I'll be moving to a new flat (76m²) in 3 weeks.
My new cable provider supports 1Gbit/s down and 50Mbit/s upload.
First I thought about getting a normal Fritzbox 6660, but I saw that the Fritzbox isn't capable of VLAN tagging. Thus I searched a little bit and a few days ago I found the OpenWRT project which seems very cool.
I started reading here because of hardware recommendations. First I thought about getting a Archer C7, then a Netgear r7800, then a APU-Board,.. But I'm getting more and more confused/insecure, the more I read.
My requirements:
Router + Access Point or WLAN-Router
Support for 1Gbit/s download and 50Mbit/s upload speed
VLAN tagging (IEEE 802.1Q)
Port Forwarding
some firewall rules
maybe SQM, but I'm living alone so I don't know if I need it..(?)
Sometimes a VPN-Connection, but speed doesn't really matter here
At the moment I'm thinking of buying a Raspberry Pi 4 + TP-Link UE300 Dongle as a router, because it seems to handle "everything" including SQM very well. Then I need a managed switch, which is no problem, and an suitable AP for a flat with 76m².
For the AP I'm planning to get one from the Aruba Instant On series (AP12 or AP15), without OpenWRT. Or is there a reason to get a OpenWRT AP if I don't need much more than 3 wifi networks (normal, guest, IoT)?
Has anyone Aruba Instant On APs in use and got some feedback?
Are there any other, cheaper recommendations for a router being able to handle my wan speeds? SQM is no "must have".
Before proceeding, are you familiar with compiling etc because that will more or less be a requirement and I would recommend you to look at something that doesn't rely on USB for networking.
What you're looking at in general would be router/firewall/gateway (x86/RK3399-based, no idea how well RK3399 runs on in particular OpenWrt in general however), a switch (Zyxel GS19XX are decent ones for the money and doesn't break the bank), I'd say that IPQ4018/19 are probably your best bet as far as performance/price for AP/WiFi however from what I can tell there are still issues with VLAN support if you want to run OpenWrt.
I'm working as MS365/Azure admin, so I wouldn't consider myself a noob regarding IT. On the other hand compiling and/or programming isn't really my domain, it would at least take me some time to get started.
What would be your recommendation for an x86 device? Maybe one of these chinese mini-pcs or an Odroid H2+? But the Odroid isn't widely available in Germany and expensive..
The majority of x86 hardware suffers from various vulnerabilities see 1 and depending how paranoid you are that might be a showstopper (ARM does suffer a bit too but it's not as bad at least to date of writing). While I honestly believe that you'll most likely never encounter such an attack on your specific device/connection it's worth taking into account and I would highly suggest that you look into Intel's 4000 series or newer when it comes to hardware simply because it's much newer [2] than the old dated J18/1900-series that are by now 7 years old! (and no AES-NI etc) [3].
x86 will most likely be the most flexible platform but if you want something reasonable recent it'll drive up the cost. The downside with cheap x86 platforms is that many uses Realtek PCie/USB nics (including the Odroid board) and while they may work decent on desktops they're not really "server/network" grade at least in my book and by looking at servers etc in general it's something you don't find and they're usually not recommended if you look at network oriented distros (do note that there's a difference between supported and recommended). With that being said, they may work perfectly well for your use case.
I can't really say a SoC/platform that will give you zero issues because pretty much all have their quirks and issues, adding gigabit line speed on top of that gives you even a more limited selection. x86 will however most likely give the least of issues however there "might be"/are distros that will "utilize" the hardware to it's full xtent more than OpenWrt as are usually targeted against devices not fitted with sub 1Gb of ram and 16-128Mbyte of storage. I've personally looked for something cheap to use as firewall without spending too much time and for now RK3399 + dual ethernet Intel NIC (these can usually be found pulled/used in .de cheaply) which in my case has worked really well running FreeBSD 13-CURRENT but it's not a fully plug and play solution and it's a full OS so no fancy web ui although I don't find pf's syntax hard to read so it's an issue in my case. This board is supported in Openwrt however I think that it's in a pretty rough state (ie buggy etc) until ~5.10 or newer kernel is imported but I haven't verified.
It's also very easy to overengineer, but some kind of router + Zyxel GS1900-8 (use idealo) + an AP or a router flash an AP (VLAN functionality and other features may be limied using OpenWrt depending on platform) would be the way I'd go for but it might be a bit hard to hide everything physically.
Edit: Might as well provide a link for the RK3399 in .de
12V 3-5A PSU (Mean Well / Delta) such as Mean Well GS60A12-P1J (EOL)
I've also been using a 3A one but I don't have it available right now so I don't know what model it is.
I haven't measured voltage usage but 3A+ seems to run fine.
Various variants of memory cards
Toshiba EXCERIA M302 32/64Gb
Transcend 32GB Premium microSDHC Class 10 UHS-I (TS32GUSDU1)
Samsung Pro microSD (MB-MG32EA/AM) 32Gb
EDIT ...and of course the heatsink: https://pine64.com/product/rockpro64-30mm-tall-profile-heatsink/?v=0446c16e2e66
To mention a few, you should at least get a A1 rated one these days though
I've also attached an external HDD to one of the boards for use as a buildbot (using FreeBSD) as I/O on SD cards are dreadfully slow and writes are limited.
This has worked really well for me (tm) running FreeBSD 13-CURRENT (recent builds)
I do have a few APs (IPQ4) running OpenWrt though =)
Since I find the discussion interesting, I tried to cap my router/server by disabling CPU threads, to simulate a less powerful CPU.
I don't run OpenWRT on my device, but Fedora, so the system's doing a lot of stuff in the background, that OpenWRT wouldn't, so read the numbers with a grain of salt.
I used echo 0 > /sys/devices/system/cpu/cpuX/online to "disable" the threads.
With 1 core/2 threads active, I was able achieve a DL rate of approx 900 Mbps.
Outgoing traffic seems to require more CPU power, and that core only
gave an UL rate of roughly 200 Mbps.
But 've noticed my UL rates have been low lately, and it might affect the
UL total - I'm on 1/1 gbit fiber.
Network adapter's a HPE Ethernet 10Gb 2-port 562T with Intel chipset providing CPU offloading.
I used the speedtest.nets' cmd version tool to run the benchmarks, not the browser.
For an all in one option the R7800 is popular. You can get full line rate with the hardware offload enabled builds ("NSS CPU cores") + it has a switch & AP built in.
To be fair, it's in progress. You can use the NAS case but its kinda expensive, I've been using a very primitive temporary solution but I've seen people simply modifying the acryllic enclosure. I think a simple solution would be to raise and simply drill a hole for the bracket mounting screw in the top layer. There are some 3D printer variants in the making but nothing finalized to my knowledge.
I edited my last previous post and added the heatsink that I forgot about
It's more pronounced on photo than in real life and spent zero minutes cleaning things up (as long as it holds together I'm fine with it) it's not going to be on display or anything (there's also a top part I haven't attached it).
It doesn't help that my printer likes to wrap using this PETG filament
PCEngines APU2 (Simple wan) as edge device with openwrt 21.02.1 stable (APU1 as backup), Netgear GS310TP POE switch(factory firmware, for power control), two TP-Link EAP-225v3 access points(factory firmware, without using hardware or software controllers). Works fine, low cost, highly upgradeable.
Everything (from the x86_64 range) starting with baytrail-d or ivy-bridge should have the capacity to cope with 1 GBit/s linespeed plus sqm/ cake (I've successfully tested an ivy-bridge celeron 1037u locally via 1 GBit/s and sqm/ cake; only the idle power consumption could/ should be better (it would be, starting with haswell). The pcengines APU range (AMD T40E or GX-412TC based) is a bit marginal though, allowing just 1 GBit/s but not SQM at the same time; depending on your requirements -and for the right price- these can still be a good option for the intermediate future.
