One Bad Pixel
One Bad Pixel = 42.

Ubiquiti EdgeMax ERL review

Today I wanted to present some thoughts and initial views on the Ubiquiti EdgeMax EdgeRouter Lite. This little gem is a dandy bit of hardware from our friends over at Ubiquiti Networks, coming in at under $100 USD. Because I am a huge fan of Vyatta, I had to check these out, since they are a fork of Vyatta 6.3 that Ubiquiti has ported to MIPS and added their own features and interface to.

A little background:
For my company, I manage a large amount of client routers for small to medium sized businesses. Most of these have a single WAN connection and a single LAN connection. When I started, our standard deployment used Asus RT-N16 routers with DD-WRT on them. I was never really happy with the stability or feature-set of the DD-WRT, and often fought with silly bugs that had been fixed in later releases that also broke other features. The community support was somewhat lacking. I improved this situation a bit by building a custom build with my own interface and all the default features set the way we like for our deployments, as well as adding a handful of new features and fixing some broken things, but the units still experience some stability issues, and have some severe and crippling limitations in all but the simplest of networks. (Namely, lack of dual-WAN failover, policy-based routing, forced speed and duplex, vlan trunking, using vlan 2 for something other than WAN, limited SNMP capabilities, lack of IPSec support, lack of L2TP/IPSec support, etc., etc.)

We had started using Vyatta first in our cloud environment (it works amazing for virtualized routers to segment customer networks), so I was very familiar with its capabilities and features, but we had a challenging time of interconnecting to some of our sites which were running Asus routers, because it required cumbersome OpenVPN setups that required copying keys around, and I quickly became the single source of all things OpenVPN related. I am all for job security, but because I am valuable, not because I am the only one that understands what is implemented.

I was searching for a product that fit into our small clients budgets and networks, but still had the features I needed so that we could drop in a replacement for a pfSense, ClearOS, or other similar device. Since the DDWRT wasn’t working out because it could only fit a portion of the projects, I started looking at the Ubiquiti ERL as the new standard for these sites. It was priced just right, ran software I was familiar with, and supported most of the features I needed.

Ubiquiti is relatively well known for their disruptive pricing and quality products in the wireless market, which they mostly accomplish by kicking all the salespersons to the curb and spreading their product through word of mouth and personal reviews. The EdgeMax is a relatively new product, and if you search around for information, don’t be discouraged if you see some reviews discussing bad units. There apparently was some bad RAM in some of the first run units, but all the ones I have gotten have been rock-solid for months without so much as a hiccup.

The specs are pretty impressive (full datasheet here):

  • Dual-core 500MHz MIPS64 CPU
  • Hardware acceleration for packet processing
  • 3x RJ-45 Gigabit Ethernet ports
  • 512MB DDR2 RAM
  • 2GB Storage
  • 1 RJ-45 Serial Console Port
  • IPSec, OpenVPN, L2TP, PPTP VPN
  • DHCP, DNS Forwarding, Dynamic DNS, VRRP services
  • BGP, OSPF, RIP, and IGMP Proxy
  • QoS, Firewall, NetFlow, SNMP, and lots of other features

On top of all that, Tolly did a comparison against Cisco/Juniper as well as a comparison against MikroTik and it faired better, if not MUCH better, than its far more expensive counterparts.

I was sold. I ordered up 3 of them initially, which I did have to wait a couple weeks for the second shipping batch, but I have not had any issues getting them since. I set them up in my lab, I broke them, I fixed them, I upgraded them, downgraded them, put beta software on, put stable software on, tried experimental things, and generally beat the tar out of them. Here is my initial thoughts:
These things are great! There is a few things that I would like to see them fix at some point, but Ubiquiti seems to have an extremely active community where the developers actually respond to bugs, feature requests, and so on. Since you have access to the CLI, both from the web interface and from SSH and serial console, you can actually do just about anything you can in the Vyatta 6.3 software. Their web interface is very clean and polished, and works well, but for some features, you will have to go to the CLI as they haven’t yet added all the features into the GUI. I have taken a peek into the source code, and it looks like a lot of the missing features are in progress, just commented out at this time.

There is a few syntax differences that I would like to see them update to match the newer Vyatta code, such as the NAT commands are using the older Vyatta syntax, but overall, the differences are minor enough to figure out with the help of autocomplete. I would love to see them ship the units with one of the eth ports configured for DHCP out of the box, just because I hate having to remember what IP range and what port I need to use to get into them initially. If they want to break into the home router market (even though this is really overkill for most home users), they need one port configured to get DHCP, and one port configured to serve DHCP, with a minimal set of NAT masquerading rules.

Initially, I was a little disappointed that with 3 ports, they lacked dual-WAN failover, but they have since fixed it with EdgeOS 1.4.0. Note that it was still possible using scripts before, but just not that convenient. You can even setup policy-based (source based) routes so different traffic can transit different networks, as explained here.

They are very easy to backup, easy to restore.. This is important for me, since I usually configure them in my lab and send the configuration to one of my team to prepare for deployment. I do wish that Ubiquiti would add a “backup to FTP” option, but it’s not very high on my list so I haven’t gotten around to even requesting the feature yet.

I have tested these things using OpenVPN site-to-site, OpenVPN client-server, IPSec site-to-site, L2TP over IPSec remote access, and all have worked well. I have setup networks with tagged and untagged vlans, multiple firewall rules, groups, and all worked fabulously. Speaking of firewall groups, this is one area where Ubiquiti improved the Vyatta product tremendously. The concept of firewall groups has been extended to NAT. This is something I wish Vyatta would incorporate, as it sure does make managing NAT translations a breeze!

People that are new to routing, NAT, and firewalls may struggle a little bit to figure out how to set some of the more advanced features up, as there isn’t a ton of in-system documentation, but for me I didn’t really notice as anything I couldn’t figure out in the GUI I could do via CLI (my preferred method anyways).

All in all, if you are considering a new router or a change from either pfSense or an upgrade from another home router, I encourage you to take a chance on the EdgeMax router.. I don’t think you will be disappointed in the slightest.


7 Responses for “Ubiquiti EdgeMax ERL review”

  1. UBNT-stig Says:

    Thanks for the review!

  2. Jim Says:

    Thanks stig. Yet another example of why I like Ubiquiti. It’s always nice to see you keep connected to the community so diligently. I should be getting my ER Pro units soon for a BGP deployment, so I will be adding another review of those soon. Keep up the good work.

  3. Pat Green Says:

    Have your EdgeMax Lite units been stable with no need to reboot? I currently have an Image Stream router that is going on 3 years without a reboot that I’m looking to replace. Do you have any feel for how this would compare? Thanks Pat

  4. Jim Says:

    Pat, I have over 70 of them in the field right now and the only time I have had to reboot them is during firmware upgrades. They are very stable. I have a couple dozen pro models, which are equally as stable. Its worth mentioning that some of the advanced features are available via CLI only, but I prefer CLI anyways so it doesn’t matter to me.

  5. Pat Green Says:

    Thanks much for the quick response. It really helps to hear how they are doing in the real world. My Image Stream is strictly CLI so that is not a problem. I’d just have to learn the differences between the Image Stream specialized Linux and the Ubiquity version of Vyatta. Thanks again.

  6. Jim Says:

    Pat, If you want to play with them in a virtual environment, grab a copy of VyOS from While there is a few syntactical differences to EdgeOS, they are minor in nature and you would quickly figure them out once you are using EdgeOS.

  7. Pat Green Says:

    Good idea. Have to get past my current project deadline then I’ll take a look. Thanks

Leave a comment!