Is the AX3000T really too weak for OpenWRT?

Hello,

Is the Xiaomi AX3000T not powerful enough to run OpenWRT?

This router: https://openwrt.org/inbox/toh/xiaomi/ax3000t

I was told it may have too little RAM, and also the CPU isn't so strong and that it is now only sufficient to run OpenWRT at minimum requirements

Is that true?

Thanks

That mainly depends on what you're expecting it to do…

The SOC performance isn't top-end, but not bad at all and the routing throughput should be 'fine' (intentionally leaving it unspecified).

The RAM size is on the lower end, 'sufficient' for its primary task, but not allowing much beyond that - and many OpenWrt users are particularly interested in this 'beyond' aspect.

…but it's cheap, and quite well equipped for that price (although not that trivial to flash).

2 Likes

Who told you that (or where did you read it)? This is incorrect.

OpenWrt currently requires a minimum of 8MB flash and 64MB RAM. This will be increasing with the next release (likely 16/128), but the AX3000T has 128/256. So there is no problem running OpenWrt on this device from a RAM/storage perspective.

2 Likes

Thank you guys!
What I want to do is to set DMZ so that I can forward ports to my home network.

I want to run a web server (very low traffic, something personal) on TCP 80 and 443.

Using DMZ(with WireGuard too maybe?) as a buffer between the internet and my home network.

Can the AX3000T achieve that? Or you'd recommend something else for that?

PS I was told that maybe if I want all these + QoS so to not "choke" my home network, then I might want something stronger to handle all that

Will the server be running on or behind your router?

Assuming there isn't an ISP requirement to run their router, you can replace it with your own... there really isn't much benefit to double-NAT with a "DMZ" type configuration... at least not when it comes to OpenWrt which is robust enough to be directly exposed to the internet on the wan interface.

Wireguard, sure... no problem.

QoS would depend very much on the speed of your connection. As ISP speeds increase, QoS is often needed less (although it can still be useful at times). But at the same time, using QoS on a high speed connection means that you need a lot of processing power... without sufficient processing power, you'll simply slow down your overall connection.

2 Likes

The server is on one of the PCs connected to the router by cable (it's considered "behind" then right?) Or, you are telling me you can even run web servers on OpenWRT? :smile: )

The speeds are 1000/250 Download/Upload.

Also, yes I intend to replace the ISP router as they allow it (Need to buy Media Converter for the fiber cable though)

Yes. Exactly.

It is possible, but I asked because if you were planning on that, we would want to tell you that it is not recommended. Possible and "good idea" are, of course, different things :slight_smile:

Usually at those speeds, the benefits of QoS are more limited, except maybe for scenarios where latency is the biggest issue (i.e. gaming), or if you have one or more users who have multiple high bandwidth streams happening sufficiently often that there are really bandwidth contention issues.

@slh can probably talk more about the bandwidth hit you'd likely experience with that system -- you'd almost certainly have a reduction in overall speed, and you'd have to figure out if the benefits of QoS really outweigh the overall speed loss.

If your ISP router supports bridge mode, that's the best option. You can also look to see if it supports static routes. This at least allows you to avoid double NAT.

2 Likes

Alright, then I probably don't even need QoS. Nobody is streaming, and in general it's a very low traffic home, thus I should not worry too much about it.

Regarding the ISP router - Why should I use it as bridge and not just return it? Is it extra security? Because I want to return it since we "rent" it and pay monthly for it

Also - since I'm less of an IT guy and that's the first time I'm doing network security or even (going to) be using OpenWRT - Is there a guide that will help me set up DMZ properly? So that the other devices in my home network won't be compromised.

Thank you

You need a media converter (fiber <-> copper). The details of what you need depend on the fiber technology (as well as any other connection telemetry and authentication that may be happening) used by your isp. Assuming you can replace the device they have provided with one of your choice, you simply need to do a cost analysis to figure out which is better for your situation. If you end up keeping the current device, that is when the bridge mode comes into play.

2 Likes

DMZ is a frequently used term that has no universally agreed upon meaning or standard of implementation. Typically it implies that all ports get forwarded to a given host. But that is actually a bad idea unless there is a specific need to do that. Instead, just forward the required ports to the server that you wish to access from the internet.

If the server is only for your own personal access, use a vpn instead of forwarding ports.

2 Likes

Oh thank you got it. Yes, they provide a free media converter that I need to return (Or I can buy one of my choice). So for that I'll return their router (Assuming the AX3000T works properly).

A free media converter (and returning their router) sounds like the best option, imo. That is - if it is not costing you anything, even if you need to return it when you disconnect service, that is probably the best thing.

2 Likes

yep so I will do it instead of buying my own, as I just read that this specific ISP has a different type of converter than I thought.

The only thing left is: to learn how to flash OpenWRT on this router, as @slh said, it's not trivial.

And the most important - how do I secure my home network.

do you have a good video/guide/article that explains how I should securely forward the ports and set up DMZ? Is that something difficult to do?

PS: I am saying DMZ because that's what I thought would be the best option to secure forwarded ports. But do I have other options?

Based on your description, the ax3000t should be sufficient - but not much beyond that.

SQM is taxing the SOC/ CPU quite much, I'm not sure if it would really fully cope with 1 GBit/s downstream (that is a tad much, although we have quite encouraging information for filogic 820/ 830 based routers, but I have no personal experience with either). If you need (want) sqm is another question, maybe, maybe not - it can be useful on highspeed links as well.

Running the web server on the router would not be recommended, on the one hand because of the security aspects involved (keeping the attack surface of the router as small as possible, uhttpd not being battle-hardened enough to expose it to the wide web; apart from the in-place upgrade concerns), but more so due to the not-so-splendid RAM size. Once you expose a web server to the internet, you will attract bots - and accesses (even those you could easily do without) will cause memory usage, more than you might think.

The ax3000t should be quite fine, but with your WAN speed (and expectations that might grow over time), for using it as your central router, I would look a bit more into filogic 830 and >=512 MB RAM than filogic 820 and 256 MB RAM. But, this device is cheap right now, so giving it a spin might not be the worst idea either.

Yes, filogic 8x0 is slowly starting to turn the tables, but in essence So you have 500Mbps-1Gbps fiber and need a router READ THIS FIRST is still correct - and the faster you go, the more valid those points become.

E.g. gl-mt6000 might be more in line with expectations - but not quite the budget.

Just returning to the initial topic for a bit, the ax3000t is certainly not "too weak for OpenWrt", but your requirements/ expectations might need a tad more margin than it can provide.

2 Likes

I'm using a Mercusys MR90x for a 1000/115 PPPoE connection:
Same chipset as the AX3000T but twice the RAM and the cpu is clocked at 1600 Mhz not 1300 Mhz.
Wired I see full speed on one pc, over wireless I comfortably see the max on the upload, and depending on local wireless congestion, download is around 600 to 800.

My just arrived AX3000T is going to be a dumb AP.

1 Like

AX3000T is MT7981B (Dual core 1.3GHz) while MR90x is MT7986B (Quad core 1.6GHz), I don't see that they are same SoC.

However for a fair comparison, a few weeks ago I helped friend to get Cudy WR3000 which is really the same SoC as AX3000T, only 16MB flash, without too many packages it actually works pretty well, signal strength is great given it's small size.

1 Like

I'm running OpenWRT 23.05 on 32MB RAM box, rock stable as WiFi 4 AP/repeater for garden shed.

But thats on extreme end... for typical router usage I'd rather follow official minimal hardware recomendations, adjusting for planned usage patterns.

2 Likes

thanks for all the information guys. So for now, I will not use the AX3000T for QoS, as I probably don't even need that because unless someone will DDoS my server, it's a web with almost no traffic.

Also it will give me a chance to use openwrt for the first time.

DMZ is a frequently used term that has no universally agreed upon meaning or standard of implementation. Typically it implies that all ports get forwarded to a given host. But that is actually a bad idea unless there is a specific need to do that. Instead, just forward the required ports to the server that you wish to access from the internet.

If the server is only for your own personal access, use a vpn instead of forwarding ports.

I am currently using VPN (WireGuard), but to do that I am using an EC2 instance on AWS and I feel like I'm paying for unecessary thing. Is there a way to do VPN with my current setup (with the openwrt and the AX3000T), or I will have to use another service for that?

@frollic do you understand what the difference between this device and the RD23 EU version is? Are they completely different devices? Or just that minor differences exist?

I have not seen any photos of anyone cracking one open for a teardown, the RD03 Openwrt image can be installed on the RD23 via UART.