by Platon Scheblykin
12/05/2006 | 03:38 PM
This is our second article about network equipment (the WL500g Premium router from ASUS was the first 802.11g-supporting device tested in our labs, for details see our article called ASUS WL500g Premium Wireless Internet Router Review) and the DI-824VUP++ router from D-Link is going to be its subject matter. What is so interesting about this device?
First, judging by the specification that you can find at the manufacturer’s website, this router provides broad functionality even though it was released quite a while ago. Second, it offers enhanced options when working as a VPN-server which is not a very widespread feature. And third, D-Link has got a reputation of a maker of high-quality network equipment, and now I’ve got an opportunity to check this out by myself.
The DI-824VUP++ router is positioned as a SOHO device with support for a lot of network interfaces and protocols as well as for a few extra functions that extend the range of its possible applications. So, it’s a kind of an all-in-one networking tool. Such models are offered by every respectable manufacturer of home and semiprofessional network equipment, but they vary in the set of implemented features. I am going to check out a combination that includes a VPN-server, print-server, router, Wi-Fi access point, and reserved Internet access.
WEP(64, 128, 256 bit), WPA(PSK, RADIUS), 802.1x
DBPSK, DQPSK, CCK, PBCC, OFDM
2.4 - 2.462 GHz
Nominal data transfer rate
11 for N. America, 14 Japan , 13 Europe (ETSI),
1 RJ-45 (10/100 BaseT) Fast Ethernet 10/100 Mb/s port
4 RJ-45 (10/100 BaseT) Fast Ethernet 10/100 Mb/s ports
1 USB1.1 port
External power supply
233 x 165 x 35 mm
The box contains:
Now that I’ve said some general words about the DI-824VUP+, it’s time to take a closer look at it. The hardware capabilities of this device come first.
D-Link’s engineers, as well as other manufacturers of network equipment for that matter, do not invent gaudy exterior designs for their devices, focusing on functionality instead. This router is an example of my point. Its exterior leaves no doubt about the manufacturer since nearly half of all of D-Link’s network equipment uses this case design. The DI-824VUP+ has a rectangular case, its only protruding part being the detachable antenna of the wireless module. The manufacturer’s logo is embossed on the top and bottom panels; the two turquoise-colored stickers tell you the product series name and some info about this particular model (in a very small print). The router’s orientation can only be guessed by the indicator labels and the holes for wall-mounting. This is made on purpose so that the device looked natural irrespective of its positioning in space. The color scheme is D-Link’s traditional silvery with a dark gray band on the left. The case is made of thick plastic; the details are all neatly fitted together. It turned to be hard to take the device apart, however. Although there are only two screws in the case, one edge of the case wouldn’t detach after I’ve unfastened the screws. It’s because the parts of the case hold very tight together. And you can only open the cover up from one side as on the opposite side it goes into deep grooves in the bottom panel of the case on.
Everything you need to work with the router is accumulated on its front and rear panels. The front panel contains indicators (from left to right):
Talking about indication, here is how it is implemented:
There are green LEDs behind a translucent plastic panel. They are labeled on the case, above the indicator panel. This is not a perfect solution because the labels are hard to see under dim lighting. This is aggravated by the fact that the indicators are placed in a line, so you can’t guess the meaning of an indicator by its position unless you’ve memorized their positions by heart.
The rear panel contains all of the router’s connectors and a Reset button (from left to right):
The router is cooled passively through the vent openings in its case. Although there are not too many openings here, it is quite enough to cool the electronics since the components on the router’s PCB do not heat up much.
I took the router’s case apart to examine its interior design. Removing the top part of the case and unfastening two screws, I took the PCB out to have a better view of the components. To do that, I had had to unplug cables from the wireless module that connect it with the antennas. I had to exert some strength to pull the cables out, so the connection seems to be very reliable.
The router’s PCB occupies almost all of the inside of the case. The components are placed sparsely on the PCB and are not protected against interference with some kind of screening.
The layer of copper that covers the PCB wherever possible must serve as screening here. There’s one curious fact about this PCB. The Russian-language Tom’s Hardware Guide site has recently tested a Level One WBR-3402A ADSL router whose PCB looks much alike to the PCB of the DI-824VUP+. As is often the case, the manufacturers base their products on the reference PCB of the manufacturer of the key component of the device. It is the processor here. However, the reference PCB of the processor manufacturer doesn’t resemble the PCBs of the routers at all. So, I can only makes guesses about the prototype. Judging by the PCB wiring and the components, the DI-824VUP+ seems to be closer to it.
Now let’s examine the components inside the D-Link router. I’ve mentioned the processor, so let’s start with it. It is an S3C2510A chip from Samsung.
This is a 32-bit RISC processor based on the ARM940T core. This ARM9 family core works at a frequency of 166MHz and has 4 kilobytes of cache memory for instructions and data each. As a matter of fact, the S3C2510A is more than just a processor. It also incorporates a memory controller, an interrupt controller, a few timers, controllers of USB 1.1, PCI, PC Card, UART and I2C interfaces, a controller of 64 general-purpose ports, a Fast Ethernet controller, etc. It is thanks to this versatility of the S3C2510A chip that it is possible to connect a printer, modem, etc. to the router.
The two Ethernet ports integrated into the processor are not sufficient for a router, however, so the PCB carries a separate switch integrated into a single chip:
The D-Link DL1005C chip is an analog of the popular IP175C chip from IC Plus. It supports five Fast Ethernet ports and can automatically detect the type of the cable (MDI/MDIX).
G-Link’s GLT5640L16 chip is the router’s memory:
This is an 8MB SDRAM chip that supports clock rates from 100 to 183MHz. It probably works at the processor frequency in this router.
The router’s firmware is stored in an S29AL016M chip.
That’s a 2MB flash memory chip manufactured by Spansion.
The last chip on the main PCB that I want to mention is called HIN241E.
This chip from Intersil is a voltage transformer for the RS-232 interface that features ESD protection of external circuitry. It can perform data transfers at a high speed (up to 230Kbps) which makes it suitable for use with analog as well as ISDN modems.
Besides the main PCB, the router has a wireless module on a separate daughter card. It is plugged into the mini-PCI slot located near the router’s processor.
The Wi-Fi module consists of three controllers with accompanying components. The TNETW1130 WLAN processor from Texas Instruments is the main one.
It supports modern WLAN standards (802.11b and 802.11g) and QoS mechanisms.
An RC2422 transceiver is connected to the WLAN processor. It was designed specially for devices that support both 802.11b and 802.11g.
The chip carries the logo of RADIA Communications that was devoured by Texas Instruments in 2003.
The RFFE controller is branded by RADIA, too. This chip is called RC2326.
It is recommended by the manufacturer for use with the RC2422.
And finally, the router’s antennas are connected to the RC2326. The internal antenna is not wired, as is often the case, on the PCB, but is designed separately and is attached to the Wi-Fi module with a screened cable.
The external antenna’s connector is attached in the same way.
The router’s PCB also has a seat for a console connector which is missing on our sample of the device:
The DI-824VUP+ is a complex network solution for the SOHO market sector. Most exciting about this device is that it incorporates the functionality of an access point, router, print-server and VPN-server at once. Network equipment makers only add some of these features to their SOHO routers, but not all them together. Otherwise, the DI-824VUP+ is quite a standard device of its class. I’ll describe its functionality in detail below. Right now I’d want to add a few words about the firmware.
There is in fact nothing much to tell about it. The DI-824VUP+ model was released about a year ago and the manufacturer has by now solved all the firmware-related problems by issuing a few updates. At the time of my writing this review, 1.05 is the latest version of the router’s firmware but there’s one problem which I also mentioned in my review of the ASUS WL500g Premium. The problem is that many routers do not support a VPN (PPTP) connection to the provider if the IP address is issued by an external DHCP server. The reviewed router solves this problem with its official firmware, which is good, but firmware 1.05, and the earlier versions too, do not support routing of packets bypassing the VPN tunnel. This means that the provider’s local network won’t be visible upon establishing a VPN connection. This problem is only solved in firmware 1.05b6 which is not fully official as it is only available on D-Link’s Russian ftp-server. Otherwise, both versions are stable, giving no cause for complaints.
I will describe the options of the router’s web-interface with respect to the version 1.05 firmware as the most widespread one. Like every other “all-in-one” network device, the router offers an abundance of settings available via your Web-browser. I won’t explain each setting since the manufacturer has already done this in the router’s own Help system. This Help is accessible from each page with settings (it will be opened at the appropriate section then) or as an independent item in the router’s web-interface.
There’s plenty of information about each setting, making it possible to learn an unknown feature on your own. When the Help is evoked from one of the settings pages, it opens up in a new window so that you could still continue working with the web-interface. The Help system is not blameless, though. There are typos in the Help file, and some settings are just omitted. But anyway, this Help is indeed helpful.
Besides it, the router’s web-interface offers four more groups that include all the available settings and information fields. The first group (you see it when you access the router’s interface) is called Home. It contains main option that you should start setting the router up with.
The Wizard page allows to run a Wizard for a simplified setting-up of the router’s main parameters.
The Wireless page of the Home group contains basic parameters of the Wi-Fi interface such as SSID, channel number, and security method with necessary parameters.
The connection security methods have been listed above in the router specification, but here they are again: WEP (64, 128, 256-bit), WPA (PSK, RADIUS), and 802.1x. You can also disable the encryption altogether.
The WAN page allows to choose the type of connection to the world and to specify the parameters necessary for the connection to function properly.
Here is the list of possibilities: static IP address, dynamic IP address, PPPoE, dial-up, PPTP, L2TP, and BigPond Cable. The latter three connections appear if you select Other in the main list. The Dial-Up option will only be available if a modem is attached to the router.
On the LAN page the router’s IP address on the internal network, the subnet mask and the domain name for the internal network are specified.
The DHCP page contains settings of the integrated DHCP-server.
You should specify the range of dynamically assigned addresses here. Note that the subnet addresses depend on the router’s own address. If the latter is changed, the three fields of the IP address on this page change automatically. A rather queer method is used to assign dynamic IP addresses: not sequentially, but at random from the specified range (this is typical of D-Link’s equipment, though). You can also bind certain IP addresses to specific MAC addresses. Information about all the assigned addresses is shown on this page as a dynamically changing list.
The VPN page contains settings of the router’s main feature, the VPN-server.
I’ll talk about it at length below.
The next group of settings is called Advanced. Here you’ll find all the settings related to the device’s operation. The first page in this group is called Virtual Server:
Here you can set up virtual servers on the internal network to communicate with applications that refuse to work via NAT. Having set up a virtual server, you can make it work by a schedule. The page also contains a ready-made list for specific protocols. The elements of this list can be edited or deleted as necessary.
The Application page is for setting up connections that do not work via NAT.
These settings pertain to those applications that need ports that wouldn’t be changed by NAT. Such settings are often referred to as Trigger Port in networking equipment. The next page is called Filter and contains packet filtering options.
Besides the standard filtering based on IP address, MAC address or text address, you can also filter out packets from certain domains as well as to filter by MAC address to access a VPN tunnel.
The Firewall page is where you write rules for the integrated firewall. The rules are applied to traffic passing through the router.
The parameters of monitoring and controlling the router via SNMP reside on the SNMP page.
Both versions of the protocol, v1 and v2c, are supported.
In order to communicate with a dynamic DNS server if your ISP assigns you a dynamic IP address, you need to set up an appropriate account on the DDNS page.
The routing table is written into the Routing page:
Both static routing and RIP routing (v1 and v2) are supported. It’s the changes in this page implemented in the version 1.05b6 firmware that allow accessing the provider’s local network while maintaining a PPTP connection. For each route, there is an entry added where you can specify the network interface.
On the DMZ page you can specify the address of a computer on the subnet that will communicate with the world “bypassing” the router.
The Performance page is in fact called Wireless Performance:
Fine settings for the WLAN transceiver are specified here. This is the final page in the Advanced group.
The next group of settings is called Tools and contains options pertaining to the router’s web-interface and firmware. On the Admin page you can set up the opportunities of access to the router’s settings.
There are two levels of privileges: the user level allows to view the settings and the admin level allows to change them. You can also enter an IP address from which it will be possible to administer the router.
The router’s internal date and time are specified on the Time page.
The System page allows to save all the router’s settings into a file, load them from a file or reset all the settings to the factory defaults.
To update the router’s firmware, go to the Firmware page:
The Misc page contains settings that don’t fit into the other pages.
Here you can enable support for UPnP, assign a non-standard port for the FTP-server, protect the router from DoS attacks, ping different addresses, etc.
The Status group shows all the events that have happened on the router as well as the status of all the active services and connections.
The Device Info page shows information about the main interfaces of the DI-824VUP+. The Log page is keeping a log of all of the device’s activities. You can enable notifications to be sent via e-mail or SNMP to the administrator. The Stats page is counting up traffic for each of the network interfaces in packets. The list of all the connected Wi-Fi devices is shown on the Wireless page. The VPN Status page shows the status of all the tunnels of the integrated VPN-server. The Active Sessions page shows all the NAT sessions.
Summarizing this section of the review, I should acknowledge that the router’s web-interface is very good. Every necessary option can be found quickly while the integrated Help system simplifies the setup procedure greatly. Of course, there are some points you could find fault with (like the page-by-page log and the firewall you cannot disable), yet the interface is very well designed overall. I also want to single out the fact that every process, like saving the settings or updating the firmware, is performed very quickly.
This section describes the two special features of the DI-824VUP++ router: VPN-server and print-server. It’s all simple with the print-server feature. First of all, you should install the necessary software from the CD enclosed in the router’s box. This is in fact a driver of a special port called PRTmate which will be used to exchange data with the printer you attach to your DI-824VUP++.
The rest of the printer setup procedure is ordinary for Windows. But when you choose the printer port, you should specify the printer’s IP address (it’s the same as the router’s IP) and physical interface in its properties.
Setting up a VPN-server is somewhat more complex. You’ll find everything you need to do that on the VPN page of the router’s Web interface. It contains a few buttons that open up new pages when clicked on. These pages contain additional parameters that are missing on the main page. The router supports up to 40 IPsec tunnels and can acts like a PPTP or an L2TP server. There are separate settings pages for the latter two protocols. The selection of settings for PPTP and L2TP is identical.
First of all, you should enable the server by clicking the appropriate checkbox. Next, enter the VPN server IP address that must differ from the IP address of the router’s WAN interface. Then, select the authentication protocol and traffic encryption parameters. The client can be authenticated using the following protocols: PAP, CHAP or MSCHAP. If you select MSCHAP, you must then specify if the traffic in the channel is encrypted with MPPE or not. When all the parameters are specified, you can add tunnels into the list at the bottom part of the page. Don’t forget to click the Apply button after you’ve added a tunnel.
More parameters must be specified if you want to create an IPsec tunnel. First, you must enable the VPN-server and specify the maximum number of tunnels. Then each of the tunnels is to be set up independently. To do this, specify the tunnel’s ID and key exchange method (manually or with the IKE protocol). For further setup, click the More button next to the necessary tunnel.
I’d want to remind you about one shortcoming of the router’s Web interface. If you don’t press the Apply button, all the changes you’ve made on one page are cancelled after your going to another page. Don’t forget about that! So, after you click the More button, you find yourself on a page where the rest of the tunnel’s parameters are set up.
The particular settings you’ll see here depend on what key exchange method you’ve selected before. I chose IKE as the most frequently used one. First you must specify the tunnel’s operation mode, normal or aggressive. Then, there are the addresses and masks of the subnets that will be used on both sides of the tunnel and the client’s IP address. If you enter an IP address in the IKE Keep Alive field, the status of the tunnel will be checked by the server by pinging this address in the client’s subnet. Further down the list there are client authentication settings: a key, a key and a name, or a user password. You should enable the IPSec NAT Traversal option (it’s the same as NAT-T) if the packets are undergoing NAT on their way between the endpoints of the IPsec tunnel. And finally you should choose a Security Association (SA) variant for IPsec and IKE. Pages with settings for these variants appear on your pressing the appropriate buttons. The pages are almost identical. You can set up 10 SA variants, four (or fewer) of which can be made active by entering their IDs into the appropriate list:
Each SA variant consists of several fields. First, let’s consider the case of IKE. Besides the ID, the first field of the rule is DH Group in which the version of Diffie-Hellman key exchange is specified: group 1 – 768bit, group 2 – 1024bit, group 5 – 1536bit. The encryption algorithm is specified in the next field: DES or 3DES. Next goes the authentication algorithm: SHA1 or MD5. The association lifetime in seconds or kilobytes is the last field.
The IPsec variants are somewhat different. First, you can disable the Diffie-Hellman encryption. Second, there is a field for you to choose the encapsulation protocol: ESP or AH. And third, you may not use authentication. After you’ve performed these operations, the IPsec tunnel may be considered as set up. Besides standard IPsec tunnels, you can also create a dynamic IPsec tunnel whose difference from a static one is that you don’t specify the IP addresses of the remote subnet and the remote VPN gateway for it.
It can be set up by pressing the appropriate button. I won’t describe the setup procedure as it is similar to the one of creating a static VPN tunnel.
Summarizing this section, I should agree that the VPN-server’s settings are indeed up to today’s requirements. It thus can be utilized successfully by a majority of users. The bandwidth of the VPN-server will be tested in the next section of the review.
I performed a series of tests on the DI-824VUP++ router to check out the bandwidth of its interfaces, the coverage area of its wireless interface and the speed of its VPN connections. I will compare some of the results with those of the ASUS WL500g Premium obtained under the same conditions.
I used the following equipment for all the tests:
I used the popular IxChariot program to test the speed of the network connections, running the High_Performance_Throughput scenario.
Here are the results of the tests of data-transfer speed between the different network interfaces.
1) Data is transferred within the router’s local wired network (LAN-LAN):
Click to enlarge
2) Data is transferred within the router’s local network, but one of the devices is attached to the DI-824VUP+ via Wi-Fi using WPA encryption. The Wi-Fi device is placed near the router (WLAN-LAN):
Click to enlarge
3) Data is transferred between a computer on the local wired network and a computer on an external network (its address is in the same subnet with the router’s IP address). WAN-LAN:
Click to enlarge
The following table shows the average data transfer speed of the DI-824VUP++ in comparison with the WL500g Premium:
So, the D-Link router is inferior to the ASUS in two out of three tests. Their results are only the same in the LAN-LAN test. This indicates that the worse performance of the D-Link is due to its lower processing power. It also has only half the amount of memory the WL500g Premium has. I guess we’ll only get an objective view of performance of the DI-824VUP++ when we compare it with a device that has similar specifications.
Next goes a test of the VPN connection bandwidth. The DI-824VUP+ router acts as a VPN-server here. The client was running Windows XP Professional SP2. The parameters of the VPN tunnel were as follows:
Click to enlarge
The results of this test agree with my opinion about the router’s processor. By the way, the declared support for 40 IPsec tunnels seems like a marketing trick: if the speed drops down so much with one tunnel, it is going to be very low with, say, 10 tunnels working simultaneously.
The last item in my test program is to measure the coverage area of the wireless module. As usual, I measured the level of signal in different places of a closed environment using a notebook. The results of the WL500g Premium are listed for the sake of comparison.
Distance to router
Finally we see the D-Link router win a test! It kept connected even when the WL500g Premium was not available on air at all. As a kind of experiment, I tried to establish a wireless connection to the router from a very remote room that was located at a distance of no less than 20 meters behind five walls, two of which were brick ones. Unbelievable as it may seem, the router with its default antenna coped with that task, providing a signal level of 22%. The ASUS router couldn’t provide the coverage under the described conditions.
So, what does this review come down to? My impressions about the DI-824VUP+ router are rather ambiguous. On one hand, the speed of its WAN and WLAN interfaces is low and there are some minor flaws in its web-interface. On the other hand, I couldn’t help feeling I was dealing with a well-made and reliable networking tool as I was testing it.
This router can’t be called a best buy due to its low speed, but if the provider’s channel bandwidth is low or you are going to connect the router to the Internet via an ADSL modem, it is the speed of the Wi-Fi interface that remains the single drawback. With its functionality, the DI-824VUP+ would best suit a small remote office that needs a reliable network gateway in the first place while the speed of the external connection is of secondary importance.