I am fairly new to getting my hands dirty with networking and want to get the right device to avoid any bottlenecks.
Is there any downside to using an RPI4 over an EdgeRouter X or can you recommend me anything else in the price range and form factor.
My desired set up
I have a small coms cab in the wall so I need to stick to something smaller rather than larger.
I intend to have a range of IoT devices, NAS and a few PC's on the network so nothing major in this department.
My biggest must-have is to be able to assign certain devices to a VPN which I believe I can achieve through policy-based VPN routing.
I need to have 2 wireless APs so any advice here would be much appreciated, if they are POE that would be a bonus. My current plan is to get some TP-link Deco M4s dotted around the apartment if they work in this setup.
I'm using a Pi 4 with an OpenWRT snapshot from about March -- haven't bothered to update to the 21.02 RCs because why mess with something that's working perfectly? Running gigabit fiber, four VLANs, an assortment of IoT stuff on two of those VLANs (one for "trusted" devices running open source firmware, e.g. Tasmota, Espurna; one for untrusted e.g. Google Home, no-name IP cameras), with suitable routing and firewalling between them. Plus NAS and a bunch of other stuff.
Using the POE hat and the Vantec USB3 dual ethernet dongle, which at the time was available for around $31; seems to be more expensive now.
It never breathes hard, no matter what I throw at it. Uptime in months, never needed to reboot once my installation and configuration settled.
I'd recommend a couple of tweaks: increase scaling_min_freq to about 1GHz so that it responds optimally to sudden demand spikes, and hand-distribute the IRQs because otherwise everything lands on core 0. (I don't trust irqbalance to make good decisions: sometimes you want to bunch up the interrupts for a given device on the same core for context reasons). I have a script I'll post at some point that simplifies this.
ill take the edgerouter rather than a raspberry pi.
well I dont want a USB ethernet dongle running on my network, that's just a disaster waiting to happen, sure you can use router on a stick configuration on pi but that affects performance and migth as well just go with edgerouter instead.
I personally fully agree with the USB ethernet dongle argument but some swear by it here, I can also say that RockPro64 and a dual port Intel NIC might also be of interest as it works very well. That being said I haven't tried OpenWrt specifically on that setup recently.
All the dongle noise is anecdotal. Mine's been in 'production' driving a house of five for nearly a year without an issue. The dongle's either inserted in the port or it isn't...nothing's going to knock it loose except human error (and in that case, I'd wonder where you put your router!).
There's no reaching them. They have an alert set on the word "dongle" and they unfailingly show up to make these vague claims about "disaster" which have no bearing on reality. A USB3 connected NIC is effectively a PCIe connected NIC. Bitcoin miners use identical USB3 cables to connect video cards in large numbers. The cable doesn't fall out, any more than USB cables ever fall out unless you're hanging the router from a hook by it..
The supposed cooling issue is also imaginary: if you're using a router in an environment that's going to overheat a USB NIC, it will also overhead the same NIC chipset as used in any one of the hundreds of standard routers that OpenWRT is intended for. And we don't see these same people showing up here claiming that Linksys or TP-Link or Netgear routers are a disaster waiting to happen because the NICs inside not actively cooled and will overheat, and they'd be laughed out of here if they did.
It's getting really tiresome, and it can have the effect of misleading inexperienced people who are looking for useful information. It needs to stop.
(Note: edited to degeneralize commodity routers because the reference to a specific foundational one appears to have provided a convenient derail.)
"A USB3 connected NIC is effectively a PCIe connected NIC"
That statement is not accurate at all and elaborate about your rant afterwards
In what sense are USB3 cables related? What "cooling issue" are you referring to? USB will always have more overhead than devices connected over PCIe, performance will also depend on the driver(s) but in general PCIe will always have less overhead compared to USB irregardless of variant. USB not the most efficient way of connecting devices however despite that it may provide adequate performance for your application/scenario. What are you referring regarding the Marvell 88F6820 SoC?
I was addressing the objections that are always given by a handful of people whenever USB NICs are mentioned; it's usually that the physical connection is unreliable, and/or that somehow by being off the main board they must be prone to overheating.
(Edit: USB3.x, setting aside the brute-force legacy support, is almost entirely unrelated to previous USB generations: the cable connector doesn't even use the same physical contacts but a new, second set dedicated to USB3. It lacks any of the legacy USB1-2 overhead, and provides bus speeds that correspond 1:1 with a single lane of a given generation of the PCIe bus, on which it is essentially a comparatively thin adaptive layer. On the PI 4, you can even desolder the USB3 chip, replace it with a set of straight-through connections and get PCIe directly from the USB3 ports.)
You didn't provide an argument yourself, you responded to the preceding objection by saying that you agreed with "the argument" against them. So why don't we back up and you elucidate the "argument" that you were agreeing with when you said "I personally fully agree with the USB ethernet dongle argument", since no substantive argument made here for you to agree with, and the one you responded to merely asserted they were "a disaster waiting to happen". Please describe this disaster.
USB NICs are the bottom of the barrel, pretty much the same way as you'd say that Ikea's screwdriver is just as good as one by Dewalt/Makita/Hikoki/*. It may be adequate depending on your application however there certinaly is a different in quality, reliability and functionality however that might not be something you value / are interested in as the cheaper alternative works "well enough". There's a clear distinction between those two, what you feel is adequate and being comfortable with might not apply to eveyone else. That doesn't necessarily mean that a PCIe NIC will be better in all regards however you can be pretty sure if you go for lets say Intel, Broadcom or any other brand that supplies "prosumer" or higher grade NICs that it will at least perform just as well and/or better which may not necessarily only apply to making sure that basic functionality works. In addition, integrated ones (in the SoC) may offer other features compared to non integrated ones.
Oh for heaven's sake. They are the same NICs. The USB NICs most commonly put forward by experienced users in this forum use an absolutely standard Realtek chip and module: r8152, the most commonplace well-supported in Linux than that isn't made by Intel.
I think here is where it starts to fall apart, compare datasheets, drivers etc and you'll see a noticable difference and by far the most common NICs "here" would be integrated ones into the SoC by QCA/Atheros, Mediatek and Marvell which are much closer to PCIe ones than USB by Realtek and ASIX. Again, there's nothing wrong going with the USB approach but don't claim it's the same thing because it clearly isn't.
Also, define "integrated". Typically SOCs use SGMII or some variant thereof to provide the link between the CPU and PHY. How is this superior to the PCIe backhaul of the Pi 4's USB3 link? It's not as ubiquitious and well-supported, it's no "thinner", rarely supplies as much bandwidth...
A few reasons, you remove the USB controller, overhead and the limitations of handling Ethernet over USB not to mention another potential point of failure apart from the limitations of the controller itself.
You say "USB" without actually describing the problem you are trying to imply. USB3.x, as I've said over and over again, is a comparatively thin layer over PCIe, and most of that layer is to do with initial negotiation: it completely gets out of the way when it comes to actual data transfer.
Unlike the obscure community hacks needed to make vendor specific SGMII implementations work; have you read the Developers forums on platforms like Qualcomm's IPQ SoCs? Our guys are flying blind and doing the best they can; praise them and Venmo them some money because they're really showing some investigative prowess to make it work at all. Whereas with PCIe/USB3, they've got the entire industry working on their behalf, it's documented in minute detail, and there are entire books published about it aimed at every level of understanding.
So there's NO justification for these endless attempts to deflect new users from a highly performant, reliable, extremely cost-effective and unusually well-supported technology, based on nothing but superstition and some kind of allergy to the word "dongle". USB3 NICs, especially Realtek ones, work spectacularly well on the Pi 4 and benefit from a broad industry support that is extremely rare on the kind of hardware that OpenWRT is typically run on. But every time you try to tell a new user that, someone shows up and offers FUD that they can't document or back up, even with verifiable anedotes, let alone any real data. You still haven't described the "disaster" that's waiting to happen. Because there isn't one. It's as stable, transparent, and low-overhead as any OpenWRT installation and more so than most. PLEASE stop steering new users away from an unusually cost-effective and extremely powerful solution with immense community support.
Yeah, it's a little overpriced now; if tens of dollars are a concern you'd be better off buying a pair of TP-Link UE300s, or just one if you don't actually need 3 NICs in total.
I have multiple switches and a few VLANs and more than one offsite VPN I need to use for both work and play, so I just thought it was worth a few sheckels to have less junk hanging off the device by buying the dual unit. Throw in the POE hat and we're in $90 territory total. But cheapness wasn't my first concern, and anyway I'd already bought the Pi4+hat to use as a Kodi streamer, and ended up repurposing it as a router.
Please stick to the subject, and how are you even going to compare these specifically when the USB3 controller in this specific case (not really relevant but since you seem keen to keep bringing up the RPi4) sits on the PCIe bus? Not all SoCs are equally well supported, that's already well known. Again, if you want to use RPi4 and USB dongles go ahead no one is stopping you but at least stop keep claming that it's the same thing because it's misleading.
@dynamiccarrots
What you should be a bit concerned of is ventlation as ARM SoCs tends to get quite hot but it's also the way to should go as MIPS is more or less s deadend. The M4 should be fine to use for wireless, getting a SBC will drive up the cost considerably but if you're lucky you might be able to pick up something like WRT1900ACS/3200ACM rather cheap which will do fine in most cases and most high-speed connections well.
Exactly my setup - a small coms cab in the wall with an electrical outlet wired inside it and wired Ethernet back haul to AP's in the house. I use an ER-X. The ER-X runs very cool and is very small. It will handle half a gigabit fine (gigabit in one direction). It has generous memory (256MB) for adblock and such. It has generous flash (256 MB) for loading packages. That's the good.
The bad is that the ER-X CPU speed is decidedly mid-range. If you run SQM to tame bufferbloat, it will top out somewhere between 130-185 Mbps depending on OpenWrt version. It is good for ~20 Mbps running OpenVPN, and ~90 Mbps running a Wireguard VPN. So you are going to outgrow it sooner rather than later, if it is not already too slow for you. I've also noted it's getting pretty expensive to buy, which is strange. But I haven't found many alternatives as small as an ER-X with 5 ports included. So far, it does the job for me.
Like dizzy said - you need to manage ventilation in the small cabinet. I drilled holes in the top and bottom of my metal wall cabinet cover to get some natural circulation going through it. The heat mostly comes from the modem I also have in the wall cabinet.
If you do get an RPI4 someday, you are going to need a switch more likely than not, so if you start with the ER-X (already includes 5 switched ports), the ER-X need not go completely to waste if it becomes your switch - just something to consider. The NanoPi R4S might be something else to consider instead of an RPI4 - it comes with a nice metal heat sink case, two ethernet ports (so no dongle needed) and is small enough for a wall cabinet. It's also got plenty of CPU speed - comparable to RPI4.
256 MB is o.k. for ramips/ mt7621, but I wouldn't call it generous for adblocking. You can easily OOM a 512 MB RAM device with a few block lists enabled (partially courtesy of dnsmasq's approach of forking under certain circumstances).