|At a Glance|
|Product||Cradlepoint Mobile Broadband N Router (MBR900)|
|Summary||"Affordable" 3G/4G Router with 802.11n Wi-Fi|
|Pros||• Supports wide range of 3G / 4G USB modems
• 100 Mbps wirespeed routing
• No-subscription content filtering (OpenDNS)
|Cons||• Configuration requires frequent reboots
• 10/100 ports
• Unimpressive Wi-Fi performance
Cradlepoint is a relatively new company to small networking. Founded in 2004 and headquartered in Boise, ID, Cradlepoint specializes in routers that share a 3G/4G connection. Part of Cradlepoint's “secret sauce” is what they call “WiPipe,” a technology built into all their mobile broadband routers. WiPipe is really a collection of technologies, for which Cradlepoint has applied for 27 patents.
Cradlepoint summarizes the value of WiPipe technology in eight different areas: robust yet simple functionality, optimized 3G/4G modem drivers, load balancing over multiple 3G/4G connections, best in class QoS, WAN to WWAN (wireless wide area network) automatic failover, VPN functionality, Security and Filtering, and WLAN (wireless LAN = Wi-Fi) performance.
I'm going to look at the MBR900, which has a single 3G/4G USB modem port, a 2.4 GHz 802.11n wireless radio, a 10/100Mbps WAN port and 4 10/100Mbps LAN ports. With the exception of multiple 3G/4G connections and VPN tunnels, the MBR900 supports all of the WiPipe technologies.
The device is enclosed in a bright white plastic case and is a small desktop size, measuring 8”W x 6”D x 1.2”H. It is passively cooled and silent. The front of the device has its Ethernet port and status indicator lights, shown in Figure 1.
Figure 1: MBR900 front panel
The MBR900 has a power connector and switch, a 10/100 WAN port, 4 10/100 LAN ports, and its wireless antennas on the back of the device, shown in Figure 2.
Figure 2: MBR900 rear panel
Inside the case is the motherboard shown in Figure 3. The CPU is a 200Mhz Ubicom IP5100U. Other construction details can be found in Tim's New to the Charts article.
Figure 3: MBR900 board
What makes the MBR900 different is its support for 3G/4G USB Modems. There is a USB port on the side of the device for connecting a wide array of WWAN (wireless wide area network) modems from various carriers. In Figure 4, you can see a Virgin Mobile 3G Modem (Ovation MC760 by Novatel Wireless) connected to the side of the MBR900.
Figure 4: MBR900 with USB modem
When I look at the menus of the MBR900, I get a sense of déjà vu. Cradlepoint and D-Link have very similar menu structures. Tim mentions in the New to the Charts article that the CPU on the MBR900 is the same as the CPU in the Dlink DIR-628. When you take a look at their menus, you see they share more than just hardware.
Figure 5 shows a screen shot of the status page from the MBR900 on the left and the status page from the DIR-628 on the right. Other than slight color differences, they are nearly identical in content, layout, and functionality.
Figure 5: MBR900 vs. D-Link DIR-628 admin screens
As the menu structure is so similar to common D-Link devices, I found the MBR900 quite easy to configure. There are 6 menus across the top, with 4-15 submenus, listed in Table 1.
Table 1: MBR900 Admin menu tree
The Help menu, shown in the far right column, doesn't have any submenus listed. However, clicking the help menu produces a complete set of documentation for all the MBR900's configurations, organized in the same manner as the GUI.
One configuration weakness, though, is that many changes to the router require a reboot. Changing the settings for time, changing the firewall to allow ping from internet, setting up email information to send logs, selecting the option for new firmware notification, and enabling/disabling web content filtering are examples of configurations that require a reboot of the router. Fortunately, reboots are relatively quick, taking between 40-60 seconds to complete.
WAN and WWAN
The MBR-900 has two WAN interfaces. The primary WAN interface is an RJ45 port that can be connected to a Cable, DSL, or other Ethernet based connection. It supports standard DHCP connections, as well as Static IP, PPPoE, L2TP, and PPTP connections.
I tested the MBR900 on my DSL connection and ran a speed test on speedtest.net showing my DSL runs at 12.61Mbps down and .65Mbps up, which is the typical speed for my DSL service.
The secondary WAN interface is a USB port for connecting to a 3G/4G USB modem. The MBR900 supports a huge list of current 3G/4G modems, which you can see on the supported devices section of the MBR900 product page.
I used a Virgin Wireless Novatel MC760 USB modem with VM's BroadBand2Go prepaid service for my testing. Setting up the USB modem on the MBR900 was plug and play. I didn’t configure a thing, and didn’t have to power cycle the router. Detection and configuration of the modem was automatic.
Further, I found that I could simply insert and remove the USB modem without power cycling or rebooting the router. As you can see in Figure 6, the MBR900 accurately detected the make and model and enabled the modem. Note that I had to handle account setup and data purchase before connecting the modem to the MBR900.
Figure 6: MBR900 WWAN modem detection
To test the MBR900’s USB modem performance, I ran multiple speed tests to speedtest.net. First, I directly connected the modem to my laptop and ran the speed tests. Then, I connected the modem to the MBR900 and ran the same speed tests to see if there were any significant differences in throughput over the router and laptop.
As noted in a Cradlepoint whitepaper on WiPipe, “mobile environment(s) change from session to session,” so I ran multiple tests and reported the average numbers in Table 2 below. My average download speed with the modem and my laptop was 747kbps and average upload was 392kbps. My average download speed with the modem connected to the MBR900 was 740kbps and average upload was 320kbps.
|Download (Kbps)||Upload (Kbps)|
Table 2: 3G throughput
The results from speedtest.net varied dramatically from test to test, more than they did on my DSL line, validating Cradlepoint’s comment about how the mobile environment can change with each session. I suspect that if I continuously ran the tests on my laptop and the MBR900, the averages for both would have been nearly identical.
The MBR900 performs an upload speed estimation on the WAN interface when the automatic traffic shaping option is enabled. (I’ll describe this option more in the QoS section.) Unfortunately, the MBR900 inaccurately reported my DSL upload speed at 1518kbps and my USB Modem’s upload speed at 4215kbps, so I wouldn’t rely on the MBR’s link measurements.
In real world use, I found Internet surfing via the MBR900 over both my DSL connection and the 3G USB modem to be quite smooth. Obviously, I had better performance over the faster DSL connection, but my experience over the 3G USB modem seemed reasonable.
The default configuration is for the primary interface to carry all outbound traffic, with the secondary interface to be a backup in case the primary fails. The MBR900 can be used with only a Cable or DSL Internet connection, only a 3G/4G modem, or both.
I tested failover from primary to secondary, and then tested failback from secondary to primary. I used a basic process to test failover and failback. Before I started, I made sure both interfaces were up and the router was on the primary interface, and started a continuous ping to the Internet. To test failover, I disconnected the primary interface and timed how long before the ping restored, indicating the router has successfully failed over to the USB Modem on the secondary interface.
As you can see below, only 4 pings dropped as the router automatically enabled the USB modem and directed all traffic out that interface. I repeated this test several times, it took on average 20-30sec for failover to complete.
Figure 7: WWAN failover test
To test failback, I reconnected the primary interface and timed how long before the ping restored and the router showed the primary was back in service. As shown below, only 1 ping dropped as the router automatically re-enabled and re-directed all traffic out the Ethernet WAN interface. I repeated this test several times, it took on average 5-15sec for failback to complete.
Figure 8: WWAN failback test
For failback to work properly, you have to enable the failback option, shown below. Personally, I think failback to the primary interface should be enabled by default. I'm not sure why you wouldn't want failback to happen automatically.
Figure 9: Failback option enable
Although the MBR-900 has two WAN interfaces, I hesitate to call it a Dual WAN router, as most Dual WAN routers allow for the use of both WAN interfaces at the same time. The MBR-900 will run either interface and failover between the two, but does not have options for running both interfaces simultaneously. The MBR-900 has options to reverse the order and make the USB interface primary and the Ethernet interface secondary.
I tested another router that supports 3G USB modems nearly two years ago. The NETGEAR MBR624GU is a bit dated now, with only an 802.11b/g radio and lesser functionality than the Cradlepoint MBR900. Of note, the Netgear device came with a cable/dongle accessory for positioning the USB modem upright and improving reception, shown below. I used that Netgear accessory with the Cradlepoint to improve 3G signal strength, and recommend Cradlepoint look into a similar accessory.
Figure 10: NETGEAR MBR624GU
A key element to Cradlepoint's WiPipe technology is Quality of Service, or QoS. According to Cradlepoint's whitepaper, WiPipe equipped routers can employ dynamic QoS functionality when using the 3G/4G modem for Internet access. In addition, the MBR900 supports Wireless Intelligent Stream Handling (WISH) and detailed Traffic Shaping. These features all come courtesy of the Ubicom CPU.
Dynamic QoS is an interesting concept. Cradlepoint's whitepaper states a “WiPipe powered router is capable of identifying the wireless environment in which it is deployed, and … can automatically self-configure for best performance.” As shown in my speed tests results, the MBR900 performs as well as a far more powerful laptop connected to the same USB modem.
By default, WISH prioritizes HTTP and Windows Media Center traffic over the WLAN. Custom rules can be applied to all protocols, TCP, UDP, TCP and UDP, ICMP, or a specific protocol. A custom rule can be applied to a specific IP address or range, as well a specific port or port range. Four different priorities can be assigned to a wireless traffic type, from Background (low priority) to Voice (top priority.)
The traffic shaping feature has both an automatic element and a manual configuration element. The automatic element, as previously described, attempts to estimate your upload speed and determine whether you have a Cable or xDSL Internet connection. I enabled auto, which required a reboot, and observed the below screen when the router came back up.
Figure 11: Traffic shaping
As previously mentioned, the router somehow determined my upload speed on my DSL connection to be 1518 Kbps when it actually was 650kbps. It was even further off when estimating the upload speed on the USB modem. Thus, if using traffic shaping on the MBR900, you’re better off manually entering your connection speeds.
Manual traffic shaping is done by specifying your Internet connection speeds and via detailed traffic shaping rules. Traffic shaping rules use similar options as WISH rules and can be applied to all protocols, TCP, UDP, TCP and UDP, ICMP, or a specific protocol. Traffic priority is assigned a number from 1-255, with 1 being top priority. Traffic shaping rules also require specifying source IP and port ranges, as well as destination IP and port ranges.
The MBR-900 has quite a few options for managing traffic flows on the network. There are nine different menus for controlling security functions on the router. Those menus are Access Control, Firewall, Gaming, Inbound Filter, MAC Address Filter, Special Applications, Virtual Server, and Web Filter.
The Access Control menu enables creating and applying a detailed filtering rule that can be run on a specific schedule; applied to one or more hosts on the LAN; log, filter, or block all web traffic; block traffic to specific IP and port ranges; and log web access.
For example, an Access Control rule is needed to apply Web Filtering to specific PCs on the LAN. I created the below rule to apply web content filtering to a specific PC, as shown below.
Figure 12: Access control policy
The Firewall menu has numerous radio button and check box options for enabling/disabling functions such as Stateful Packet Inspection, UDP and TCP endpoint filtering, as well as the ability to create a DMZ for a single PC. Enabled by default are application layer gateways (ALG) for PPTP, IPSec, RTSP, MSN, FTP, H.323, SIP, WOL, and MMS.
Sometimes ALGs improve connectivity for various services, sometimes they interfere. In my day job, we often advise VoIP customers to disable SIP ALGs in their routers. I was impressed that even with the MBR-900’s SIP ALG enabled, I was able to use my company VoIP phone.
Gaming options enable opening the firewall for 27 common network based games, shown below. Custom games rules can be created for other applications based on TCP and UDP ports. Game rules can then be applied to specific PCs and on a custom defined schedule.
Figure 13: Firewall gaming rules
Inbound filters can be applied to restrict inbound traffic to predefined IP addresses or ranges. Further, devices can be allowed or denied Internet access with the use of the MAC Address Filter.
Application rules can also be created. These are similar to Gaming rules, but instead of applying the rule to specific devices, the rule is applied to all devices connected to the MBR. There are six prebuilt applications (AIM, BitTorrent, Calista, ICQ, MSN, and PalTalk), and more can be created based on TCP or UDP port numbers.
Virtual Server rules can also be created, which is a nice way to set up port forwarding. Twelve typical network server applications are prebuilt, such as Telnet, HTTP, DNS, etc.., for forwarding specific outside traffic directly to an internal server.
The Web Filtering menu is where content filtering is enabled and customized. The MBR-900 uses OpenDNS for web traffic filtering. Enabling OpenDNS connects the MBR-900 to the free OpenDNS service. I have been using OpenDNS free service in my home for some time, and I was pleased to see it built in to this router. Instead of filtering traffic based on URLs, OpenDNS won’t resolve objectionable websites, instead returning a warning page as shown below.
Figure 14: Access block message
With OpenDNS enabled on the MBR-900, the device will use OpenDNS’ DNS IP address and one of 5 different levels of filtering, labeled minimal, good, better, best, or custom, as shown below. You’ll also notice after you’ve enabled OpenDNS that the DNS IP addresses have changed on the MBR’s WAN interface.
Figure 15: OpenDNS content filtering options
In addition to OpenDNS web content filtering, the MBR-900 allows you to create a whitelist or blacklist of specific URLs. If a whitelist, then the router will only permit access to the listed sites. If a blacklist, the router will block access to the listed sites and present a web page such as the one shown below.
Figure 16: Website block message
I've tested several UTM (Unified Threat Management) security devices, which usually come with a monthly subscription fee for features like web content filtering. The MBR900 provides all the above security features without any additional monthly costs.
The New To The Charts article covers routing and wireless performance, which was tested with 1.7.5 firmware using our standard router test procedure. But I'll summarize the results here and add a few comments.
Routing performance for the MBR900 is quite solid for a router with 100 Mbps Ethernet ports. WAN-LAN throughput is 91.1 Mbps and LAN-WAN throughput is 91.5 Mbps, essentially 100 Mbps wirespeed performance. If the bulk of your network traffic is to and from the Internet over a wired connection, the MBR900 will not be a choke point.
I filtered our router charts on WAN-LAN throughput for other routers in the $100-$150 range. Only one router with 100Mbps Ethernet ports has higher throughput, the Linksys WRT400N at 92.7 Mbps compared to the MBR900's 91.1 Mbps. But this isn't really a significant difference; both are essentially 100 Mbps wire-speed.
To get higher throughput, you have to move up to a router with Gigabit ports. (Personally, I wish the MBR900 had Gigabit interfaces, at least on its LAN, for faster file transfers and streaming capability.)
Figure 17: Download performance ranking
The MBR900's wireless performance was stable and reliable throughout my house. I tested the MBR900 wireless radio with a newer laptop using an Intel 6300 wireless card. With the MBR900 on my second floor configured for 802.11n-only, WPA2 encryption, and the remaining wireless settings at default, my laptop link rate as shown by Windows’ Network Connection Status screen (shown below) ranged from 78-144 Mbps throughout my house.
Figure 18: Wireless connection status
The MBR900's wireless performance measured by our standard wireless performance testing however, was not quite as impressive. The 2.4 GHz downlink average throughput Wireless Chart shown below is filtered to show only single-band routers and the MBR900 ranks in the bottom third. In 40 MHz bandwidth mode, the MBR900 fares a bit better, but rises only to near the top of the bottom half of charted routers.
Figure 19: Wireless performance rank
Check the New To The Charts article for other wireless performance commentary. The bottom line, however, is that the MBR900's wireless section isn't up to the quality of its routing.
Pricing and Conclusion
Cradlepoint lists the MBR900, which it bills as its “most affordable 3G/4G ready mobile broadband N router” for $149.99, but it can be found online for closer to $110. The previously mentioned NETGEAR MBR624GU can now be found online for about half the cost of the MBR900, at $59.98. In my book, the Cradlepoint MBR900 is easily worth the difference in price, however.
The NETGEAR is a bit outdated, only supports a 3G WWAN interface, has no Ethernet WAN interface, and only has an 802.11b/g radio. Further, the NETGEAR device has far less functionality in terms of compatibility, performance and security. NETGEAR lists only 18 compatible USB modems, whereas Cradlepoint lists well over 100 modems it supports on US carriers alone!
Our federal government recently stated that up to 10% of Americans don't have access to adequate Internet speeds. In my day job for a global VoIP service provider, I know a lot of our customers live in areas where they can't get wired Cable or DSL service, and rely on 3G/4G USB Modems for their Internet access.
The Cradlepoint MBR900 provides a great way to share a 3G/4G connection to an entire household. With its support for both wired and WWAN Internet connections, the MBR900 would be an excellent choice for a Home or Home Office looking to maintain a secure and reliable Internet connection.