That looks like your ISP is playing games with its own speedtest server... but note that server's physically in the same city can have massively different RTTs/connection quality. E.g. I live in the middle of Germany, but my ISP routes all my traffic via Hamburg (in the north of Germany) even traffic in my own city... I guess you knew that though.
Either nonsense, or it just pinpointed under-sized peering connections between your ISPs network and the speedtest server networks...
Exactly, a lot of people think of buying a slice of bandwidth that they own... So it's like: you ----- some wires ----> any server you want and that the ISP sort of "controls the size of the wires"
But reality is that everything is shared except maybe the link between you and the first piece of equipment your ISP owns.... (but with GPON and DOCSIS even those are shared)
run mtr your_speedtest_server here while running a speedtest. you'll see info about how many hops you go through... hops between two different providers are likely to be congested some of the time for example.
If a hop is congested, then suddenly all the pings past that hop will go up at once... and specifically through time the mtr "stddev" will eventually increase for all those links.
Hi, I recently got a gigabit WAN line at home (Vodafone Germany) so I was reading all the gigabit WAN router threads in the forums. Right now I've got a Archer C7 as main router and one aus dumb AP. I'm using seperate VLANs for LAN and Guest. Moreover im running Wireguard and AdGuard Home. SQM and Qos is something I haven't done yet, but I will definitely have a look into it. So now it looks like that I need a new router to handle the Gigabit WAN.
Going through all the possibilities here (and without the need for wireless in the router) I'm stuck somewhere in beetween a Pi 4 and an APU2 right now.
A Pi 4 would probably be OK for my needs. It should have good software support since it is a popular platform. However it maybe lacks some connectors to make it more extensible (SATA, mini PCIE) and I read that people would not recommend it because of the USB to Ethernet-adapter which would be needed. What exactly is the problem with that? Is it not going to work 24-7 or will the adapter die to fast if used 24-7?
What do you guys think of this board?
https://openwrt.org/toh/sinovoip/sinovoip_banana_pi_r2
Ist looks like it should have similar performance to a Pi 4 however with more connectors for a reasonable price. Unfortunately it looks like openwrt support is not good at the moment since I would have to compile a build myself. But this ist something I'd rather avoid.
Regards
Well, it certainly has a powerful CPU and seemingly sufficient memory bandwidth to actually do some serious work @1Gbps rates...
There are different concepts around about what work-loads a router should handle; I tend to fall into the let a router do only those things that it needs to do or is supremely qualified for, IMHO that does not include acting as a file server for the LAN (or even as general purpose web server for LAN and WAN), and then the need for SATA/mPCIE pretty much goes away. Now, admittedly that is a matter of subjective taste and what is actually feasible in one's home network (I do accept that it is attractive to make a router also act as file server as it runs 24/7 anyways, but trade-offs...)
I believe the biggest problem is the lack of robust information about the stability and robustness of the different USB3 ethernet dongles. Some are known/suspected to be flaky (and for all I know, some might actually be all), but this is a matter where active research seems needed...
The 32-bit cortex A7 CPU of the babana_pi is classes less performant than the RPi4B's 64-bit cortex A-72. But looking at the ports/connectivity the banana beats the raspberry hands down. I would guess at 1Gbps CPU might be be your biggest issue though, depending on what you want your router to actually do for you.
That actually is far easier than one expects, I started with @hnyman's great scripts (for the legacy wndr3700v2) and still wonder why I hesitated for multiple years before trying it...
The fear of USB Ethernet is baseless. I've been running the Pi4 as my main router since I did my performance tests. it works great 100% uptime for ~ a month now or so. the dongle I chose which is a TPlink is barely warm... I'd choose the RPi4 over the banana any day due to the huge amount of support and availability. if something fails I can have a complete replacement at the drop of a hat. it's very fast and it just works.
OK, thank you for the detailed explanation. In general I share your opinion, that the router should only handle router specific tasks. Since I also own a x86-Synology-NAS with Docker support and several Pis I don't really have a need for the router handling everything. I was just thinking that a small SSD connected over SATA behaves better regarding write wear compared to a micro SD and with mPCIE I could still connect a wireless device if I need to. But these things are not really a hard requirement for me. I would just have taken the extra ports for the price.
Thank you for the insights regarding the processor. I still have to learn about the different ARM generations.
OK, so I think I will go for the Raspberry Pi 4 and just try it with the USB-Ethernet-Adapter. I could still use a Nanopi r2s but I prefer the Raspberry for it's availability and software support. It ist cheap and if it doesn't work well I can still use it for other tasks.
Initial OpenWRT support for the NanoPI R2S is here. My performance tests show impressive openssl and routing performance. The statements made earlier in this thread about worse performance than RPi4 are clearly negated, as I am seeing Gigabit routing speeds and 12x RPi4 openssl performance :-).
Well, that is die to AES acceleration, which is great, but how does the performance stack up without using the AES instructions? I am not asking because I want to diss the R2S, but because I want to get a feel how the CPU stacks up against the RPI4B in general and openssl, without special instructions is a decent test.
Independent of that datapoint, looks like a nice device, especially with the dual GbE ports.
But SQM enabled ingress up to 465 Mbps, egress up to 750 Mbps looks like it lacks behind the RPI4B (could well be configuration/test dependent, as far as I can tell the RPI4B does ~900Mbps bi-directionally with SQM/cake so around 1700-1800 combined, but I might misremember those tests).
That was not my question, but rather how does the NanoPI R2S's CPU stack up against the RPI4Bs in other tasks, and @SvenH's numbers for cake indicate, that a quad-core A53@1.4GHz is close to but not yet a match for a quad-core A72 @1.5GHz, unless one's load is mostly AES... (mine is not, and yet I am still tempted by the Nano, 2 ethernet built in are nice, even though one of them is connected via USB3, similar to what is possible with a RPI4B, except on the nano no extra dongle is required).
Using openssl speed aes-128-cbc
NanoPI R2S (taken from SvenH's linked post):
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128 cbc 47801.04k 54071.81k 55695.70k 56117.93k 56229.89k 56202.58k
RPi4:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128 cbc 69788.19k 74361.71k 75483.44k 75819.01k 75819.69k 75814.23k
This is with the latest build:
aes-128 cbc 55115.86k 60549.91k 62123.52k 62787.30k 62698.84k 62701.57k
@moeller0
I see
As for the OpenSSL results (for reference):
RK3399 only using the little cores (4xA53) with and without crypto extensions on FreeBSD (I don't have one running Linux at hand).
Without:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128 cbc 47464.06k 59053.06k 61922.47k 62729.22k 63063.58k 62859.95k
Enabled:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 104938.60k 340047.87k 654165.16k 925854.92k 1054993.07k 1063877.04k
rk3328 SoC supports upto 1.5Ghz with a patched applied to the kernel. This gives a little boost to the openssl perfomance without crypto acceleration.
Its obvious that in a comparison between A53 vs A72, A72 cores will definitely beat the A53 cores. But considering the applicability, RaspberryPi is targeted for a wide range of applications, with 2/4/8GB memory options, dual display outputs, DSI, CSI, etc. You're paying extra for the features you probably won't ever use if you run OpenWrt on the board, plus the USB-eth is an extra purchase.
On the other hand, we have the NanoPi R2S, solely designed to be a networking/headless device with dual NIC on board, one based off RTL8153, no display, 1GB memory, SPI Flash support and a small form factor. With SPI flash soldered to the board, you can boot OpenWrt right off it (this is used in routers) all for 22$.
A similar board, RockPi E also based on rk3328, has dual ethernet directly connected to the CPU, downside being that one port is only 100M, but you get one USB3.0.
I meant no disrespect for your fine device. My interest is mostly in finding a cheap device that is powerful enough to bi-directionally shape ingress and egress traffic for a 1000/1000 Mbps internet access link. Links in the Gigabit class are getting more and more common here, and unfortunately, proper AQM still improves interactive performance of a link even at gigabit speeds, but few/non of the affordable home routers pack the punch to do firewalling/NAT, routing, optionallt PPPoE-de/en-capsulation and bi-directional traffic shaping (that is, those devices that do, tend to use hardware acceleration features which mostly are not compatible with traffic shapers as used in sqm-scripts).
So I am looking close all all reports of devices that might allow to do this as a decent price. And your NanoPi R2S comes very close, except that it seems to be limited to traffic shaping around say a 500/500 Mbps link (still quite impressive for a $22 device!).
(About SPI-flash versus sd-card, I used to love built-in flash, but sd-cards allow much easier experimenting with different OpenWrt versions with a dead simple switch between strategy, just plug in a different card).
I had this debate with myself back in 2014 and ended up buying a more expensive Supermicro board with a quad core Intel C2558. It was quite a bit more expensive than other solutions, but due its substantial horsepower, it ended up lasting 6 years, right until this year, when the CPU died due to an error in the stepping B0 series of the SoC. It would actually have lasted another few years I'm sure had the CPU not decided it's time was up.
The point I'm trying to make is that with these speeds and especially with SQM, spending a bit more money for a really capable board can actually make sense in terms of longevity of the platform (I replaced the dead board with another Supermicro containing the C3758 this time).
Additional benefits of a board like this are that you can add a SSD for the boot/root partition, which with multiple partitions on it, makes flipping between versions of Openwrt a breeze.
I was in same boat as you. In the end, I purchased Celeron-based 2-core x86 fanless mini-PC two years ago and never looked back. I believe it cost me around 170EUR, plus miniPC WiFi card (only used for guest WLAN).
For Gbit performance, it is not worth the hassle to deal with less. Once you kit out your Rpi with USB adapters, VLAN switches, power adapters etc you will be approaching same money as mini-PC, but with much less VPN oomph and looking like crows nest of wires.
I get 170Mbit/sec OpenVPN speed using 256 bit encryption and NAT/routing @ 1Gbit/sec is not a issue (tested by running iperf3 between LAN/WAN). I never used shaping/SQM as I have Gbit fibre connection,
So save yourself a hassle and go x86. It is 64 bit, proven, well packaged, future proof and draws suprisingly little power with Celeron. Just make sure you order AES-NI compatible CPU.
P.S.
Archer C7's make terrific AP's. Just do not use 2.4GHz, it is broken 
If you've spent 170EUR on a RPi4, USB adapter and vlan switch then you've done it wrong.
As for VPN performance it's only an issue if you're using something like OpenVPN. My RPi4 easily does 350mb/sec (my current full line speed) to my VPS with Wireguard and I'd suspect it'd do a lot more if needed. May test it out at some point in my LAN.
Sure, that is a solution with lots of reserves, but also with an estimated price-point ~200EUR. I am rather on the lookout for a solution that achieves bi-directional traffic shaping @Gbps rates in the 50-100EUR range. I am not so much looking for my self, my 100/40 link is well within capability of my turris omnia, and not too far out of what my trusty old wndr3700v2 can shape (with not too far out meaning up to a factor of 2 ) but more for a solution to recommend all those users that realize that their old OpenWrt router does not allow traffic shaping at their new rates, so the cheaper the better, and the Nano Pi from above with its $22 price would be just perfect (and for links in the ~500/500 Mbps range it probably is).
In the forums for Espressobin it is made clear to an information requester that although the SoC is listed as having 2.5Mbit RJ-45 connections that that speed is for the SATA connection and the RJ-45s are only running at max 1 Gbit.
It is possible to have this Marvell chip connect at 2.5Gbit but this example does not.
HTH