The Ubiquiti EdgeRouter X or ER-X is one of the most affordable routers/ firewalls available on the market. It is based on a MediaTek MT7621 SoC containing a 880 MHz MIPS 1004KEc dual-core CPU, an embedded 5-port Gigabit Ethernet switch, and a variety of connectivity options including RGMII, PCIe, USB, SD-XC (not all of these features are present on the ER-X.) This platform is popular on the wireless router market with offerings from most of the major players in the segment, like Netgear, ASUS, TP-Link, D-Link, Buffalo, etc.
In our new series on STH, we are going to start with some of the smaller router and firewalls then move up to higher-end devices. We are starting with this popular lower-cost option.
Ubiquiti EdgeRouter X Hardware Overview
The device measures 110 x 75 x 22 mm (4.33 x 2.95 x 0.87″), weighs 175 g (6.17 oz) and has a maximum power consumption of 5W. Power can be provided either by included DC power adapter (12VDC, 0.5A) or 24V Passive PoE. The MediaTek MT7621 SoC in this device is coupled with 256MB of DDR3 RAM and 256MB of NAND storage.
Unlike many players on the consumer market, Ubiquiti went with an all-metal, clean, minimalistic design. The front of the device has space for five (5) Gigabit Ethernet ports including one (1) PoE IN and one (1) PoE OUT.
Please note “Passive” PoE is not part of 802.3af or 802.3at standards. While ER-X will work with most of Ubiquiti PoE devices, we encourage users to read ER-X QSG to get a better idea of requirements and limitations with respect to voltage and available power budget.
At the top of the device, one can find status LEDs for power and Ethernet ports activity. These LEDs are not next to the ports themselves which makes them slightly harder to read, especially since they are at the other end of the chassis.
At the back, one can see a 12V DC Input, ground connector, and a reset button.
This is a relatively simple device so the hardware is simple accordingly. We do really like the ability to use 12V DC input or PoE In to power the device since that gives a lot of flexibility.
EdgeRouter X Management
EdgeOS is the default firmware for EdgeRouter X, which is a full-featured specialized Linux OS, with support for advanced routing protocols, as well as various services like DNS and DHCP server, Firewall, DPI, VPN and QoS. The underlining Linux distribution for EdgeOS is Debian, so users can customize EdgeOS by installing additional packages using Debian repositories. Ubiquiti provides a choice of 2 major versions:
- EdgeOS firmware release v2.x.x uses Debian 9 (Stretch)
- EdgeOS firmware release v1.x.x uses Debian 7 (Wheezy)
Note: Early releases of v2 firmware had a number of stability and performance issues. As of the date of this review according to release notes, v2 firmware still has performance degradation. According to release notes the latest v2 firmware has up to 10% lower throughput compared to v1. For that reason for this review, the EdgeRouter was updated to the latest v1 version of the firmware.
EdgeOS Overview
EdgeOS has a fast web-based interface offering easy access to most of the device functionality with just a few clicks of a mouse. The dashboard provides an overview of the health, system utilization, alerts, and quick access to interfaces and service configuration.
A lot of new users will appreciate a set of wizards available to assist with device and feature level configuration. By default, EdgeOS has several pre-installed wizards that will guide users through the first time setup for various common deployment scenarios. Additional wizards are available from the Ubiquiti community through a simple registration and sign up. Users can also create their own wizards to help automate common tasks.
Another option for EdgeOS configuration and management is CLI. The structure and hierarchy of configuration nodes may look familiar to many Cisco and Juniper users. The CLI interface can be accessed either through the web-based console of the web management interface, ssh (enabled by default), or telnet (disabled by default).
Finally, all configuration nodes available for CLI can also be accessed through the “Config tree” tab of the web interface, offering a somewhat hybrid approach by allowing users to browse through the entire configuration.
That is actually a really nice feature that many competitive products do not offer, especially in this price range.
EdgeRouter X Performance
The EdgeRouter X is based on the MediaTek MT7621 SoC which includes a VLAN aware five (5) port Gigabit Ethernet switch and hardware-based acceleration for some of the router features like NAT, Bridging, IPSec, GRE. So when it comes to routing performance, according to the manufacturer’s website, the EdgeRouter X is capable of delivering 1Gbps/80kpps for 1518 bytes packets and 957Mbps/1400kpps for 64 bytes packets.
These are great numbers, but it is worth mentioning that such performance can be reached only for a particular system configuration. For example Firewall, QoS, Netflow, DHCP snooping, and Interface bonding should be disabled in order to achieve such high numbers. In addition, there are certain limitations on a number of flows you can have.
Test Bench Setup
Our testing bench is based on a Cisco T-Rex project which in turn is based on the DPDK framework which we are going to cover in future articles and consists of:
| Host | Dell Precision 7920 |
| CPU | (2) x Gold 6134 CPUs 16 cores/32 threads x 3.19 GHz |
| RAM | 128GB: 8*16GB DDR4-2133P |
| Host OS | VMware ESXi 6.7U3 |
| Guest | Debian 10. 4 vCPUs 32GB RAM |
| T-Rex version | v2.81 |
| Network | Intel I350-AM4 in PCI Passthrough mode |
We will likely update this system as we get to higher-performing machines, but this is overkill for this class of device. This is a new system and a different configuration, but you can read our Dell Precision T7920 Dual Intel Xeon Workstation Review for more on the platform itself.
Non Drop Rate test (NDR)
NDR is a traditional benchmark used to find the maximum frame rate and throughput of a device under test (DUT) without packet loss exceeding a predefined threshold. For routers targeting the consumer market, we set a threshold to 1%. Results depend on DUT configuration and traffic profile. Below we are going to share a subset of results for 2 corner cases. We execute the first set of benchmarks using a simple profile with a single UDP flow either unidirectional (one port is sending traffic another is received) or bi-directional (both ports are sending and receiving traffic) cases. The size of the packets is set to either 64 or 1500 or IMIX (a mixture of packets 64, 590 and 1514 bytes packets.)
As one can see from our results above, for a simple use case results are aligned with the number provided by Ubiquiti. While we did not see it in publicly available documentation that we can refer to, based on materials from other device manufactures, it appears that the hardware switch has a 2k addresses built-in table shared for L2 MAC and L3 IP lookups. The nearly idle CPU load in our test is a good indication that CPU is not used for packet processing when we have only 1 flow. To see how far the numbers may change under more demanding load, we run an NDR 1% workload using 64 bytes packets with a new server/client pair generated for each packet. In this case, we can see that a workload is CPU bound and routing performance drops from 1420kpps to 58kpps
Use Case Driven Benchmarks
While synthetic benchmarks are good to give a high-level overview of device potential, it does not make it easier to evaluate the performance of the device for a particular use case or compare performance across devices due to different boundary conditions. As we demonstrated above such boundary conditions may result in more than an order of magnitude difference for final numbers.
T-Rex gives us the freedom to define any workflow we like, or even create one based on real traffic captured from a production system. In order to see how the ER-X will perform in a more realistic scenario, we will use the SFR profile. This profile includes a combination of traffic templates such are:
- http_get / http_post / https
- mail-related traffic flows
- SIP
- DNS
- and etc.
Below we can find a graphical representation of SFR profile:
The profile is normalized to 1GbE with a 10-millisecond delay between client and server. During test execution, a new client/server pair is generated for each flow. For a range of bandwidth, we capture different metrics, such as maximum, and average latency distribution, packet drop rate. Below you can find a snapshot of test results showing packet drop rate at a given throughput for the SFR profile.
For the SFR profile, ER-X reaches 100% of CPU utilization at ~470Mbps, pushing more traffic leads to higher packet drop rate.
Ubiquiti ER-X Power Consumption
We saw an average power consumption for the device is just under ~3w. During test execution, the average did not exceed the fluctuation we saw when the device was idle.
Final Words
For $59, the Ubiquiti ER-X is an incredible device. It provides a lot of flexibility by allowing users to choose between smart L2 switch, bridge, router on a per-port basis, with reasonable performance for typical home or small office deployment. In addition, it offers a wide range of advanced features like QoS, DPI, VPN, Firewall, and support for advanced routing protocols. These features come at a cost of performance.
We think the ER-X could be a great device for home users looking to migrate from a basic/ flat network to a more complex segmented setup with WAN connection up to 300-400Mbps. It could also be great for a network enthusiast who is looking to get their hand on a more advanced network technology with the understanding that effective maximum WAN bandwidth may drop below 100Mbps, depending on the configuration. Again, in a $1000 100W device, this performance would be unacceptable, but for a $59 and 3W device, we think this is reasonable.
With the API the device offers, is it possible to config it just using API calls? Seems like it’d be a great hardware/software hybrid switch.
Enabling hwnat with offload would allow this router to hit those numbers even with firewall, QoS, Netflow, DHCP snooping, and Interface bonding
I have had the ER-X-SFP for a few years now because I have dual-WAN and it’s provided me amazing up-time. It isn’t the most friendly for configuring more advanced features, basically once you get beyond the UI you’re just following example guides from the Ubiquiti website, but it does the job.
Last year I decided to upgrade the switch portion of my network and got a used DGS-1510-20 which is now connected via the SFP using a DAC.
The one thing I would say annoys me most about Ubiquiti? They have so many different PoE options within their own range, sure passive and active, but just yesterday I encountered a NanoBeam bridge that uses 25V passive! Why not the same 24V as the rest of the range? Are they compatible? Maybe, but the documentation doesn’t tell me off the bat. I probably can power the NanoBeam from the passive 24V on the Edgerouter, but do I risk it?
I just got ER-X last month. For such little device the number of features for price is impressive. Its got one limitation worth mentioning. I moved away from Google Wifi as main router to bridged AP and while it lacked many advanced features and some standard features in other consumer routers like Netgear, it did one thing well – traffic analysis with historical cumulative data usage from Internet to individual devices by day, week and month.
Turns out EdgeRouter x traffic analysis is limited only to past 30 minutes and to get cumulative usage, you need UNMS with Netflow enabled which limits throughput down to around 180-200mb max. Since I have 350+mb Internet connection this option was out.
Also if you have hwnat enabled to get support for 1 gigabit speed, traffic analysis get broken because it can’t count offloaded traffic. With hwnat disabled, I am still fine with throughput but still wanted to implement traffic usage dashboard. So I went with self-hosted TIG stack to collect metrics from router via SNMP. Grafana has premade dashboard for EdgeRouter that has excellent breakdown by real-time traffic usage analysis by megabits per second down to individual router ports. However it still missed cumulative data usage. I created my own custom query to get this report but its limited by time and while I think it works for past 24 hours, I don’t think it can account for 30 days.
Its not ideal but its also not a big deal. If I were to set up network from scratch, I would probably go with EdgeRouter 12 which is bigger brother of EdgeRouter X with ER-4 processor and RAM that can support QoS and Netflow at higher speed. It won’t do 1GB throughput with all features enabled but its decent step up.
Great review, I loved this device in my lab environment until I learned that it didn’t support an MTU size greater than 2018. This is a limitation of the MT7621AT chipset so there is no workaround. If Jumbo Frame support is not important to you the ER-X is a tremendous value, as noted in the authors Final Words.
Can i compare it with mikrotik 951g ?
I have got this device since of going to marketplace. It was very effective at low cost, I used only as wired simple router. It has been served my gigabit lan at 500Mbit/sec.
It was rock solid, without freezing issues.
I small remark: There is serial port inside, using a metal rasp and drill bit and a glue gun, i modified the case and i had installed a ftdi rs232-usb converter.
In future reviews, it would be helpful if the config file was offered to show how the device was setup.
Thanks for the review, this whole new series is an amazing idea!
I am moving from my ISP router to a DIY OpnSense FW/Router + Unifi AP AC LR in the next days myself, so this series is extra interesting!
The whole edgerouter line has a few fatal flaws & functionality misses. The main one is UDP packet re-ordering under 2.x, a regression from 1.x. There is also no VRF support although people in the forums have been asking for over 4 years. I have er-pro-8, er-12, and er-lite and they all site on the shelf waiting for fixes….
I am really pleased with my ER-X. One missing feature in the gui is support for IPv6, though it is configurable in the cli of the configuration tree.
Rob:
The packet reordering issue is irrelevant for this particular review since it only affects the Cavium-based models, which the ER-X isn’t. Also, there is a workaround for it for the affected models that doesn’t appear to have any negative performance impact so it’s hardly a fatal flaw.
The lack of VRF support is a more valid concern. Personally I would prioritize such things higher than an issue that can easily be avoided or worked around by the user.
To the authors:
It would be interesting to see a comparison with the EdgeRouter Lite and the EdgeRouter 4 or equivalent models from those generations.
“and a variety of connectivity options including RGMII, PCIe, USB, SD-XC. ”
What? I own one of these, and it has none of these things.
Also for the benefit of other lurkers wondering what VRF is, it’s likely Virtual Routing and Forwarding.
Got one a few months ago. Great little box. Have had fun playing around with it but there are some annoyances. If you just want to block some sites or domains at the router…well no simple easy way to do it. No just typing the ip or domain into the “Block” section like you would with a lot of other routers. Nope, you have to do a load of command line bumph to do it. As per usual the CL tutorials are all over the place and often are not quite what you are after or assume too much. I don’t need or want to spend a lot of time learning the CL commands for this as the web interface does 90% of what I need. Just annoying this one simple feature doesn’t exist.
Is there any way you could get a MikroTik hEX to compare to this? I think they are very similar, and would shed some light on this product segment.
Of course you’re getting quite a few of the “you need to compare/review the XYZ router too!”
I agree that the Mikrotik hEX might be a good one to compare to. The Mikrotik hAP ac2 could also be a good one to look at. I think it works well as a home router like the ER-X and it also has wifi built-in.
The new Mikrotik hAP ac3 could be worth looking at too. It’s a bit more capable than the ac2 is, but is also a bit more expensive and is larger in size. (It’s still not expensive or large and should “punch well above its price class.”
The Mikrotik RB4100 would be a good comparison to some of the larger EdgeRouter devices like the 6P you just reviewed. There’s also a version with built-in wifi.
The EdgeRouter devices seem to be really solid products and are probably the only Ubiquiti products I’d buy. (Although I’ve heard that the whole EdgeMax line is quite good, not just the EdgeRouters.)
The EdgeRouter series runs “Vyatta” under the hood. If you were comfortable in configuring EdgeRouters via the CLI or config files, then you could easily run “vyOS” instead either as a VM or on physical hardware. It would take a bit of a learning curve since there is NO webGUI in vyOS currently. But it is much more robust and currently up to date compared to the long “dead” Vyatta project.
vyOS is free if using the rolling release, (can download the .iso from the website) otherwise you must pay some $$$$ to get it.
Check it out. It’s pretty awesome, and I would love to see a DIY router VM or DIY router on some router HW running vyOS.
https://vyos.io/
I wanted to ask, for a home user with many devices. What is the routing speed of this thing with your average firewall on, no qos (aka home use)?
Does the performance degrade when you use dual wan?
Is the limit 470Mbps?
In other reviews I’ve seen people recommending the LITE3 version or its newer cousins. But at the same time, other reviews say the LITE3 also bogsdown badly with some configurations.
I got this device yesterday. I used the simple wizzard to set it up with a PPPoE home connection. My use case is simple too: I just need to split internet access for two home computers, a bigger rig I’m using and an htpc computer used by someone else for web browsing.
After enabling hardware offloading, with only the firewall service on, everything else disabled, I get close to 900Mbps DL/500Mbps UL on my main rig and about 100Mbps/100Mbps on the htpc computer. My subscription plan specifies 1Gbps/500Mbps.
If I disable the firewall, I could probably get the close to 1Gbps speed from the spec.
Overall, a capable little box that doesn’t take much space, doesn’t gather as much dust as plastic mainstream routers and does what it says. I didn’t need more than that. For a bit more than 50 bucks it’s a good buy for a simple home use case.