Hello,
I recently upgraded my internet to 1Gbit and entered the gigabit age 
. But I am running Archer C7 with OpenWrt and even with that firewall setting it goes up to max 500 Mbit, so there's a bottleneck.
How can I change my network so that it could handle 1Gbit? Most price worthy and most OpenWrt containing solution would be appreciated. I have one Desktop PC with 2,5Gbit capabilities.
P.S. yes I did read the pinned post already. Divide and conquer.
Cheers
If you're price sensitive, Fujitsu S920 or Wyse 5070 extended and an extra NIC.
Banana PI BPI-R3. $125USD for a full kit.
It's about a third more in cost than a Redmi AX6000, but way more future proof. OpenWrt supports hardware flow offload/WED (Wireless Ethernet Distribution) which reduces CPU usage - not that the beefy CPU in it really needs it.
It's Mediatek chipset is well supported, and gets a lot of developer attention here. It's a newish device, but supported in snapshot and in the upcoming 23.05 (now in its second release candidate)
Interesting, this is what I see:
I do buy a lot from Ali Express, but it doesn't usually make that much difference. Perhaps depends on region.
The Banana pi device seems pretty good. Another one to consider is the Nano pi r4s. The r5s and r6s are not yet in OpenWrt, but the r4s has been around a while. Cheaper and more available than an Rpi4 at the moment.
Another option is dual LAN mini PCs. I have one running at my sister's house from Beelink.
And OpenWrt runs on all of this hardware without offloading with 1Gbit performance guaranteed?
There are no guarantees. This is free open source software. Please do your research which performance you could expect for a specific device in a specific use case.
and or depends on VAT
+1 for Fujitsu S920
I have a BPI-R3, and have measured its throughput at over 2GBit on the bench and seen it route >1.4Gbit in real world situations.
That you will get this performance? No, because...
... this is 100% correct - this is a community of peers giving advice and reporting our experiences.
Interesting machine. It needs a second NIC plus external switch, or a PCI switch, but it would be a very interesting device. @SirMuffington, do you want WiFi?
Is the VAT 20%??? I thought my province's 15% was bad.
in SE it's 25%.
What BIOS is that thing running? Is it possible to get Coreboot running on it?
Privacy is my top concern, so I don't want any backdoors in my router. WiFi would be nice, but not mandatory since I can also buy an AP.
Will the latest firmware of OpenWrt run on Banana Pi BPI-R3?
How many minutes of own research did you spend before asking this question? I need 10 seconds of Google search to answer this.
If privacy is your top concern: what was the result of your due diligence examination of the banana pi vendor?
An AP also runs software where security vulnerabilities will be found for, sooner or later. Operating system kernel, drivers, firmware blob and user space services.
It would help if you mentioned where in the world you are. Certain things are more easily accessible in some places than in others. For example, @frollic mentioned Fujitsu S920; it's very easy to find one in Europe, but in North America, they are pretty rare.
Personally, I am a big fan of OpenWrt on x64. My go-to recommendation is to look into a used Sophos device. In 2022, Sophos retired all 85 and 105 models, some of which were still in production as late as 2019. So the secondary market (in North America anyway) is full of them (as well as later 86, 106, and 115 models) at prices well below USD 100.
If you're in North America and interested, I have a surplus Sophos XG 85w Rev 3 that is looking for a new home (OpenWrt installed):
FOR SALE (U.S.): Sophos XG 85w Rev 3
This is the rock bottom of the range. One step up are the 105 models. Here's the XG 105w Rev 3:
I no longer have this one, but I think I have a hardware-identical SG 105w Rev 3 somewhere... With OpenWrt, of course... 
My Netgear WAX206 is now selling ~USD28 in Japan Amazon, simple WiFi -> 2.5G internet test was roughly 1.3Gbps speed (only NAT, no SQM), I couldn't complain it anymore.
By that I meant whether it's given that the 23.05 firmware will fully support the hardware? I can see that it's currently snapshot, but it can be dropped, no?
If privacy is your top concern: what was the result of your due diligence examination of the banana pi vendor?
It appears to be from Taiwan and open source hardware just like the Raspberry Pi (besides the CPU in the RPi AFAIK)
Still no idea about coreboot support.
An AP also runs software where security vulnerabilities will be found for, sooner or later. Operating system kernel, drivers, firmware blob and user space services.
But it's behind the firewall/NAT, no?
It would help if you mentioned where in the world you are
Europe.
I have a surplus Sophos XG 85w Rev 3
It's no longer modern hardware, no?
My Netgear WAX206 is now selling ~USD28 in Japan Amazon, simple WiFi -> 2.5G internet test was roughly 1.3Gbps speed (only NAT, no SQM), I couldn't complain it anymore.
Not available in Europe it seems..
Just buy from Japan Amazon and ship to EU, someone in the forum already bought 3 this morning, including shipment EUR40/unit and expected arrival date within this week.
For the BPI-R3? No.
Are you speaking of privacy or security? Is the router going to be in an untrusted physical environment where you expect it may be tampered with? In that case, you are far better off with physical tamper protection and detection than electronic tamper prevention. Anyone who is sophisticated enough to insert a back door into your device having gained physical access to it is sophisticated enough to defeat coreboot with about 2.5 additional seconds of work.
You are better off putting a good tamper-evident tape on the device and checking it periodically rather than depending on coreboot. And/or putting it in a perspex lockbox. Perspex (acrylic) is very RF transparent.
Fair enough, but that means that a device with wi-fi factors in to your cost benefit analysis.
I second the NanoPi R4S recommendation. Use the R4S as your router and the Archer C7 that you already own as your WiFi AP. Too bad the C7 only outputs 500mA on the USB port or you could probably power the R4S from the C7's USB. Not really an issue, but a nice to have.
