, create VPN tunnel.

JaredBusch

jrc

@JaredBusch said in Suggestions on a VPN Solution:

@jrc Seriously, you only want to look at an ERL. Your router should not be your switch also.

So buy a pair of ERL, upgrade the firmware to 1.9.1, run the first run wizard, create VPN tunnel.

I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store. Plus the price on them is not bad, $280 or so.

But I can see your point about just using the ERL and be done with it. So that may be the way we go when it comes down to it.

scottalanmiller

@jrc said in Suggestions on a VPN Solution:

I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store.

This doesn't make sense like you think that it does.

• The ERL does a million pps, that's equivalent to a $3,000 Cisco enterprise router. You don't need more than that, your little shop can't even think of being able to use that. Paying for more is 100% wasted. There is just no way that you need anywhere near what this can provide. The ERL will handle so many branches, so many users.... you'll be building new buildings all over the place before you need to think of replacing that for speed reasons.
• The ER-X has the switch, not the ER8.
• The ER8 is an eight port router, this is "real gear", don't think of it in Netgear terms. Those are not switch ports.
• Wanting to use the router as a switch conflicts with your goal to overbuy and have so much power. Good practice is to have them be separate. There is a reason that only the entry level ERX includes a switch and the serious router options do not.

JaredBusch

@jrc said in Suggestions on a VPN Solution:

@JaredBusch said in Suggestions on a VPN Solution:

@jrc Seriously, you only want to look at an ERL. Your router should not be your switch also.

So buy a pair of ERL, upgrade the firmware to 1.9.1, run the first run wizard, create VPN tunnel.

I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store. Plus the price on them is not bad, $280 or so.

But I can see your point about just using the ERL and be done with it. So that may be the way we go when it comes down to it.

The ER8 does not have switching capabilities.

If you do need a switch, buy a dumb one. A place like you are discussing has no need for a managed switch. I mean it would be nice, but is completely unnecessary.

You can pick up the Tenda 5 and 8 port gigabit switches for $20.

JaredBusch

The ER8 is more powerful than the ERL the names explain that.

EdgeRouter vs EdgeRouter LITE.

That said you don't need 1million packets per seconds which is what the ERL can do.

jrc

@scottalanmiller said in Suggestions on a VPN Solution:

@jrc said in Suggestions on a VPN Solution:

I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store.

This doesn't make sense like you think that it does.

• The ERL does a million pps, that's equivalent to a $3,000 Cisco enterprise router. You don't need more than that, your little shop can't even think of being able to use that. Paying for more is 100% wasted. There is just no way that you need anywhere near what this can provide. The ERL will handle so many branches, so many users.... you'll be building new buildings all over the place before you need to think of replacing that for speed reasons.
• The ER-X has the switch, not the ER8.
• The ER8 is an eight port router, this is "real gear", don't think of it in Netgear terms. Those are not switch ports.
• Wanting to use the router as a switch conflicts with your goal to overbuy and have so much power. Good practice is to have them be separate. There is a reason that only the entry level ERX includes a switch and the serious router options do not.

Perfect! That is the explanation I needed. ERL it is, and I had always planned on pairing the ERL with an 8 port gigabit dumb switch at the satellite location.

JaredBusch

@scottalanmiller typing the better answer while I was on the shitter...

Dashrender

@JaredBusch said in Suggestions on a VPN Solution:

Do not use the ERX, without a console port, you lose troubleshooting.

While this is true, I don't think it's a real problem. If you have to go for console access, you have to go onsite anyway - then just reset it and restore the settings from your backup. I wouldn't worry about trouble shooting in this cost range.

JaredBusch

@Dashrender said in Suggestions on a VPN Solution:

@JaredBusch said in Suggestions on a VPN Solution:

Do not use the ERX, without a console port, you lose troubleshooting.

While this is true, I don't think it's a real problem. If you have to go for console access, you have to go onsite anyway - then just reset it and restore the settings from your backup. I wouldn't worry about trouble shooting in this cost range.

The ERX is not something I would use in a business. It works great for a home office but not for a business.

Carnival Boy

Why not?

Dashrender

@Carnival-Boy said in Suggestions on a VPN Solution:

Why not?

Other than the console port - which I don't personally agree with, I'm also curious why you don't like the ER-X in business? It's half the cost of the ERL.

coliver

They also have an ER-X now that has a SFP port which I thought was interesting.

coliver

But I think the big one is that you don't want your firewall to handle switching. You should have an independent dedicated switch for that task.