The TL-ER6020 has numerous options for managing traffic on a network. In addition to dual WAN options and a configurable dedicated DMZ interface, the TL-ER6020 supports VLANs, bandwidth controls, port mirroring, functions as an Application Layer Gateway (ALG), as well as several other networking features. Lacking, however, is support for IPv6.
The TL-ER6020 supports port-based VLANs, but not 802.1q based VLANs. With port-based VLANs, each physical LAN port can be assigned to one of three VLANs. Devices connected to LAN ports assigned to different VLANs are not able to pass traffic to/from each other. This provides a simple way to segregate traffic.
Bandwidth utilization by device can be controlled with port-based rate controls or by IP address. I found the port-based rate controls effective and easy to set up.
In the screenshot below, I set up a 1 Mbps ingress and egress rate limit on port 3, which is LAN port 1. As you can see in the screenshot, before I set up the rate limit, my bandwidth was 129 and 117 Mbps. After I set up the rate limit, my bandwidth was 989 and 977 kbps.
Bandwidth limit test
Another feature of note on the TL-ER6020 is the ability to perform ingress and egress port mirroring between all the ports on the router. For troubleshooting purposes, I find the ability to run a packet capture on all interfaces useful.
The TL-ER6020 enables ALG functionality by default for FTP, H.323, SIP, IPsec, but each can be easily disabled. ALGs typically modify Layer 5 headers to match Layer 3 headers as packets are translated from private to public IP addresses. In some circumstances, ALGs can improve functionality for these applications.
An interesting feature for a network administrator is the E-Bulletin feature. This allows posting a message to internal users on an ad hoc basis, continuous interval or during a specific time frame. I created the sample message shown below to test this feature. The message is presented when users try to surf or access the Internet. Users simple click “Continue” once they've read the message and they then go to their desired website.
E-Bulletin example message
Routing throughput was measured running 1.0.0 Build 20120807 Rel.34348 firmware, using our router test process. The TL-ER6020's throughput numbers come pretty close to TP-LINK's product ratings of 180 Mbps NAT throughput and 30,000 concurrent sessions.
We measured WAN-LAN throughput at 162 Mbps, LAN-WAN throughput at 157 Mbps, total throughput at 162 Mbps and maximum connections at 29,990. These numbers put the TL-ER6020 above most of the other VPN routers I've tested, shown in Table 3 below, but behind the Cisco RV180 and RV220W, which both produce throughput numbers north of 700 Mbps.
|Product||WAN - LAN Throughput (Mbps)||LAN - WAN Throughput (Mbps)||Total Simultaneous Throughput (Mbps)||Maximum Simultaneous Connections|
Table 3: Routing throughput summary and comparison
The composite IxChariot plot of our three routing tests below (WAN-LAN, LAN-WAN, Total) shows very low throughput variation.
IxChariot routing throughput summary
I also used iperf to get another measure of TCP router throughput and got WAN-LAN throughput at 127 Mbps and LAN-WAN throughput at 110 Mbps.
If you're connecting the WAN port(s) on the TL-ER6020 to an ISP connection of 100 Mbps or less, your Internet throughput will be limited by your ISP, not the router. So, for a gateway router, the TL-ER6020's throughput capability should be more than sufficient.
I was intrigued to discover the TL-ER6020 has a 600 MHz CPU. As mentioned previously, I observed the menus and application of configurations on the devices to be quite fast. I went back and looked at the CPU speeds, as well as a few key details on previously tested VPN routers and included that data in the Table 4 below.
|Product||CPU||IPsec tunnels||WAN ports||VLANS||WLAN||Price*|
|TL-ER6020||Cavium 600 MHz||50||2||3 (port based)||N||$127|
|Cisco RV180||Cavium 300 MHz||10||1||4||N||$114|
|Cisco RV120W||Cavium 300 MHz||10||1||4||Y||$122|
|Cisco RV220W||Cavium 400 MHz||25||1||16||Y||$227|
|Cisco RV042||Cavium 300 MHz||50||2||0||N||$116|
|Draytek 2920||Infineon 266 MHz||32||2||0||N||$207|
|NETGEAR SRX5308||Cavium 700 MHz||125||4||254||N||$358|
|NETGEAR FVS318N||Cavium 300 MHz||12||1||64||Y||$140|
|Zyxel VFG6005||MIPS 348 MHz||32||1||0||N||$98|
|TrendNET TW100-BRV214||Realtek RTL8196 (? MHz)||80||1||0||N||$69|
Table 4: VPN router comparison
*Prices from PriceGrabber as of 1/2/13.
As you can see in Table 4, only the much more expensive NETGEAR SRX5308 has a more powerful CPU. Now, the CPU is only one element in a router and other components can also contribute to performance. Still, it's nice the TL-ER6020 has the horsepower under the hood.
The first of the two beefs I have with the TL-ER6020 is its lack of IPv6 support. IPv6 isn't an issue for me now and more of a future-proofing concern. But with wider deployment of IPv6 finally happening in the U.S. and already common elsewhere, it's a surprising omission for an otherwise very capable small business router.
My second concern is the lack of 802.1q VLAN tag support. I prefer 802.1q VLANs over port-based VLANs because VLAN tagging allows greater flexibility to extend VLANs to other switches as a network grows.
Even with these two issues, I came away impressed with the TP-LINK TL-ER6020. The Cisco RV042 is the closest dual WAN VPN router in price, coming in a little lower at $116 compared to $127 for the TL-ER6020. Yet the RV042 has only 10/100 ports compared the TL-ER6020's 10/100/1000 ports. (For more money, you can opt for the RV042G with Gigabit ports for $182.)
I've tested TP-LINK's TL-SG2216 switch and now its TL-ER6020 Dual WAN VPN router. I found both devices performed well and are reasonably priced. Watch your back, Cisco and NETGEAR! TP-LINK looks like it's coming for you in the small business networking market.