Thanks to widespread hacking nowadays, the sub $100 “basic” network router just can’t provide the protection needed for video surveillance systems.
THE SECURITY AND VIDEO SURVEILLANCE world has been evolving the past decade from a mostly analog-based environment to an IP-based one. Security camera systems today have changed from analog matrix switches, VCRs and CRT monitors to multiterabyte-capacity video servers, IP cameras and fiber-based system backbones. As a result of this metamorphosis, the need for strong network components to provide the security required for the video surveillance network has also evolved. With the advent of hacking as a pastime for many, the sub $100 “basic” network router just can’t provide the protection needed in that environment. Based on our experience with systems undergoing daily denial-of-service (DoS) attacks, we set out to find a robust yet reasonably cost-effective router that can provide a secure gateway to the outside world for more complex systems and applications.
Our company was first introduced to the Ubiquiti product line by an integrator we were working with on an outdoor project where wireless links were required for the remote cameras. Having never worked with Ubiquiti before we were intrigued with the company’s offerings for future security projects we might be involved with. We reviewed its website and took a look at the products we felt would be useful in future projects. As it turned out we had a project come around where we needed to provide a client with some rapid network security for sites that had to come online quickly. After reviewing the Ubiquiti routers we decided to test the EdgeRouter ER-8 for possible deployment for their project sites.
There are four different EdgeRouters in the Ubiquiti line. The smallest, the EdgeRouter Lite, has three ports for the system network. Next in the line is the EdgeRouter PoE, which has five ports and, as you guessed, has PoE available for the connected components that require such. The full-size EdgeRouter is the “big brother” to the smaller units. This is a 19-inch 1U rack-mountable unit and there are two versions of this chassis, the ER-8 and the PRO. Both models have eight front-mounted RJ-45 jacks that can be configured with different parameters for the network connections. There is also a separate RJ-45 jack that can be utilized to interface with the router utilizing a serial cable and command line interface (CLI) communications.
The EdgeRouter PRO has an advantage over the ER-8 as it has an additional two SFP ports to allow direct fiber connections to the network router. The casing and materials used for the EdgeRouter Series is solid and doesn’t have a flimsy appearance as some less expensive units do. There is a power socket on the rear of the unit for the power cord as well as two cooling fans to keep the unit operating within parameters. The fans are easily accessible; three screws on the bottom of the router get you inside and changing them is simple, if the need arises.
The EdgeRouter ER-8 is designed to provide multifunction performance on a system’s network. The unit, for example, has the ability to provide structured settings for different network connections in a location. This would be particularly effective for someone who had to manage and administer Internet access to different tenants in an office environment as an example. The unit also has a robust suite of firewall settings as well as other programming parameters that would make a network IT person feel like a kid in a candy store.
One of the main reasons we selected this device for deployment at our customer’s sites was the robust firewall that the EdgeRouter ER-8 provided. One of the main problems we had noticed at our customer’s sites was the repeated DoS attacks that were being bombarded on the routers provided by the site’s Internet service. The EdgeRouter ER-8 effectively blocked almost all of the DoS attacks at the sites and kept the Internet up and running, something the service provider’s router couldn’t do.
When you first unbox the EdgeRouter ER-8 and start working through the basic system setup it seems like a fairly straightforward process. The unit is easy to connect to with minor system settings to your laptop (you must assign a static IP to your computer) and the login process is easy. The unit doesn’t ship with an installation manual so you must go to Ubiquiti’s website to get the literature. This is a good thing because here is where you also find out you must download the latest firmware for the router to ensure proper operation.
This mandatory “get the latest firmware” task to me ranks right up there in my pet peeve category of electronic components, right after those devices where you must use their software to perform any programming. I understand getting firmware updates from manufacturers for components that have been installed and operating for a period of time but to have to flash the firmware on a brand new, out-of-the-box unit just doesn’t make any sense to me. I don’t think the folks at Ubiquiti made a great big batch of ER-8s and just let them sit in a warehouse somewhere collecting dust! But, without question, this step was vital — the router simply did not work in our application with the factory installed firmware.
Once you get the firmware flashed on the unit you can then follow the programming guide that is included with the ER-8. The main screen for the ER-8 is the dashboard that shows you the system’s status on all of the ports, transmit and receive rates for all channels, and other statistics. The dashboard also allows the administrator to individually monitor each system port and check on the bandwidth usage for each.
The subsystem menus of the EdgeRouter ER-8 almost made my eyes glaze over due to the multitude of system parameters available for deployment. I like to think I have a fairly good grasp of network programming but this unit has everything including the kitchen sink packed into it. That is a good thing for a network administrator who has the time and wherewithal to manage such a device. It could also be a bad thing for a location that has an IT administrator who knows just enough to be dangerous — this router isn’t something that needs an “experimenter” working on it.
For this product review we didn’t perform a normal bench test per se since we have deployed them in about 20 locations or so around the country following our initial evaluation. We have also integrated them into two of our office locations and use them for our office routers. As such our “testing” has consisted of real-world product applications in different environments.
In the locations where we had specific setup parameters (static IP, subnet, etc.) the setup using the built-in configuration wizard was easy. We had a couple of locations where, unfortunately, that wasn’t the case. One site’s Internet provider required the router to be set up for PPPoE and I tried for the better part of four hours to get the EdgeRouter ER-8 to work with the parameters that were provided to me by the site’s Internet provider. I knew for a fact that the Internet worked at the location as I could get Internet access with the service provider’s supplied router.
Having worn my fingers out on my laptop trying to program the unit properly, I decided to contact Ubiquiti’s support folks. This is where my experience with Ubiquiti took a very large turn for the worse. If you think you can talk to a live person and get some direct support from Ubiquiti you can forget that. Also, if you think the online chat forum can get you a quick response you can forget that too. The support network consists of online forums and also includes a lot of YouTube videos to show you how to do things.
This to me is not really support; it’s more of a self-help guide, albeit one that had nothing listed to help me with my issue. I forged ahead with the chat site in the hope of getting lucky and getting a quick response. My hopes were soon dashed as the chat site just sat there with no response at all. I did get an email that documented everything I sent to the Ubiquiti chat forum — lot of good that did me. I ended up leaving the service provider’s router in place and the EdgeRouter ER-8 just sitting in the rack.
The next day I got an email from Ubiquiti asking me to rate its support service. After I stopped laughing I thought about how bad that actually was — somewhere an automated program fired off an email in response to another automated program that didn’t really do anything for me. Classic!
The Ubiquiti EdgeRouter ER-8 is a very solid router for use with system networks. It is bulletproof, reliable, and has lots of little touches that make it feel like a premium product — internal power supply, MAC address on a sticker on the rear panel, and a great user interface. If you have the time and knowledge this router is very solid and a great buy for its price point.
However, there is an Achilles heel — the support is pretty much nonexistent. If you have a system that will require some tweaking and support to get things just right, you had better think twice. You may spend more time than it’s worth trying to get the router configured, ultimately buying a comparable — but far more expensive — unit, where you know you can get proper support.
- Features 1 2 3 4 5
- Construction 1 2 3 4 5
- Setup 1 2 3 4 5
- Performance 1 2 3 4 5
- Overall 1 2 3 4 5
First published in the November 2016 issue of Security Sales & Integration magazine.