[lug] Building Linux Routers versus Existing Routers

stimits at comcast.net stimits at comcast.net
Sun Nov 22 15:54:31 MST 2015

I don't use wireless, and although it wouldn't hurt to have a router with wireless, this isn't something I'm truly interested in. The situation is that I'm thinking about a router for a wired network where I want to assign addresses on an otherwise private gigabit network, and have the router make the outside world available by another gigabit network which runs on a cable modem in bridging mode. Because the cable modem is in bridging mode I have routable real world addresses going to a few different machines (not static, but each machine has a real address).
Internally and private from the real world I have a physically separate second gigabit network for development which does not need routable addresses...still, those machines need access to the internet for things like software updates and git downloads. As is, my fedora linux development host does masquerading to take care of this (this host has multiple network cards, one is DHCP assigned via the cable company to the real world, others are statically assigned with non-routable 192.x.x.x addresses). The trouble is that the linux host is dual boot and sometimes gets booted to windows (I try to avoid that, but sometimes it is necessary). When the host isn't running fedora, the outside world disappears for the private network.
So I'm looking at wired routers. Speed between machines on the internal network is important, and so those machines actually need gigabit...100Mb is not sufficient between these machines. Looking at routers I see a lot of them are only 100Mb/s, and price goes up rapidly if they support gigabit. Price is a  big issue, I can't afford high end...even $150 is probably too much. When looking at available routers supporting wired gigabit, I often see VPN features, which so far I also don't need (and also probably adds to price). So I'm considering putting in an inexpensive linux box with two network cards dedicated to nothing but acting as a router/firewall (I already have most of what I'd need in terms hardware). What are the flaws in doing this, versus an off-the-shelf router?
My checklist is that one network interface be assigned to the router via DHCP from the cable side. Linux does this.
Another item is the ability to do masquerade from the second NIC to the outside world NIC. Linux does this.
Being able to firewall between the outside world and private net is important, linux does this.
Having the private network run at gigabit speeds without lag is important...a linux router would simply assign addresses and route outside world requests, but each private net appliance/machine would more or less communicate directly with the other through a gigabit switch...if I use a router with multiple ports, then the router has to be fast...if I use linux then how fast appliances and systems talk to each other on the private side is not an issue, it's a switch issue, and the switch is fast.
Then again, I may soon need to set up open source VPNs, in which case I don't know how using a linux router would differ from a commercial router. Would VPN change what I need to consider when comparing commercial routers to a home-brew linux router? Why do routers need hardware support for VPNs, rather than simple port forwarding and masquerade? What would I need to consider in deciding to use an off-the-shelf router versus a home-brew linux router?
What else would I need to know about to choose between a home-brew linux router and a commercial router?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20151122/59631549/attachment.html>

More information about the LUG mailing list