NanoPI R2S is a great OpenWrt device

Over the past few weeks I have been fortunate enough to do some tests with early OpenWRT builds on the NanoPI R2S provided to me by @jayanta525.

This is a dual Gigabit Ethernet board with a 4 core Rockchip SOC (RK3328) on it, manufactured by FriendlyARM.

Performance of the board is great, especially considering its price point (€32 incl shipping to Europe in my case). In summary (more details below):

• AES h/w accelerated openssl, up to 12x openssl performance compared to RPi4
• WAN-to-LAN/ingress (NAT + firewall) TCP throughput of 940 Mbps
• SQM enabled ingress up to 465 Mbps, egress up to 750 Mbps

@Jayanta525 is working on other similar RK3328 boards as well, like the Rock Pi E, and is currently preparing a PR. Once ready, please consider supporting us getting the PR merged into mainline OpenWRT!

OpenSSL performance

root@nanopi-r2s:~# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 24232739 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 18557185 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 8901311 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2985544 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 414423 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 208278 aes-128-cbc's in 3.00s
OpenSSL 1.1.1  11 Sep 2018
built on: Tue Nov 12 16:58:35 2019 UThar) des(int) aes(partial) blowfish(ptr) 
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-J6qvxk/openssl-1.1.1=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     129241.27k   395886.61k   759578.54k  1019065.69k  1131651.07k  1137475.58k

root@nanopi-r2s:~# openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 8962695 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 2534616 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 652684 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 164408 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 20592 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 16384 size blocks: 10291 aes-128 cbc's in 3.00s
OpenSSL 1.1.1  11 Sep 2018
built on: Tue Nov 12 16:58:35 2019 UTCns:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr) 
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-J6qvxk/openssl-1.1.1=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128 cbc      47801.04k    54071.81k    55695.70k    56117.93k    56229.89k    56202.58k

TCP routing performance

FriendlyARM states 941 Mbps throughput on both eth interfaces. I have confirmed this. Furthermore I have tested routing performance as follows. Test setup: Windows laptop on LAN port, Linux machine on WAN port, both running iperf3.

• iperf3 ~890 Mbps (LAN-to-WAN)
• iperf3 -R ~910 Mbps (WAN-to-LAN)

This packet steering trick from the RPi4 thread actually slows down the iperf3 performance (both directions) with around 1-2%:

• echo 2 > /sys/class/net/eth1/queues/rx-0/rps_cpus
• echo 1 > /sys/class/net/eth0/queues/rx-0/rps_cpus

Resetting that, and enabled software offloading in luci increases performance with a few %:

• iperf3 ~898 Mbps
• iperf3 -R ~941 Mbps (line speed!)

Note: for full performance like this, the IRQ of eth1 needs to be moved to a different CPU core. Failing to get irqbalance to work, I did:

root@OpenWrt:/etc/rc.d# cat /proc/irq/166/smp_affinity
f
root@OpenWrt:/etc/rc.d# echo "e" > /proc/irq/166/smp_affinity
root@OpenWrt:/etc/rc.d# cat /proc/irq/166/smp_affinity
e

TCP routing performance with SQM

Using the default SQM setup as described in OpenWRT wiki ("piece of cake"), I was able to get the following impressive numbers which should cover the vast majority of SOHO broadband installations.

• ingress (WAN-to-LAN) shaping seems to be saturating 1 CPU core and is limited to around 465 Mbps TCP. Moving IRQs around for a bit does not help.
• egress shaping works fine at 750 Mbps, two cores are up to 90%.

Thanks for the test info.

What is the CPU temp like while running the tests? My RPI4 at idle sits around 50ºC for comparison running a heatsink passive cooling case.

I read that this thing runs very hot on factory software.

I was seeing 50-52 ºC while doing these tests. I have the model with a fixed, passive heatsink. I am running mine outside of its case at the moment as I have the UART connected.
The board has a fan header (ZH1.5 2 pins) so a fan when installed permanently may be a good idea.

this amazing!
will follow this thread to get next update

could i buy this i AliExpress with official price ? 22$

Does it have to run FriendlyWRT? Can it run a normal version of OpenWRT? I was considering getting a Ubiquiti Edgerouter X but this looks intriguing at less than a third of the price and it has USB.

@bagus91 I got mine from Ali as well. Was a bit more expensive to get it to Europe but still extremely good value.

@Helmanfrow no it does not have to run FriendlyWRT. @jayanta525 is working on OpenWRT support and my tests have been run on a stable build. The more buzz we can create here, the faster we can get official support by having the port accepted into the mainline.

I like the idea of this board for a simple NAT router more than the Rock Pi E because it has everything necessary (dual Ethernet, USB, good amount of RAM, SD storage) and nothing superfluous (audio, GPIO, WiFi, video, etc).

Everything looks ok, any plan pull request to upstream? @jayanta525

Not yet, there's already a RK3328 target pending.

I'll update the PR asap, but anyway from experience, it will take a while to be merged

Hi all,

I will receive my 2rs tomorrow .
Could you explain how to build the openwrt image ans flash the sdcard?

https://openwrt.org/docs/guide-developer/quickstart-build-images
https://openwrt.org/docs/guide-user/additional-software/beginners-build-guide

use https://github.com/jayanta525/openwrt-nanopi-r2s, gpio branch

Build: 
git clone --depth 10 https://github.com/jayanta525/openwrt-nanopi-r2s.git
cd openwrt-nanopi-r2s
./scripts/feeds update -a
./scripts/feeds install -a
time make -j$(nproc) download V=s
make defconfig
time make V=s VERBOSE=1 -j$(nproc) JOBS=$(nproc) 2>&1 | tee build.log | egrep -i '(warn|error)'

Wating 30min build done.

Flash the sdcard:
cd bin/targets/rockchip/armv8
dd if=openwrt-rockchip-armv8-friendlyelec_nanopi-r2-rev00-ext4-sysupgrade.img of=/dev/<sdcard> bs=32M

flash sdcard done

Thanks.
I will try to build tomorrow under a docker containers, ans i will flash uder Windows.

I have order the rs2 31 euro, and i have pay here in Belgium the custom 38 euro

That's a total of 69 euro for the board.

Follow the procedure provided by @xiaobo with this modification

The build time will depend on your build system. It will take a while to build the toolchains initially and the subsequent builds will compile much faster.

I suggest you first try the pre-built images from here: https://github.com/jayanta525/openwrt-nanopi-r2s/releases

It's not good!

Screenshot_20200611-011506_Chrome595×1072 38.8 KB

You can avoid custom costs if you buy from aliexpress reseller. Should be about 40 euros with the case and power supply. Tip for next time .

crazy temp, i'm getting around 65°C now

I will look into the thermal issues soon as i get the board.

rk3328 SoC are known to run hotter, specially when set to PERFORMANCE CPU_GOVERNOR.

Try using an active cooler.

I customized the fan, but there problem

202006110849414032×3024 280 KB