Thanks @mk24 , I didn't see your post explaining it when I was typing my last reply 
With a smart switch you can "split" the switch and decide that only some ports of the switch can see each other, or do VLANs which means you take multiple IP ranges and squash them into a single port, while still maintaining the 100% isolation between them.
So for example you take traffic from 4 different IP ranges and send it to a single port on the OpenWrt device (where you also configure the VLANs to receive this kind of traffic).
If you want a managed switch I'll recommend mikrotik switches. I don't know the size you want so I'll just link a full list. https://mikrotik.com/products/group/switches?filter&s=c&f=["gigabit"]#
Note that you CANNOT install OpenWrt on these switches, like on most smart switches anyway
2 Likes
AES-NI is hardware acceleration for encryption (VPN for example) and may or may not be a requirement.
Why are those Intel controllers recommended?
1 Like
Thanks @bobafetthotmail , much clearer now!
But why do you prefer MIkrotik (managed) switch if other switches support OpenWrt?
link with filter:
"https://openwrt.org/toh/views/toh_extended_all?dataflt[Device+Type*~]=switch"
I imagine Mikrotik has a different proriaritary interface/rules and I'd have to learn that as well...
This is one of the most important requirements if you want to try another Firewall (other than OpenWrt).
Google:
Intel LAN is in general seen as superior to Realtek LAN.
Intel NIC is the best in terms of off loading off the CPU, it crunches call outs better than other NICs and is generally regarded as the most stable with no random drop outs.
For networking applications, it’s generally known that the i210AT is considered “better” than the i211AT because it has four transmit and four receive queues per port, while the i211AT only has two transmit and two receive queues per port. So when purchasing an APU, I made sure to look for one with an i210AT.
Intel i210AT NICs are a little better than the i211AT NICs in that they offer double the egress/ingress queues per port, very nice for firewall duty.
1 Like
Support for the most of those switch devices (Realtek rtl838x chipset) in OpenWrt is a bit young and there are some unresolved issues still (see the last posts of this thread) Support for RTL838x based managed switches
plus some features like PoE are not yet supported in OpenWrt
And I assume that someone that has 4+ IP ranges needs more than 8 ports.
The situation will probably improve eventually, but eh.
Yes but it's a managed switch, not a router.
You are literally just changing VLANs and/or making port pools from a graphical interface.
look at that, we have a filthy traitor in our forum. 
You want to get him to use pfSense or OPNSense?
Yes Intel controllers are the only ones that are reliable (maybe also 2.5 Realtek ones too) on those firewall distros.
Intel LAN is in general seen as superior to Realtek LAN.
This is the only one I can confirm personally. Realtek is meh on Linux and bad on the other competitors above. More for stability than performance. It's not slower, it can crash and reset itself if under load
Intel NIC is the best in terms of off loading off the CPU, it crunches call outs better than other NICs and is generally regarded as the most stable with no random drop outs.
Intel i210AT NICs are a little better than the i211AT NICs in that they offer double the egress/ingress queues per port, very nice for firewall duty.
For networking applications, it’s generally known that the i210AT is considered “better” than the i211AT because it has four transmit and four receive queues per port, while the i211AT only has two transmit and two receive queues per port. So when purchasing an APU, I made sure to look for one with an i210AT.
This is all nice-sounding specs and theory but I can't say I noticed any significant difference between different Intel controllers from the dawn of time (older than i210AT) or even with Broadcomm ethernet controllers.
1 Like
I use OpenWrt.
I can confirm that when using Realtek on pfSense or OPNSense you will get disconnects, bufferbloat, etc.
And if you are going to spend more than $200 to buy a mini PC, there is nothing wrong with making sure you buy something that uses the Intel i210AT or at least i211AT NICs to avoid headaches.
Besides price, do you see any advantages of having a SBC/router over a Mini PC?
-perhaps lower power consumption? how big is the difference here?
-which are more open-source friendly in terms of specs?
Most Mini PCs consume between 6W and 10W, consumes the same as a WiFi 6 router or SBC router (because you need a cheap switch and AP).
And if you are going to buy a Mini PC, it is to make the leap to an Enterprise-grade ecosystem solutions (Switch, AP and Centralized Management) of these companies:
- Ubiquiti UniFi
- TP Link Omada
- Aruba Instant On (embedded-controller)
But using OpenWrt as firewall on the Mini PC router, because the firewalls and routers that those companies sell are garbage and they lack great features and will never compare to OpenWrt.
@elan I realized you did not comment on what managed switch to get if I go SBC route (or Mini PC and I run out of ports).
Do you agree with @bobafetthotmail here that OpenWrt supported managed switches are not yet ~stable enough?
Thanks.
Thanks for the power consumption comparison.
...this confused me, I'm not sure what you're saying 
I do want an OpenWrt solution its open-source transparency...
Are you're just saying that Mini PCs compare with more "serious" enterprise-grade solutions compared to "home" routers?
I got the NanoPi R4S because i'm hoping for fibre soon and my existing openwrt modded bt hub5 isnt powerful enough for that.
A review for it is here : NanoPi R4S SBC preview with OpenWrt and Ubuntu Core - CNX Software (cnx-software.com)
And the thread for OpenWRT on the r4s is here :
NanoPi R4S rk3399 4G is a great new OpenWrt device - For Developers - OpenWrt Forum
It is Snapshot or other builds for now. It is due to be supported in the new 20 build once its released.
I'm using the anaelorlinski/OpenWrt-NanoPi-R2S-R4S-Builds: OpenWRT Builds for NanoPi R2S & R4S from official Openwrt source code with minimal set of patches (github.com) build to tinker at present.
1 Like
Its a case of "grunt" as it were. Most home routers are cheap and cheerful. Limited ram and cpu power. As you step up towards enterprise kit the memory and cpu power increase. Like going from a little motoscooter to a Ferrari 
For an example, my bt home hub 5 is only good really for up to 300mb/s i believe. Beyond that you really need more cpu power.
1 Like
Yes, and even if they are enterprise-grade, you can use it without problem at home.
Companies that sell "home" consumer wireless router generally offer hardware and software trimmed in all areas (Router, Switch, and AP), so that they at least meet the minimum requirements and earn more money.
As a sidenote, those mini PCs sometimes are the same hardware used in enterprise-grade solutions.
For example let's look at the appliances from SimpleWan
https://www.cloudco.com/simplewan-routers/
Oh look, it's a Supermicro Intel-based rackmounted server with a mini itx motherboard and a pcie 4 port gigabit card.
And what's on it? those two smaller devices?
Let's look at them from a different angle
https://www.ebay.com/itm/265173339814?nma=true&si=tDHmdTW21gTxWntIg1Ndv%252BF%252BMNA%253D&orig_cvip=true&nordt=true&rt=nc&_trksid=p2047675.l2557
eyyy, that's a PCEngines APU.
1 Like
Or the young company Firewalla:
1 Like
Right now i'm using a simple TP-Link 8 port switch.
Ideally i'd like to replace that with a Ubiquiti POE switch but they are going for insane prices 2nd hand on ebay and are out of stock at suppliers. That would enable VLANs but i dont really require any at present.
I have a ubiquiti WiFi point that i've used to replace the Hub5's pathetic wifi. (I have concrete walls and even the Ubiquiti has some issues punching through)
1 Like