This little device is a piece of joy to hold in hand or simply look at it. That pretty much sums up my impression about ER-X, from aesthetics to its performance. Many things to praise...let alone its price.
I spent about 8 hours in total setting it up for my LAN at home. This also included converting my Asus all-in-one (RT-AC56U) into a "super" access point, wasting more than three hours I believe on following a IKEv2 IPsec server guide on UBNT forum. I ended up scratching that guide and came up with my better (let's leave the story for another day), and adjusting configurations in both ER-X and the Asus for their split roles.
ER-X plus RT-AC56U
I had quite a few applications running on RT-AC56U. Some homebrew daemons written in shell scripts and others one-shot recurring tasks. After some thought, I decided to let ER-X run firewall, NAT, routing, QoS, IPsec VPN server, DHCP server and other network functions. RT-AC56U as AP will be configured with basic routing function and act as an application server. Continue to run OpenVPN server, NTP time server, DNS server (and its fun applications) and etc.
On ER-X, I have
eth0 as WAN.
eth2-4 which are also part of
switch0 as my main LAN.
eth1 as LAN2. I also have a Hurricane Electric 6in4 tunnel. RT-AC56U attaches from its WAN port to
eth4 on ER-X. Both devices together can provide seven usable LAN ports. Too many for me. So I decided to have
eth1 on ER-X for a second LAN. Not sure about its use at the moment but I know future will be fun.
IPv4 setup on ER-X is straight forward as it can be done from its WebUI. Everything related to IPv6 has to go with ER-X's CLI. This includes IPv6 firewall. Don't forget to set it up if you have native IPv6 or a HE tunnel. I have
switch0 on ER-X and
br0 on Asus assigned static IPv6 addresses. ER-X Dashboard sums up everything. See the screenshot above.
Smart Queue QoS
The Smart Queue under QoS is very easy to setup albeit with a culprit and let's leave it for another story. Under the hood, the Smart Queue runs FQ-CoDel assisted by HTB. I went with the default mostly. Punched in Internet bandwidth (I have symmetric 100Mbps). Click Apply. That's it.
This little device amazes me in many ways. If I have to mention one for now, it's the superb IPv6 stack. I don't have native IPv6 yet but the HE tunnel seems to work much better in ER-X than Asus (when it was a router). I used to get occasionally maximum 60Mbps on Asus. Now consistently getting more than that on ER-X. Surprise! Dslreports' test gives the tunnel A+/A+/A rating. Very happy to see it regardless how much actual substance in the ratings.
Combined Up/down Internet Throughput
A quick test of up/down combined throughput of ~150Mbps (see the screenshot below). The CPU utilisation is about 60%. Around 10% of that is contributed by the overhead in the HE 6in4 tunnel. As you can see most download traffic is through the HE tunnel,
tun0. Fair to say there is much room for higher speed Internet.
I don't have HW offload enabled except for IPsec. I have: 1 NAT rule, 12 IPv4 firewall rules, 9 IPv6 firewall rules, and upload QoS enabled.
ER-X since firmware v1.8.5 also has HW offload for IPv4 and IPv6 NAT traffic that cover VLAN, PPPoE, bridging etc. User tests show while upload or download done separately reaching >900Mbps is no problem with HWNAT enabled. I haven't seen a combined throughput test and also have no way to confirm or test myself quickly. For a 100/100 Internet like mine, HWNAT assistance is not required.
That's it for now. I'll find time to write more stories about ER-X.