I'm planning on getting a getting a 250/40 internet connection. I read a few posts on using a RPi4 as a router and since I have one laying around unused I thought I could save some money on a router by just using the RPi4. The two main posts I read were these two: Raspberry Pi 4 | Router on a stick | Gigabit WAN? - #3 by slh and Raspberry PI 4 vs EdgeRouter X. The first post states if I use just one port I'll get 500 for my LAN connection and 500 on my WAN connection. That means I can fully saturate my internet connection without the need of a USB3 NIC right?
Also I have a TL-SG1016PE that supports POE and VLANS and I'm planning on using a POE hat - not sure if that makes any difference just thought I'd put that in here. Would configuring a single ethernet port on the Pi for both WAN and LAN be as simple as creating some VLANS on the switch? This last question might be out of the scope for this forum but I put it in anyway.
My main question is if I will be able to saturate my internet connection. Thanks in advance for any help and sorry for the long post.
Let's start a little different, the recommended approach would be to get/ use a second (USB3-) ethernet card for two reasons:
you can get the whole 1 GBit/s wirespeed full-duplex that way.
it makes configuration and maintenance a lot simpler (especially for beginners) and straight forward, as this setup will leave you with onboard LAN and USB3 WAN interfaces, making it more like the normal router setup with two dedicated interfaces and corresponding firewall setups.
That is slightly simplified (you're likely to get slightly better values than that, especially in real life which rarely has symmetric bandwidth usage), but more or less correct - you drop down from full-duplex to half-duplex. With a 250/40 WAN connection, you're far below these values and won't be limited in any way.
One thing to consider, the router on a stick setup isn't just more complex, but you suddenly also need to trust in the security status of your managed switch - as it gets exposed to the internet (at least your ISP's WAN subnet, which may be shared by somewhere between a few dozen to a few hundreds of other ISP customers - or the internet at large (or ideally none, just the ISP itself), depends on the details of your ISP's internal structuring). This means you really want to make sure that your managed switch is safe, keeping VLANs distinct under all circumstances, that your configuration is (always-) correct and that your switch firmware doesn't leak its management interfaces on WAN (that is a problem (horrendous security bug) with some managed switches, especially from TP-Link - no idea about your specific one).
tl;dr: yes, it works (and surpasses your performance requirements) - but is for rather advanced users who know what they're doing and are very familiar with managed switches, VLAN setups and OpenWrt. In general, 10-20 bucks on a good USB3 ethernet card are usually well spent and make the setup much simpler.
Oh wow thanks a lot for the detailed response. I had no idea about the security implications as well. I think I'll definitely be using a USB3 ethernet card.
If you don't mind the additional question, do you have any recommendations for a good quality but affordable USB3 eth card? Also should the USB3 eth card be LAN or WAN? Or does it not matter?
I'll have to defer that question to the RPi users (sorry, I don't own any RPi nor any USB ethernet cards; using x86_64 with two onboard e1000e PCIe network cards as router and a managed switch on LAN).
--
AFAIK, Realtek r8152/ r8153 -such as the TP-Link UE-300- is the suggested choice (starting around 10 EUR/ USD and good drivers with little overhead), but I can't speak from personal experience here. My understanding is that the onboard card usually becomes LAN and the addon USB3 card WAN, which makes sense - it doesn't make much of a difference (what comes in, needs to get out again).
People have successfully been using tp-link ue300.
If we assume the usb ethernet unit have a higher failure rate, than the build in port, you'd like it to be on the WAN side.
If the LAN side dies, your whole network goes down (eventually), if WAN dies, 'only' internet will be unavailable.
To be honest this is actually standard operating procedure on all home routers.
The only difference is if you have the switch and router as two metal boxes with a cable in between on the table or all-in-one plastic box.
A standard home router has five RJ45 connections at the rear.
On the plastic it say WAN, LAN1-4.
But the switch actually have 6 connectors! The sixth is the connection between the switch and the router which act as a trunked vlan port.
Where the usual home router owner gets confused is when we remove the “usual” router text wan (that almost always has a different color) and lan1-4 on the plastic box and write eth0-4 with the same color instead and let the owner fix the problem.
Or have eth0-7 plus maybe SFP1 and SFP2 and no “wan” as on a normal business class switches.
But as always, if you want to go pro you need to study the situation and “know” at least a little what you are doing when setting up the hardware.
I don't trust usb sticks too much.
Yes they work, but us a gadget hanging from your device probe to be dusconnected or brojen when it receives a small hit.
I don't like them too much.
Probably a usb 3.0 ethernet device will cost you about the same a rpi 4 does.
There are devices with 2 ethernet gigabit port that cost about the same a rpi does.
And some nucs with x86 privide better performance and are not very expensive.
The speed you are talking about xan be obtained by most modern routers.
For example belkin rt3200 woul get near 1 Gbps speed and it provides wan,lan a switch and wifi access all in one device with no need to have many gadgets hanging on each other and less power supplies.
All for about 100€, there are cheaper options too that will let you get your speed.
All depends in your needs, if you have a telecomm cabinet away from where you have the devices, may be it is better to havr a switch and rputer in it and a separate wifi ap in the home.
In my home not having inter et, even wifi is about the same of not having network at all for everybody, execpt me.
My UE300 looks pretty rugged. I'm 100% certain it'd survive a 'small' hit. And while the USB connection might not be latching it isn't something that will fall out at the slightest touch. Which leaves someone consciously unplugging it, but then they could just unplug network cables which'd be just as bad..
It doesn't. The USB dongle will be cheaper.
There are, but then there are other trade offs, e.g. the cpu in the NanoPi R4S is a little less powerful (iirc) so while it'd be fine at the OPs current speed it may have difficulty saturating a 1Gbit connection.
Well yes, of course the usb dongle will be cheaper, about 20 to 30€ is the price here.
He has the rPi, so he will save it.
But you will save about 60 or 70€ with respect to other integrated solutions.
I don't like to have a gadget with other gadgets hanging from it on myh desktop.
May be OK for a cabinet far away from usual reach.
I you don't have anything near to a 1Gbps internet connection, I won't think too much in having a router that can overpass that speed, I prefer a more integrated solution not so expensive, and will change it when the neccesity arrives.
At that time there will be much more options and with lower prices.
But of course using a usb gadget in the rpi is an option.
You could get by just fine with the router-on-a-stick setup but there are some good points raised here regarding the added complexity and potential security implications of doing so. For my money it's worth dropping the extra $15 or so on a USB adapter to set it and forget it.
FWIW, I've had my Pi 4 running for a month and a half now and the USB Ethernet dongle (a TP-Link UE300) yet to spontaneously unplug itself.
I know this is solved, but to go back to your original question, yes: the single built in interface is more than adequate for your needs as described.
I use a one-port router as a backup for my gigabit fiber connection when I'm hacking on my main router. Because it's full-duplex, it can handle a full gig (well, nearly: about 900mbps) in any given direction at any given moment. It can certainly fully accommodate your uplink bidirectionally with no problem. And as you've observed, the configuration is documented and is really not that complicated.
According to this link, this particular switch allows access to the management interface from any untagged port. So I would agree with @slh that it is a security risk to connect this switch directly to the modem/ONT/whatever your carrier WAN device is. Ideally for this purpose you want a switch that at least has either A) a fixed or (preferably) configurable management VLAN and does not expose management features to any port which is not a member of that VLAN, or B) allows you to enable/disable management features per-port. That TP-LINK doesn't seem to do either of those things.
So yeah, get a USB3 ethernet adapter for the WAN side. (For administration reasons you want the POE ethernet to be on the LAN side.)
Wow thanks for all the help guys. For me I think the router on a stick option is the best for my current set-up (as I already have APs, Switch, and RPi4) and I get get a UE300 locally with 24AUD which is relatively cheap. I'm not going POE thought as all the official ones are sold out. I'm also not looking at looks, sound or anything like that as it'll be put away on a dedicated shelf in my garage.
But as many of you have mentioned there are both security and reliability concerns.
I think security can be mitigated by the USB adapter as not only do I believe OpenWRT is pretty secure, it reduces vulnerabilities exposed to the internet from 2 devices worth of vulnerabilities to one. (TP-Link especially I haven't heard good things about in terms of security).
I've read discussions on a PIs reliability both by itself and a router on the Web (and of course here) There's been valid concerns such as SD card corruption, USB dongle reliability and staying in place (not sure about that one). However, my PI has been running fine by itself for over a year although there was a burning smell after I turned my PI's case's fan off for a couple of months.
Thanks again for taking the time to discuss and answer my questions. It's also great to see many users of Pi router's here. Makes me more confident about my set-up of mine.
If it is going to stay in your garage and you have AP and switch, and the rpi, your path seems clear.
You loose nothing trying, and if you don't like rpi or the sdcard gives you problems (it seems OpenWrt does almost no write to the card except when upgrading) you always can go for an alternative.
So don't buy that switch, or any other TP-Link device, unless you can (and will) run OpenWrt on it.
Try to separate implementation bugs from design bugs. There is absolutely no problem having a managed switch in front of a router-on-a-stick, using VLANs to separate WAN, LAN, switch management and whatever. As was pointed out earlier in the thread, this isn't significantly different from the typical wifi router design where all the ethernet ports are part of an internal switch.
There isn't anything wrong about using USB adapters either. It's just not necessary if you're connecting the RPI to a managed switch. And if you want to avoid critical implemetation bugs then I think you're chances are much better with a switch. Most USB devices run buggy firmware with no open source alternatives. You can get a managed switch running OpenWrt. It doesn't get much better than that.