Recommendations for a wired only router for flashing OpenWrt

My connection is 1 Gbps Charter Spectrum cable modem coaxial. Not fiber, asymmetrical.

I would like a minimum of 4 GiB of RAM and a minimum of 128 NVME GiB of storage. Multiple of 2 CPU cores at least. Wired only. I would like at least 2 or more 2.5 Gbps LAN Ethernet ports. And 1 WAN 2.5 Gbps. A metal body properly ground would be nice with passive cooling if possible. High uptime capable and high quality and reliability. 1 or more USB 3.0+ Port would be nice, but is optional. Hardware acceleration of crypto would be nice as I would like to use WireGuard. I am also Interested in the easy upgrade feature of the squashfs feature of the read only OpenWrt. I do not like the convoluted upgrade procedure of the X86 builds. But I do not want to brick my device either. I want a router that offers a easy one touch button way to recover from any brick state. Right now I use Edgrouter X and those are easy to brick and you need a serial to USB kit to recover those and it's a pain and I'm tired of those.

I would like the router to be able to run a stock stable unmodified release of OpenWrt.

I'm willing to spend up to $1599. Max

Any recommendations?

I'd argue that upgrades and de-bricking on x86 is easier because of removable storage. Have two M.2 sticks, put upgraded image on a spare stick and do a swap. If it doesn't work, put the old one back. Make known-good backups of the image and it's about as bulletproof as you can get.

I'm making this point because x86 is the easiest and most cost effective solution that meets all of your requirements except for that one part about x86 upgrades. Basically anything else is going to be more expensive and have a lower ceiling for upgrades.

You can do this on x86.

For just a router? $1600 could build an entire network, complete with managed switches, multiple PoE WiFi 6 access points, an x86-based router that destroys literally all other consumer routers (and even some "enterprise" and "prosumer" models) in functionality and performance, and even have some spare cash to buy a Raspberry Pi or even another x86 machine to run a smart home/NAS/media server/whatever you want.

2 Likes

Your requirements pretty much explicitly exclude anything but x86_64, so just take that road.

2 Likes

elbertmai and slh you guys make great points. I did not a lot of searching on x86 stuff. What do you think of this company?

Protectli

If you're being risk averse, then Protectli's warranty and support is the way to go for these miniPCs. I'm on the other end of the spectrum from them, being a cheapo experimenter, if something breaks, oh well, I fix it (or not). I get the same-ish boxes on aliexpress for half (or less) what Protectli sells them for, but it's always sort of a crap shoot. (Example, as long as this link lasts: https://www.aliexpress.us/item/3256805881002636.html)

Pair one of those up with a nice PoE+ switch (see Serve The Home's 2.5G switch reviews, https://www.servethehome.com/category/networking/), and get as many Zyxel NWA50AX APs as you need, put OpenWrt on them (https://www.amazon.com/gp/product/B09924QS1T/). As @elbertmai alludes, this should be a whole network for well under your limit.

Personally I went the cheap/ used route, with an gateprotect fw-7543b - but if I needed more performance than I do now, I'd look into a similar direction as efahl (especially n95/ n100 based options are attractive these days, in the 130-250 EUR range (so that kind of limits what one should pay for a used option) from Jack Ma's or Jeff Bezos' market places; or a used skylake/ kabylake i5 SFF system from one of the big four vendors).

One thing I'd strongly suggest though, don't go wild just because you now have CPU cycles and disk-/ RAM to spare, it's a router, working on the front lines as your border gateway. Server tasks have no place on the same hardware. Keep the attack surface as small and easily maintainable as possible, keep your server needs separate. OpenWrt won't need (much-) more than 128 MB of its default image size (so the smallest SSD you can find will do, or a USB stick…), nor will it need much RAM (yes, I wouldn't buy anything new with less than 4 GB, but you'll never fill it up with typical router uses.

Host/Kernel/OS "gateprotect" running Linux 6.1.60 x86_64 [ OpenWrt SNAPSHOT r24255-e32f70e706 ]
System         R & S Cybersecurity gateprotect GmbH GP-7543
CPU Info       4x Intel Celeron J1900 @ 1024 KB cache flags( sse3 ht nx lm vmx ) clocked at [ 2002.336 MHz ]
Videocard      Intel Atom Processor Z36xxx/Z37xxx Series Graphics & Display  tty resolution (  )
Network cards  4x Intel I211 Gigabit Network Connection, at ports: d000 c000 b000 a000 
Processes 120 | Uptime 2days | Memory 88.8/3832.1MB | HDD 32GB SATA Flash Size 32GB (0%used)

…total (actual) SSD usage, ~30 MB.
…total RAM usage, around or under ~100 MB, despite large adblock host lists being loaded.

Keep it simple, keep it sensible.
Keep the complexity of your network at state you can replicate with a cheap plastic router as an emergency fallback (doesn't need to do full speed, doesn't need to imitate all the finer details, but it should work well enough to get your over the 1-2 weeks to get a replacement shipped, without breaking half of your network).

As a home user, you don't need an unsinkable failsafe HA setup, but you do need a cold spare that 'will do well enough' in the mean time to get a replacement (and even in a small business environment, it's usually good enough (better) to have a cold spare fully configured, next to the main one, with just two cables to change and power-on). Avoid complex bootstrapping dependency loops (e.g. virtualization, with stacked VMs depending on each other and the hypervisor to function, that works in an enterprise setting with hot-migration and a cluster of hypervisor hosts at your disposal, if you make it your full time job). Keep it simple, dedicated devices for router, switch and APs - easy to replace individually.

I've been using x86_64 as my OpenWrt router for almost three years by now, as I'm still on the experimental side of life following the master branch with regular sysupgrades every 4-6 weeks (depending on what happens in the tree or what I want to play with), it works, 100% reliable and stable and 'boring' (in the best sense of it).

4 Likes

An x86 platform as others have said, or maybe check out a NanoPi R5S.

You can add an M2 slot SSD drive to the R5S. With that, I think it only fails your criteria by one 2.5 port and importantly in not yet being OpenWrt supported, but there is a pull request to add support on the 6.1 kernel that is pretty far along. If you're able to wait and watch a bit longer for official OpenWrt support, it may become a good option for you. The R5S CPU is going to top out on what you have planned too, but it should be more or less adequate. Wireguard can make use of all four cores.

While you are waiting, re-read slh's excellent post above.

If you're thinking of putting 128 GB of storage on a router, and especially with your budget, it might be time instead to think about adding a dedicated 2 bay NAS to your network for storage.

1 Like

:+1:t3: Especially:

There are a couple megathreads over on STH (one for the N5xxx Jasper Lake series boxes, now for the N[123]xx Alder Lake ones), where people are going crazy with these things, ProxMox or XCP-NG on metal. Put the router in a VM (NIC passthrough is a fun puzzle to try to solve, I guess?). Put TrueNAS or Unraid in another. Also containers! Gotta have a bunch of docker apps running, too! GAH!

2 Likes