What most of the >>500 MBit/s solutions (RPi4+usb-ethernet, NanoPi r4s, x86_64) have in common, is a shortage of ethernet ports on the 'router' itself (compared to the 4+1 customary for traditional routers). At the same time even home users often want multiple separate LAN segments these days (LAN, guest, IoT, VPN, etc.) - this can be achieved with a managed switch behind your router (trunking the VLANs between them).
Total newbie here ~ Hello All ~ and thanks for this post!
I found this posting because I'm looking for the best way to go for a new router purchase. Everything I found was all about using wireless routers with Openwrt, and I want a wired router with all the extras mentioned in this post - firewall, VPN, switches, etc.
I would only be getting 50 to 100Mbps fiber speed - so that being my case, which box/board would the easiest to set up with Openwrt + the extras if you had to pick one out of those you listed?
I care more about straight forward and doable than saving a few pennies and getting in over my head.
So glad this post was at the top - whew!
Since your questions and answers will be kind of specific to your needs, would you mind opening a separate thread and reference this thread? Then people can help you but keep this thread more general about the issues of higher speed connections? Thanks.
Sure Thing. . . .
This strikes me as an almost perfect system in the "money-no-object" class:
You get 8 ethernet ports, where 4 of them are 10gig. And there is a m.2 key B slot with SIM for a 4g (or maybe 5g if you go for a 3042 variant like the SIM8202G-M2. The lanes of that slot is connected to the configurable lanes of the SoC, and it looks like the BIOS settings will allow you to configure it as PCIe X2 or X1+USB3 SS. Unverified assumption!
WiFi might be harder. But there are both PCIe and mini-PCIe slots on the board, so it's not impossible.
Cooling will be an issue for any modules though. Including the SSD. I wish they had provided heatpipe solutions for connecting m.2 and mini-PCIe modules to the case.
I don't understand this. Sure, I use WiFi for portable devices, but I want cables for as many of the stationary devices as possible. This definitely includes the APs. So if I have more than one AP and want more than one WiFi network, then I need VLANs. Right? Or do you pull multiple cables to your APs?
Living on 4 floors (think Amsterdam style in a 100+ year old house, cabling options are limited. I have only one or two cables to each floor. And similar to the garden shed - only one pair of MM fibre there. So I need switches on most of the floors. But I don't want to put all the ports in the same broadcast domain. Some of the stationary devices are special. Managed switches makes separation possible, and VLAN is the tool.
Personally, I don't see any other option than using managed switches.
Besides, with OpenWrt support for the RTL83xx and RTL93xx switch SoCs you should all buy an OpenWrt supported switch anyway. For the typical 8-10 gigports, I can recommend the ZyXEL GS1900-10HP if you need fibre and/or PoE output or the Netgear GS108Tv3 if you want a PoE powered device. There are also lots of other options in all sizes at https://biot.com/switches/models
Managed PoE is a killer feature by itself, BTW. I used to have an unmanaged PoE media converter in the garden shed before installing the GS1900-10HP. But then I couldn't cut power to the powered AP without going out there and disconnect the cable. Now I have individual remote power management of both the AP and another powered device And I can also monitor how much power they draw. Getting the SFP statistics is also fun. Don't know if it's actually useful
Only if you want to distribute those multiple SSIDs from all APs, sure then VLANs become helpful. And sure, there are reasons to try to segregate rather unsafe devices into their own restricted networks (IoT comes to mind). In my case, I run different SSIDs from the two APs I operate (but my apartment is small enough so coverage is not an issue), and I simply do not operate IoT devices at all; my go to joke about IoT is, the "S" in IoT stands for security, so my solution is a) not to let them into my network and b) assume my internal network to be not much safer than the internet, so I use encrypted connections between machines, and relative strong passwords. But I accept that there are conditions where that is not an options and VLANs turn out ot be an important building block for a proper network design. But I also have the hunch that easy access to separation by VLANs often leads to network designs more complicated than required, but that is the prerogative of an network operator to design it as they see fit, independent on my opinion...
Yes, one of the option, the other obvious solution is to operate routers on each floor... but sure VLANs do have their place...
Thanks for the pointer, I am actually looking for an affordable PoE switch...
Sweet! Now all I need to do is see that I get one of those for a decent price....
This will result in no chance of roaming between APs on each floor. When your device switches APs it will be to a new SSID and will get a new DHCP/RA address, and break all its existing TCP or UDP connections. So I think multi-floor multi-AP setups are exactly the kind of situation where you should use VLANs.
Basically as the natural complexity of the network increases, VLANs become a tool for simplifying rather than complexifying, as you can run fewer cable and have fewer pieces of hardware. If your LAN is rather simple (maybe 2-3 segments) then you can often get away without VLANs if you prefer.
I don't know. I have a Unifi Edgerouter X which was quite cheap (54 CHF ~ 60 USD) in Switzerland which is routing between my home network and a fiber modem. Just going to speedtest.net shows me ~900Mbps up and down.
Yes they have hardware offloading. However latency control is maybe another story. Does it hit 900Mbps while running SQM? Some may decide they don't need that. It's a good choice due to the hardware offloading if you don't need SQM.
Just a note of caution, most offloads achieve their speed-up by reducing their generality. Often the only piece noticeably affected is traffic shaping (but QCA's NSS cores eve allow traffic shaper on the offload engine), but all other potentially not run-of-the-mill options are not supported. So offloads are fine as long as your use-case fits inside their envelope...
Look, I alreay live in that world (two independent APs), and on my mobile devices I typically have no long running connections I would miss of they go away.
Well, VLANs more or less allow the same thing running new wires would, but running wires has enough cost (time, effort, money) that it incentivizes keeping complexity low ;). As before my main argument against VLANs is that their ease of use seduces users to construct overly complicated networks, and not that VLAN tagging itself is evil
Even if your lLAN is more complex you can get away without VLANs, but that will often not be attractive or efficient.
But I had already agreed, people should buy managed switches, period.
Was mostly mentioning for the benefit of others, as I am confident you are well aware of the tradeoffs. Anyone who uses for example games or VOIP or video chat on a phone or tablet, who doesn't want their connection to die when they walk upstairs to find the kids to show to grandma or whatever should probably have all their APs on one network sharing the same SSID. VLANs enable this sort of thing. On the thread for "guys who just got amazing fast internet but don't already understand why they can't buy cheap routers or why they'd want managed switches" I think we should lay out the pros and cons. I do agree that networks should try not to get too complex. VLANs can tempt people into things like a separate network for each separate major brand of internet of things device (say Amazon echos on one VLAN, Ring devices on another, smart TVs on a third, etc etc) That kind of thing is probably overly complex for the benefits.
Everyone with experience here agrees that managed switches are the way to go. What you do with them is up to you. Not getting carried away is a good advice.
Is that with IDS/IPS enabled?
While I obviously can't speak for @thomas001, considering the hardware, the only imaginable answer would be "hell, no" - followed by, "what IDS/IPS"…
While "IDS/IPS" might be a checkbox in the commercial
^wbuzzword-bingo, it's not a turnkey solution by far - accordingly the requirements differ massively.
@slh is completely correct, nicely done
No, up and down stay around 200-300Mbps. Also, according to the site linked in OpenWrt's SQM page, bufferbloat is worse with SQM than without. Generally, I have a hard time actually saturating 1Gbps, so I never felt the need for SQM.
If you tell me where the switch for that is in OpenWrt, I can try. But given the SQM results, I highly doubt it.
Errm... As the guy who maintains that page, I was surprised to see your assertion...
If that's what it actually says, I'd like to fix it, or at least explain it more carefully... What exactly did you see?
PS Thanks for reading this stuff carefully!
If SQM runs out of cpu for the speed you set then perhaps it would give worse performance.
For many home users saturating a gigabit connection would require multiple people using the network. Without traffic shaping my family of four can do it pretty easily. Just arrive home with a couple phones that want to sync new videos of the kids to google photos, while someone starts up the Netflix front page and another person loads up a news site... doing that will completely bork a voip phone call for example. Still I imagine a single user would have a harder time. Also some ISPs do a better job managing buffers than others. If you have very little buffering due to the ISP doing a good job then no need for SQM on your router.
Thank you writing the documentation on SQM for Openwrt! Would you still recommend an IQrouter v3 despite having 500Mbps internet service? AFAIK, wifi maxes at a much lower speed (350mbps?).
Contrarian Viewpoint Alert!
I'm going to offer a different viewpoint here. If you're on a budget, you can save money with a slower connection and use a router with good SQM (for example, the IQrouter v3, or any reasonable performance OpenWrt-compatible router.)
Unless you're unusual, you probably don't need the highest bulk up/download speeds. It's likely that a lower speed connection to your ISP with a modestly-priced router that controls latency will make you just as happy. All at a lower price from your ISP and for your router.