I really like the Raspberry Pi platform as it gives me full Linux flexibility for many of my projects. The platform’s limit, however, is networking, as a Pi only has a single 100BaseT Ethernet interface. Yes, it can be extended via additional USB/Ethernet interfaces and I’ve done so in the past but it’s a bit of a kludge and one is still limited to 100BaseT (due to USB2). For network centric projects I’ve long been looking for another hardware platform that would give me similar Linux flexibility but I haven’t found anything useful. That is, until now!
In a recent Freak Show podcast (in German), Clemens Schrimpe mentioned the Ubiquiti Edge Router hardware that comes with a fully accessible Linux operating system that is based on Debian. Ubiquiti Edge Routers come in different sizes from 19″ rack mounted 8 port down to a 5 port Gbit mini-router with and without an SPF interface as required. I instantly ordered the smallest version (the ERX) for around 60 euros as I could immediately see a number of applications where it could be useful.
VyOS
While the router comes with a great browser based graphical user interface for configuration and monitoring for those who know what they are doing, it can also be accessed via SSH. The device’s routing functionality is based on VyOS, an open source Linux based routing platform (or perhaps the non-open Vyatta and is controlled via shell commands (or the web based GUI).
One of the cool things about VyOS is that all configuration changes take effect without rebooting the machine but lead to an automatic reboot after a timeout unless they have been committed. This way a remote administrator can get access to the device again should a command have led to a lockout. And even after a commit, a manual reboot will return to the previous configuration unless the changed configuration is explicitly saved.
Routing And Shaping
One of the first things I did was to play around with the routing and traffic shaping capabilities of the device. There’s a GUI wizard with which the device can be configured with a few clicks as an IPv4 NAT router with one Ethernet port for backhauling and 4 ports for connecting local devices. SSH and GUI are blocked on the external interface by default with firewall rules and the router can also perform IPv6 prefix delegation if the backhaul network is IPv6 enabled. I’ve left this part for another day though as well as the extensive IPSec and OpenVPN client/server options.
The ERX also comes with interesting traffic shaping options and a variety of different algorithms. Again, the GUI makes it easy to shape traffic on a per interface basis in both directions and changes can be done on the fly without any rebooting necessary. I was quite impressed with the shaping algorithm as ping round trip delay times remained low, i.e. web browsing and ssh access remained snappy despite the interface being maxed out. Very nice!
The Linux Below
When I said a fully accessible Linux I really meant fully accessible! The router runs a minimal Debian system and the things I have touched so far all work the same way as on, say, Ubuntu or on a Raspberry Pi. To see just how far I could go I modified /etc/crontab to run a script every 5 minutes that checks if the router has an SSH tunnel established to a gateway in my home network and if not the script re-establishes the tunnel so I can access it over the Internet. This worked like a charm and the configuration even survived a drastic VyOS configuration change. I also used the SSH tunnel to run a remote tcpdump on the router and pipe the recorded network packets directly to Wireshark running on my PC. Also SCP file access over SSH works out of the box. In general the SSH client and server software seem to be fully installed as even the ssh-key tool for generating new client and server keys worked out of the box. It’s even possible to install extra packages via ‘apt-get’ from the standard Debian repository, which I used, for example, to install the ‘nano’ editor.
The Hardware
Hardware wise the ERX is based on a Mediatek MT7621 router chip with 5 Ethernet ports, a 4 core MIPS processor, 256 MB RAM and 220 MB of Flash memory of which 75 MB is free for installing additional software. That’s miles away from a Raspberry Pi 3 in all respects but I guess that’s not the point here anyway.
Summary
So far I’m very impressed with the ERX. The Debian based system is fully customizable, software packages can be installed from the standard repository, VyOS offers great routing functionality that can be managed via the shell or the web based GUI. The only thing I’ve missed so far is the ability so throttle a particular device to a certain speed but that’s about the only negative point found so far. So let’s see how the device performs in practice over time.