So you have 500Mbps-1Gbps fiber and need a router READ THIS FIRST

It's such a frequently asked question over the last few years that we really need a post we can point people to.

So your cable company rolled out 500Mbps or 1Gbps download speeds, or you have 1Gbps symmetric fiber (GPON/EPON) from ATT or Centurylink or Orange or whoever. You realize your old all in one router from 2009 is not up to the task of handling this, but hey by now stuff should be cheap and available that will handle your new fiber connection right? So you want advice about a router for between $50 and $100 that will route your symmetric gigabit connection while maintaining low latency using SQM and also easy to flash, and you're used to all-in-one devices with wifi, so it should do it all... can someone offer you a selection of 4 or 5 of them to check out for availability in your area?

The answer is NO. Why? Because they don't really exist.

Let's take a look at the math: At 1Gbps using 1500 byte packets, you need to send/receive 83333 packets per second. The packets need to be received by an interrupt, go through the firewall, be inspected, maybe have NAT applied, sent into a queue, the queue calculates rates to avoid over-sending on the link and causing buffers, and then hardware interrupts are serviced to actually send the packet along...

At 1 GHz processing rate, each packet gets 12000 clock cycles of calculation if the CPU is maxed out doing nothing but processing packets.

Evidently in an ideal world, we should have maybe 1.2GHz processors or better, and maybe have two cores at least one can handle interrupts on the receive interface, and one can handle interrupts on the send interface, and they can share the firewall and queueing duties. Let's not forget that there's RAM latency and bandwidth issues if the packets need to go from kernel to userland (like for OpenVPN) and encryption/decryption also for VPNs.

An obvious comparison point is something like the ZBOX Edge CI341 mini PC:
N4100 processor from 1.1 to 2.4GHz with dual LAN ports. It lists on Amazon for $179 without ram, SSD, or Operating system. You can probably turn this into a router for an additional $60 in RAM and SSD and installing OpenWrt, so your final price is $240 for a wired only router that will be quite competent. Now all you need to do is buy $40-120 worth of smart managed switch, and two TP-Link EAP access points, or ubiquiti access points, or maybe some older all-in-one routers running OpenWrt in Dumb AP mode. Let's budget $60 for each access point, and your house needs two of them... so we have:

  • x86 Router: $240
  • 8 port Smart Switch: $40
  • two APs: $120

Total: $400

This is the order of magnitude you should expect to spend to get very good performance on your new Gigabit symmetric line.

Can you do it cheaper? Yes. For example the Raspberry Pi 4 is very popular now. It's more of a development board than an all in one package. The real world performance numbers show that it can route and SQM gigabits of packets using 25% of its CPU capacity or so. If you buy the 2GB version and a case and power supply and the UE 300 USB ethernet dongle, it winds up being closer to $120 than the $240 for the above x86 computer. It's widely available and a good choice, but you're still in the range of $250 after buying your switch and a couple access points. This is more or less the budget version of a good setup. There are also some other good candidate boards which are less widely available but probably very good candidates. the NanoPi R4S or the RockPro64 come to mind.

But at the end of the day, as you move above 500Mbps you should consider the idea that you now have a serious bit of computing to do just to route and firewall and SQM your network, and you'll be better off with a component based network rather than sticking to your all-in-one "wireless router", at least maybe until someone comes out with a good line of multi-gigahertz multi-core multi radio all-in-one devices for 1/4 the cost of a component wise setup. Don't hold your breath over the next 2 years.

56 Likes

This should be a pinned topic

3 Likes

Can't believe my topic inspired a pinned post about gigabit speeds :slight_smile:

There is a similar question posted every second day

6 Likes

In that case, my topic would be the final nail in the coffin :wink:

Glad to see the detailed write up in a single post, thanks @dlakelan!

3 Likes

So to add my 0.02EUR, for around 300 EUR one can buy a turris omnia* that actually delivers WiFi and traffic shaping, firewalling, and routing @ 500 Mbps bi-directionally (but at that point with its back to the wall, that is, with very little reserves for anything else), also this is already by itself in the painful price range of the other options...

One can save the managed switch, by repurposing one OpenWrt dumb AP also as switch, but that is only helping at the margins...

*) Fine device with its OpenWrt derived OS, but a bit finicky to convert to upstream OpenWrt.

5 Likes

ODROID-H2+ is probably the most reasonable platform on x86_64.
Should definitely be mentioned.

2 Likes

What option is there if i'm ok with spending about 300, maybe even 400?

That really depends on A.) what currency you're referring to, B.) what you want to do with it and C.) if you can build a router yourself or need an off-the-shelf part. You might want to start a separate thread asking for suggestions for a "money-no-object" high-end board for a router.

2 Likes

I, who believed that my mikrotik hap ac2 could manage gigabits with SQM, here I am :frowning: I don't really know what to choose for a clean box other than rpi4

This is the "money-no-object" mini-ITX board I use

https://www.supermicro.com/en/products/motherboard/A2SDi-8C-HLN4F

1 Like

thank you for your answer I thought in the sense of a box that is already configured, even if the rpi4 has boxes I'm not a fan,

tell me if I'm wrong but in any case it's the ploughshare that counts while doing well that I keep the software of mikrotik routerOS or openwrt with which I am very used I can not reach even would be only 850/850 DL UP for example

1 Like

Soz, I can't help another 'me too' reply. I am on 1Gbit up/down fibre.

FWIW, my ancient TP-Link TL-WDR4900 does ~600Mbit under Openwrt, and try as I might I cannot find a good reason to bin it and upgrade to something more recent or better yet pfSense. I've tried it on a 'much better' PC Engines APU3, and TBH I think OpenWRT on my old TP Link is still a more compelling option on all counts !!!

The TL-WDR4900 was a rather special device with its PowerPC based SOC, which provided rather good performance for its time. But being exotic comes at a price, barely anyone owns devices like it, so you're probably the first to find (and having to fix) new bugs (...and big-endian PowerPC is rather dead), additionally this device is plagued by unfortunate bootloader choices of its vendor (limiting kernel size, which has blown up a few times already and appears to be beyond the limit for good now).

1 Like

usd, same as original original post, money is object, well i'm not willing to pay 500 if all ports on switch are not at least 2.5g. Definitely of-the-shelf all-in-one. Currently i'm looking at rt-ac66ub1 as it is proven device, hopefully it can handle 1gbit and it costs around 100 usd.

1 Like

Nice post!

Could you guys enlighten me on why a "budget build" would need managed switch(es)? To do VLANs? But that would be better/safer done with more ports on the router itself and VLANs separation on the router. In other words - if one does not need VLANs, why not safe money on unmanaged gigabit switches to lay out the network? What am I missing, since I'm not seeing the advantage of managed ones.

You can "save" like $10 by crippling your ability to expand. It's a false savings. The sg108e is managed and costs $30 on amazon. The unmanaged version is $25. Of course if you have some existing network with 18 desktop machines you can buy a 24 port unmanaged switch to plug them all into and save $20-50 but then you're really a medium business at that point right? The IT guys time and the 18 desktop machines are the real expense.

3 Likes

I dislike VLANs quite a lot (as these are innocent tools that allow and encourage over-complicated network designs :wink: ), but I fully concur, if one buys a switch one should buy a managed (aka configurable) switch.
IHMO the question is more does one want > Gbps ports and how many, and what about POE, but unmanaged switches only an option if they come for free or the budget is suuuuper tight, but that seems unlikely in the >= 500 Mbps thread :wink:

1 Like

Yes even if you don't use VLANs managed switches offer IGMP snooping, which can be important for those who have IPTV, and they offer QoS settings which can help if several devices start big network transfers while some poor gaming machine just wants to send 500kbps on a tight schedule. They also offer diagnostics and LAG groups which can help in going past 1Gbps on the internal network. For example a single desktop talking to a NAS can dominate a link between two switches. If that's a dual cable LAG group it's no longer a choke point.

Also sometimes VLANs really are the right choice. For example I have some IP cameras for watching the house when away... They are on a VLAN with zero ability to forward packets to the internet. But I don't want to run separate cables around my house, and one location is served by a single powerline device that needs to carry LAN and camera traffic.

3 Likes