|At a glance|
|Product||Ubiquiti EdgeMAX EdgeRouter Lite (ERLite-3) [Website]|
|Summary||Inexpensive wired-only router based on Vyatta code running on dual-core Cavium CPU|
|Pros||• Highly configurable (if you know what you're doing)|
• High performance for the price
|Cons||• GUI is still a work in progress|
• Throughput drops considerably with QoS enabled
• Does not come plug-and-play out of box
• Support via Ubiquiti Community forum only
Typical Price: $0 Buy From Amazon
Ubiquiti bills its EdgeMax routers as "Advanced Routing Technology for the Masses". Ubiquiti's six EdgeMax routers provide high speed packet forwarding (1-2+ million packets per second) with varying amounts of physical ports and Power over Ethernet (PoE) capability (depending on model) at low cost.
The EdgeOS operating system for EdgeMax routers is a fork of Vyatta 6.3, an open source, specialized, Debian-based Linux distribution. Vyatta has gone through many changes since, including purchase by Brocade, which recently sold it to AT&T. These transactions do not affect EdgeOS, because it is based on the open source vesion of Vyatta.
EdgeOS has a Graphical User Interface (GUI), intended to simplify configuration and an integrated Command Line Interface (CLI) "for convenient access to advanced functions". Tim's first look at the EdgeRouter Lite (ERLite) with EdgeOS v1.0.2 back in 2013 and my review of the EdgeRouter Pro with EdgeOS v1.4.0 in 2014 both concluded EdgeRouter performance was impressive, but ease of use was not.
Although EdgeOS is full-featured, many of those features required using the CLI, which put it beyond the skills of most consumer router shoppers. But with "gigabit"—or at least 500 Mbps+—internet service becoming more common in the U.S. and the ERLite's reputation for being both fast and cheap, we thought it was time to revisit whether the ERLite should still carry a "not for networking newbies" caveat.
In this review, I'm going to explore the ERLite with EdgeOS v1.9.1. Except for a switch to a metal case from plastic, hardware in the EdgeRouter Lite hasn't changed from our original review (Cavium dual-core CN5020 @ 500 MHz with 512 MB RAM). So I'll concentrate this review on the features and usability of EdgeOS v1.9.1. Since our router test process has evolved and become tougher, we'll also see whether the ERLite still earns its reputation as "gigabit" grade.
The EdgeOS User Guide has expanded from 57 pages for v1.4 to 104 pages for v1.9. Comparing the table of contents between the two shows updates include Traffic Analysis, VPN, and QoS. The below image of the EdgeOS dashboard, which is the main page once you log in, shows the configuration tabs (Dashboard, Traffic Analysis, Routing, Firewall/NAT, Services, VPN, QoS, Users, Config Tree, and Wizards) for EdgeOS v1.9.
The Wizards configuration tab is on the far right. I would have put it to the far left, as this is the first thing you're going to want to use to get the router up and running. The EdgeOS lists five Wizards to simplify initial setup:
- Basic Setup
- Load Balancing
- Load Balancing2
Each Wizard erases the router and sets up various port configurations and enables Network Address Translations (NAT) and the firewall with default settings. The EdgeOS user guide suggests the Basic Setup Wizard for typical Small Office Home Office (SOHO) deployments.
The EdgeRouter Lite has just three Gigabit Ethernet ports (eth0, eth1, and eth2). With the Basic Setup Wizard on the EdgeRouter Lite, eth0 is the Internet/WAN port used to connect to your ISP. Eth1 and eth2 are set up as LAN ports providing a DHCP server for 192.168.1.0/24 on eth1 and 192.168.2.0/24 on eth2. I used the Basic Setup Wizard for the remaining sections of this review.
The Load Balancing Wizard allows for equal load balancing between dual Internet/WAN connections. With the Load Balancing Wizard on the EdgeRouter Lite, eth0 is an Internet/WAN port used to connect to one Internet Service Provider (ISP) and eth1 is another Internet/WAN port used to connect to your second ISP. Eth2 is set up as a LAN port providing a DHCP server for 192.168.1.0/24. You can see the status of the eth0, eth1, and eth2 in the below image from the dashboard with the EdgeRouter Lite configured with the Load Balancing Wizard.
I tested the default Load Balancing setup with two different Internet connections by running a continuous ping from my PC to the Internet (ping 184.108.40.206 -t). I disconnected the Ethernet cable on the EdgeRouter Lite to the active Internet connection carrying the ping traffic and saw 11 missed pings before failover occurred and the pings were successful again. This default EdgeOS WAN failover is acceptable, but could be quicker. On other dual WAN routers I've tested (see LRT224 review,) I've seen failover occur in less than two pings. You can modify load balancing and/or tweak failover settings via the Config Tree menu of the EdgeOS (covered later) or if you venture into CLI configuration.
The Load Balancing2 Wizard is designed to be used with dual Wireless links (Wi-Fi bridges) and provides failover between them. I didn't test this Wizard.
The WAN+2LAN Wizard configures eth0 as a LAN port providing a DHCP server for 192.168.1.0/24, eth1 as the Internet/WAN port, and eth2 as a LAN port providing a DHCP server for 192.168.2.0/24. I tested this Wizard. Other than swapping eth0 and eth1, it doesn't appear the Basic Setup and WAN+2LAN Wizards are any different.
Last, the EdgeOS user guide says the Basic Setup and WAN+2LAN2 Wizards are the same, so I didn't test WAN+2LAN2. As a concluding thought on the EdgeOS Wizards, I think setup Wizards are a good idea, but it seems like Ubiquiti could simplify EdgeOS by getting rid of the redundant WAN+2LAN and WAN+2LAN2 options.
The Traffic Analysis menu in EdgeOS is a useful tool to view bandwidth use on your network. Ubiquiti uses Deep Packet Inspection (DPI) to measure traffic utilization and the applications generating the traffic. With this feature enabled by simply clicking Enable in the GUI, you can see real-time transmit and receive rates (bps) and total transmit and receive traffic volumes (bytes) by device, as well as the applications consuming that traffic on each device.
As you can see below, there are three devices connected to the EdgeRouter Lite. The top device with IP 192.168.2.21 (my PC) has generated traffic using SSL, QUIC, Twitter, Web, and Other. The middle device with IP 192.168.2.38 is an Access Point and the bottom device with IP 192.168.2.39 is an iPhone.
EdgeOS supports configuring static routes and OSPF routing protocols. RIP and BGP routing can be configured via the Config Tree or CLI only. I'm impressed the EdgeRouter Lite has the horsepower to support OSPF and BGP. But I didn't test them or other routing options, as they aren't are typically used in a SOHO network.
The EdgeOS Firewall/NAT menu (formerly the Security menu in EdgeOS 1.4) allows you to configure Port Forwarding, Firewall Policies, NAT, and Firewall/NAT Groups. Configuring Port Forwarding was easy with the EdgeOS GUI. I simply identified the WAN (eth0) and LAN (eth1) interfaces, the port (Remote Desktop Protocol [RDP] = port 3389) and the IP address of the PC (192.168.1.140) I wanted to access via Port Forwarding (screenshot below). Once the rule was enabled, I could RDP to my PC from outside the EdgeRouter Lite's LAN.
I was also able to configure a Firewall Policy to enable remote access to router administration, but I had to follow this Ubiquiti Community post, because it wasn't intuitive for me, nor is it explained in the EdgeOS user guide. The steps were pretty easy, but in a typical SOHO router, the steps to enable remote administration access are point and click.
The NAT menu allows for configuring source and destination NAT rules, which can be useful if you want to set up a static NAT rule to a specific device behind the EdgeRouter. Firewall/NAT groups are a tool to configure groups of IP addresses, IP subnets, or Layer 4 ports. These groups can then be used in configuring Firewall and NAT rules.
The Services menu configures DHCP servers, DNS, and PPPoE options. With only three physical Ethernet ports and at least one used for a WAN connection, a useful EdgeOS feature for the EdgeRouter Lite is support for 802.1Q VLAN tagging. Via the EdgeOS Dashboard menu, which isn't all that intuitive, you can add subinterfaces for VLAN support. Using the EdgeRouter's LAN interface eth1, I created interface eth1.77 to support VLAN 77, as shown below.
In the Services menu, I then created a DHCP server for VLAN 77 as shown in the below configuration screen.
I connected the EdgeRouter's eth1 to an 802.1Q capable switch port configured as a trunk supporting VLAN 1 and 77. Ports on the switch assigned to VLAN 1 got an IP from the EdgeRouter's DHCP server for VLAN 1 and ports on the switch assigned to VLAN 77 got an IP from the EdgeRouter's DHCP server for VLAN 77, validating the EdgeRouter properly applies VLAN tags. VLAN tagging is a useful feature on a router with only a few physical ports. Connecting the EdgeRouter Lite to an 802.1Q capable switch enables it to be the center of a much larger and more complex network.
Other options in the Service menu include DNS Forwarding and Dynamic DNS (DDNS), as well as configuring a PPPoE server.
In my previous review of the EdgeRouter Pro, I had to use the CLI for both PPTP and IPsec configurations. EdgeOS v1.9 has a configuration menu for PPTP, but it requires setting up a Radius Server for authentication, which is more hassle than I cared to try, and likely more hassle than most SOHO users would try as well.
To test PPTP on EdgeOS v1.9, I instead used the CLI commands listed in the instruction page. I found it was easier to use an SSH client like Putty to login to the EdgeRouter's CLI, then copy and paste the configurations from the instruction page directly into the CLI. You can also access the EdgeRouter's CLI via the GUI, but you can't paste configs, which is a limitation.
I applied my CLI configs via the commit command, added two firewall rules in the EdgeOS GUI per the instruction page using the same method for enabling remote access described previously, and was done setting up the EdgeRouter. I then set up my Windows PPTP client and was able to remotely access a PC on the EdgeRouter's LAN.
Another limitation of the EdgeOS GUI is it doesn't clearly display PPTP status. I had to resort to the CLI to show I had an active PPTP session (screenshot below).
PPTP VPN Status
EdgeOS v1.4 didn't have a GUI menu for IPsec Site-to-Site configuration, but v1.9 does. However, I was unable to get an IPsec Site-to-Site tunnel up and running using the EdgeOS v1.9 GUI, so I again resorted to the CLI. I followed the configurations here to create my configurations using AES-128 encryption and SHA-1 authentication, and was successful in setting up a tunnel between the EdgeRouter Lite and a Linksys LRT224. The EdgeOS does have a display for IPsec status, mysteriously placed in the Wizards menu. The screenshot below shows my active IPsec tunnel.
IPsec VPN Status
I ran a few throughput tests over the IPsec VPN tunnel between the LRT224 and the EdgeRouter Lite. It's important to note that Ubiquiti rates the EdgeRouter Lite IPsec VPN throughput at "around 220 Mbps." The LRT224 is considerably slower. In my review of the LRT224, I measured its peak IPsec throughput at 70.8 Mbps.
Using TotuSoft's LAN Speed Test client and server application, with a file size of 10 0MB, and two PCs running 64-bit Windows with their software firewall disabled, I measured peak throughput over the IPsec tunnel between the LRT224 and EdgeRouter Lite at 51.5 Mbps. This number is slower than I expected, but likely a reflection of the LRT224 and not the EdgeRouter.
QoS and Users
QoS options via EdgeOS v1.9 GUI include the ability to throttle upload and download bandwidth usage by interface, as well as by source/destination IP and application. To test this capability, I first ran a throughput test (again using the TotuSoft LAN Speed Test) from a PC connected to the EdgeRouter Lite's LAN to a PC on the EdgeRouter Lite's WAN. I measured peak throughput of 907 Mbps. I then configured a QoS rule, shown below, to limit bandwidth to 100 Mbps.
The QoS rule clearly worked, as peak throughout was now only 83.65 Mbps, as you can see in the below screenshot.
QoS Test Result
Lastly on feature menus, the User menu in EdgeOS is a simple menu for adding user names and passwords to allow users to log into the router and access the network remotely.
This menu option in EdgeOS is kind of hybrid between the EdgeOS GUI and the CLI. In this menu, you can view and change configuration options in a "tree" layout. For example, a portion of the QoS changes I applied above appear as below in the Config Tree menu.
I found the Config Tree menu an interesting way of trying to bring all the CLI options into the GUI, but at the same time, somewhat confusing.
Testing and analysis by Tim Higgins
I ran the ErLite through the Revision 10 process with v220.127.116.11 firmware loaded. If you buy an ERLite, make sure you upgrade. The sample I purchased from Amazon had v1.2.0 installed. v18.104.22.168's release notes say it has no new features from v1.9.1, just security fixes.
|Test Description||Ubiquiti EdgeRouter Lite|
|WAN - LAN Throughput (Mbps)||941|
|LAN - WAN Throughput (Mbps)||937|
|HTTP Score - WAN to LAN (%)||61.4|
|HTTP Score - LAN to WAN (%)||61.6|
|Bufferbloat Score- Down Avg.||522|
|Bufferbloat Score- Down Max.||6|
|Bufferbloat Score- Up Avg.||1011|
|Bufferbloat Score- Up Max.||725|
|CTF Score (%)||13|
Table 2: Routing performance summary
The WAN - LAN and LAN - WAN throughput benchmarks are the least meaningful, since most products can hit these numbers due to the common use of Cut Through Forwarding. The ERLite turned in typical values of 941 Mbps WAN-to-LAN and 937 Mbps LAN-to-WAN.
I compared the ERLite's HTTP scores against the ASUS RT-AC5300 and GT-AC5300; the previous highest-rankers for these benchmarks. The A and B benchmarks with smaller file sizes push routers the hardest. The ERLite holds its own against the much more expensive (> $300) RT-AC5300, which sports a Broadcom BCM4709C0KFEBG dual-core CPU @ 1.4 GHz. The winner of the bunch is the ASUS GT-AC5300, which runs on a Broadcom BCM4908 64 bit quad-core @ 1.8 GHz.
HTTP Score comparison
Plot key file size: [A] 2 KB, [B] 10 KB, [C] 108 KB and [D] 759 KB file
Bufferbloat uplink results were great, with the ERLite topping both average and and maximum charts. But three downlink tests I ran produced maximum results of 164, 1108 and 1057 ms. I used the lowest result for the Charts, which put the ERLite at the top of the Bufferbloat average downlink chart, but at the bottom of the maximum downlink chart. Still, with average delays of 1-2 ms, the ERLite has the least delay of any router tested with the Revision 10 process to date.
Finally, the Cut Through Forwarding tests showed the ERlite throughput takes a big hit when Smart queue QoS is engaged, slowing down to around 120 Mbps from 940. This landed the ERLite at the bottom of the CTF Score chart.
Ubiquiti is moving in the right direction by enhancing the EdgeOS and EdgeRouter Lite, but they still have far to go before I would be comfortable recommending the ERLite to the average router buyer. The Traffic Analysis tool is a step forward, but the EdgeOS GUI configurations and menus are still sometimes confusing, redundant and/or lacking intuitiveness. Further, I found that VPN and other configurations and status displays still require the CLI.
Overall, I still think the EdgeRouter Lite is a pretty interesting router with many features and impressive throughput. At still below 100 bucks, it certainly is priced to appeal to the masses. But it still earns our "not for networking newbies" warning.