@Adam wrote:. . . . . one thing that drives me crazy is the MX limitation on internet bandwidth. With larger pipes being available for much cheaper these days it is hard to swallow having to buy an MX84 or MX100 to get > 200M. What's your guys thoughts on this?
Has anyone ever reviewed any products like this? https://www.ubnt.com/edgemax/edgerouter-x/
I'm just trying to think of solutions for smaller sites 10-15 users where fast bandwidth is available.
I have some experience with UBNT product, our small network, which gets complicated and Meraki cannot provide the services required is split into two
Meraki - secure network using MX, MS & MR serving workstations, laptops and authorised mobile devices.
UBNT - UniFi - handles multicast, Chromecast, Guest network, IoT devices, smart TVs/monitors, video playout, audio processing etc.
The UniFi network has a CloudKey that is accessible remotely which provides a single pane style dashboard to run that side of the network. We still have to delve into the CLI and use a "fiddly" procedure to ensure the configuration is not lost on rebooting or upgrade.
The EdgeMax range is more traditional and CLI based (EdgeOS is a fork of Vyatta), but that is changing with a new dashboard style management tool being available in beta.
UBNT has released a EdgeMax router capable of 80 million Gbps / 18 million pps which is also in beta release as a UniFi product. If this is overkill, there are lesser routers/gateways available with varying levels of throughput, dependent upon activation of DPI and IDS, IPv6 is a work in progress.
By splitting the network I an less concerned by crap on the portion designed to serve all the dodgy kit, I only need to worry about what is behind the MX.
The MX uplinks to a LAN port that goes straight out the WAN port. It works, as does connecting devices on the naughty step to secure devices using HDMI cables to continue meeting our analytic workstation requirements seamlessly.
The issue of WAN speed is overdue for addressing by Meraki. 1Gb/1Gb FTTP is available locally for £50 per month (but not in our exact location). By way of comparison, if I take the Internet access cost out of the telco provided package, 80Mb/20Mb costs £45 per month. Everybody will take the FTTP package (probably at 200-300Mbps) as soon as available.
The reality is, what security appliances, routers will handle this sort of speed? Certainly not the small MXs.
If we add in the lack of proper native IPv6 support (no tunnelling, no performance deg), the lack of multicast capability, SHA-1 issues, one could say that the MX range is long overdue for a complete overhaul.
If the MX is being replaced, to address these and other shortcomings, I would ask them to also consider moving to a Zonal security model, much more intuitive, one of the things I like about the SRX-300 from the Gin Palace (alas no proper multicast).
One of the problems with splitting/duplicating the network is a noticable increase in electricity consumption. To say nothing of larger rack space requirements, and some additional thought requied when changing anything.
Life would be simpler with an MX designed for today's requirements.
@uberseehandel
@MRCUR wrote:
It's a bit pricier than I expected.
At that price it is time to check out the alternatives. It would be so nice if the MXX range sorted out the MX's feature shortcomings. And the Z3 needs to handle multicast and IPv6 properly, it is supposed to be for telecommuters.
@uberseehandel
