Small-business owners shopping for a new router should avoid the flashy new 802.11ac models. Here's why.
If you're in the market for a new router for your small business, you might be tempted by the flashy features, high speeds, and low cost of consumer-oriented routers. The latest models, based on the IEEE 802.11ac standard, look particularly attractive.
But can a consumer router deliver everything your business needs? Is it sufficiently secure? Is it scalable? Does it provide redundant connections to the Internet? If it's a wireless model, does it provide enough range to cover your entire office?
Should you instead invest in a router that's specifically designed for the needs of small- to medium-size businesses? What exactly distinguishes a consumer router from a business-class model, anyway? Glad you asked.
Consumer Router Priorities: Speed, Media Streaming, and Security
Walk into your local electronics retailer or shop online, and you'll find at least a dozen consumer wireless routers selling for $100 or less, from such well-known brands as Asus, Buffalo, Cisco (Linksys), D-Link, and Netgear.
The prices are certainly appealing. Even better, all the essential features seem to be in place, including compatibility with the IEEE 802.11n wireless networking standard, a four-port ethernet switch, wireless encryption, and a built-in firewall. Most routers in this class have 2x2 antenna arrays (two transmit and two receive antennas), which are capable of handling two 150-megabits-per-second spatial streams (one on each antenna) for a total theoretical throughput of 300 mbps. You'll never see real-world performance that fast, however; overhead, distance between the client and the router, and environmental factors can whack that number down. The industry refers to this class of router as "N300."
Many lower-end consumer routers are dual-band models, capable of operating wireless networks on both the 2.4GHz frequency band and the 5GHz band. The 2.4GHz band delivers better range--but since it provides only two nonoverlapping channels, and since so many routers have been deployed, the spectrum has become congested. The 5GHz band boasts 23 nonoverlapping channels, so it's significantly less crowded, but it provides much less range. Many people use the 2.4GHz band for data and Internet access, and reserve the 5GHz band for streaming audio and video over their network.
The industry refers to this class of router as "N600," but the term is misleading because it implies that routers in this class can stream data at 600 mbps. They can't. The N600 claim comes from summing the speeds of the two concurrent but independent 300-mbps networks. You'll never be able to connect a client to either network and expect it to stream data at 600 mbps, nor can you connect a single client to both networks simultaneously.
Move up the consumer market to the $200 price range, and you'll see more-advanced dual-band routers from the same manufacturers. These devices come outfitted with 3x3 antenna arrays and promise a theoretical throughput of 450 mbps on each band. Routers in this class are often described as "N900" models; here again, however, it's not because they can deliver throughput to a single client at 900 mbps. Typically these routers are also outfitted with a four-port ethernet switch, but they support wired connections at gigabit speeds, versus the 100-mbps switches on less-expensive routers.
The IEEE 802.11ac wireless networking standard isn't likely to be ratified before early 2013, but that hasn't stopped router manufacturers from introducing routers based on the latest draft definition. We saw a similar pattern of events when the 802.11n standard was being finalized.
Only two such routers are on the market right now: The Buffalo WZR-D1800H arrived first, followed by the Netgear R6300. Both manufacturers are aiming their products squarely at consumers, emphasizing the devices' ability to stream media. Thanks to a much-improved modulation scheme, 802.11ac routers can pack more data into each spatial stream: 450 mbps, versus 150 mbps for 802.11n. An 802.11ac router with a 3x3 antenna array can deliver a theoretical throughput up to 1300 mbps (1.3 gigabits per second). Buffalo, for one, is marketing its product as an "AC1300" router.
Since there's an outside chance that these products will be incompatible with equipment based on the final standard, we don't recommend buying such devices for your business.
Next Page: Common Features in Consumer Routers
One feature you can expect to find in a high-end consumer router is one or even two USB ports. Through such ports, networked computers can easily share a USB printer and a USB hard drive. Although this might seem like an attractive feature in a router, anything but the tiniest small business will be better served by printers and NAS (network-attached storage) devices that have built-in networking capabilities. A printer with built-in networking features won't limit you to the length of a USB cable when you deploy it. USB storage devices, meanwhile, are slow and top out at 2TB, whereas a high-end NAS can deliver as much performance and storage capacity as a small server can.
Here are some of the other features you'll find in the typical consumer router:
- Quality of Service:This term describes a router's ability to prioritize different types of data traffic. For instance, if data packets drop during a file transfer, the router can repeatedly resend those packets until you've received the entire file. It might take a fraction longer, but you'll eventually receive the entire file intact, and it's largely irrelevant how many packets were dropped and resent in the process. However, if packets drop while the router is streaming music or video, or while you're in the middle of a phone conversation, you'll experience unpleasant dropouts and glitches. Routers with strong QoS capabilities can assign top priority to lag-sensitive media and VoIP traffic by throttling lag-insensitive file-transfer traffic. This is a good feature to have if you use VoIP equipment instead of a landline.
- Parental controls: This feature is designed to limit when client PCs have Internet access, and where those clients can go on the Internet. If you have children, you might configure the router's parental controls so that they can't access porn sites, or play online games during hours when they should be doing homework.
- Guest network: This is a virtual network that can allow your guests to access the Internet while barring them from accessing computers, printers, NAS boxes, and other devices on your network. (Some routers allow you to run a guest network without any security, but that isn't a good idea.) A guest network can be as handy for a small business as it is for a consumer.
- Built-in media server: Consumer routers are increasingly focused on streaming media, so it only makes sense that they'd have integrated servers for this purpose. UPnP (Universal Plug and Play) is the bare minimum. Advanced models add DLNA (Digital Living Network Alliance) and even iTunes servers.
- Lightweight VPN support: A VPN (virtual private network) allows remote users to access your network through a secure Internet pathway (often referred to as a tunnel).
- Integrated firewall: A firewall is a security mechanism designed to prevent intruders from accessing your network from the Internet.
- Wi-Fi Protected Setup (WPS): Operating a wireless network without encryption is asking for trouble. WPS helps consumers set up a wireless network with ease: You simply push a button on the router and a button on the client to establish a secure connection via WPA or WPA2 (see below). A recent discovery, though, has revealed that a brute-force attack can defeat this kind of security within a few hours. If your router supports WPS, you should disable it (if possible), whether you're running it at home or at the office.
- WEP/WPA/WPA2: These three security schemes involve the router and client exchanging preshared keys. WEP (Wired Equivalent Privacy), and to a lesser degree WPA (Wi-Fi Protected Access), have proven vulnerable to brute-force attacks. WPA2, which uses AES (Advanced Encryption Standard) encryption, remains relatively secure--provided that you establish a complex password.
- RADIUS: A few consumer routers support RADIUS (Remote Authentication Dial-In User Service) security. I'll discuss RADIUS in more detail later.
Business-Class Router Priorities: Security, Remote Access, and Scalability
Now let's turn our attention to business-oriented routers. Prices for low-end business routers start right about where consumer models top out, around $200, and they share many of the same features, such as a four-port switch, 802.11n wireless support, virtual networks, and QoS support (for VoIP applications).
Business routers, however, lack some of the features available in high-end consumer routers. You won't find a convenient-but-insecure WPS button, for example, nor will you get USB ports for sharing a printer or storage. And it's no surprise that you won't find an onboard media server. Many entry-level business models have only a Fast Ethernet switch (10/100 mbps), and wireless models typically operate only on the 2.4GHz band. In this environment, raw speed is less important than supporting large numbers of users, because those users are typically only accessing the Internet, moving small files around the network, and using server- or Web-hosted applications.
What you will get in business-class routers at all price points is stronger security features, more flexibility in giving you access to your network from remote locations, and the ability to scale as your business grows.
In addition, SMB routers support the aforementioned WPA, WPA2, and RADIUS (also known as WPA-Enterprise) security protocols, but you should use only the latter two to secure your business's network. RADIUS is the most secure option, but it is complicated to set up because it requires a dedicated server independent of the router. When a user logs on to a wireless network secured via RADIUS, a RADIUS client running on the router sends the user's login ID and encrypted password to a central authentication server. The authentication server then sends one of several messages back through the router to the user: 'Accept' (in which case the user is authorized to access the network), 'Reject' (the user is denied access, and asked to reenter their credentials), 'Challenge' (the user is asked to provide additional information), or 'Change password' (the user is recognized, but asked to create a new password before gaining access).
Next Page: More Details on Business-Class Routers
More Business Router Features
You might be surprised to learn that many business-class routers don't include integrated wireless networking. If the one you select doesn't, you can easily add such capability by deploying one or more wireless access points.
Higher-end business routers, meanwhile, deliver scalability, redundancy, and even stronger security features. Scalability defines the router's ability to expand as your business grows. Expanding a network's hardwired capabilities is easy: Plug another multiport ethernet switch into one of the router's ports. Voila! More ports! (If you're operating a complex network with a RADIUS server, multiple VLANs, and other features, you might need to invest in a managed switch.)
The only way to increase your Internet bandwidth, though, is to get additional connections to your Internet service provider via your router's WAN (wide-area network) ports. While consumer and low-end business routers typically have just one WAN port, higher-end business-class routers have multiple WAN ports, so you can establish more than one connection to one or more ISPs. Establish two or more connections to the same ISP, and you can improve your network's performance through load balancing. Establishing two or more connections to different ISPs provides redundancy for business continuity (since it's unlikely that two ISPs will suffer an outage at the same time). Cisco's RV016 Multi WAN VPN Router ($450), for example, is outfitted with 16 Fast Ethernet ports, including two that serve as dedicated WAN ports. But you can configure five of the other ports to function as WAN ports (making a total of seven) for load balancing or redundancy.
Here are some of the other features you can expect to find in a business-class router:
- Robust VPN: Business-class routers provide virtual private networks that can handle many more users (anywhere from 5 to 100), while offering much stronger security than consumer models do. At its best, a VPN will provide an environment in which a remote user's experience is no different than if they were working in the office and hardwired to the network.
- Virtual networks (VLANs): Known as guest networks on consumer routers, VLANs can perform the same function on a business-class router. But you can also set up other VLANs to segregate traffic on your network, so that sensitive data from one department--human resources, for instance--stays contained within that department's own network. An entry-level business-class router is capable of supporting several virtual networks, while a high-end model can support a dozen or more.
- IPv6 support: IPv6 (Internet Protocol version 6) is replacing IPv4 as the protocol for directing Internet traffic. IPv4 uses 32 bits to define an IP address, which limits the number of addresses that can be created--and that limit has almost been reached. Since IPv6 uses 128 bits to define an IP address, it can create a much larger pool of addresses. Though many new consumer routers support IPv6, it's a crucial requirement for a business-class router.
- DMZ port: If you have a computer that needs direct access to the Internet--an email or Web server, for instance--look for a router with a dedicated DMZ port. This feature will isolate that computer from the rest of your network on a dedicated subnetwork, so that if the system becomes compromised, the intruder won't be able to gain access to the computers on your primary network.
- Content filtering: This feature is the equivalent of the parental controls in a consumer router. You can block access to certain Internet content by using keywords or blacklists (prohibited URLs), or by allowing clients to access only permitted sites through a whitelist.
- Wireless Distribution System (WDS): This protocol allows a wireless signal to be repeated by up to four repeaters in order to extend the network's range. It's increasingly common on consumer routers, too.
Which Class of Router Suits Your Business's Needs?
In this overview, I haven't covered every single feature that distinguishes business-class routers from their consumer cousins, but I have hit the high points. If you're still wondering which type is right for you, consider these final tips.
If you want the best security features, if you have many employees who require frequent remote access to your network, if you run your own email, Web, or RADIUS server, or if you need to set up advanced VLANs, you should look long and hard at a business-class router. If you need load balancing or failover redundancy, you should be looking at the higher-end business models.
You can probably get by with a consumer router if you have just a few employees (who don't require VPN access), if you don't need sophisticated VLANs, if you don't operate your own Web, email, or other type of server that needs to be hosted in a DMZ, and if you don't plan to operate a RADIUS server. But when you compare prices, you might be surprised to discover that a consumer model won't necessarily save you money.
This story, "What separates business routers from consumer routers?" was originally published by PCWorld.
A compilation of one Linux expert's adventures with 10 desktop environments.
Which kind are you? Choose wisely!
It's taken a long time and the promise of SteamOS, but more and more big-name games are finally...
US export restrictions on encryption technology from the 1990s have come back to haunt the modern Web
The FCC could save on future litigation costs if it hadn't passed net neutrality rules, one lawmaker...
Beware buying apps as they may not be what they seem. Criminals often crowd stores with malware-laden...
The cybercrime economy is entrenched in digital fox holes and hoodlum hideouts the world over. It’s not...