Would it be a good idea to run OpenWrt main router under a virtualization server?

Planning for the new home, I will need a main router to connect to ISP ONT and control the home network, some access points, MQTT, a device for home automation, may be a NAS (later)...

I was thinking of a lan router like raspberry PI or similar...

But the I have thought that it can have advantages to have a centrar quite device running a virtualization system (may be an integrated PC).

Proxmox would provide a goode dedicated virtualization system that lets you atrach a host device to a virtual machine exclusively, or even share it among several.

It lets you make snapshots on the fly, run and stop virtual devices...

May be it can be a good idea to run openWRT in a virtual system in a low consuming PC (fanless and with SSD).

I can run homeassistant in another virtual machines and other virtual machines for other things.

Do you think it is a good idea?
Would it have enough trroughput to connect to 500 MB (or even 1GB) wan?

Are there some drabacks?

Recomended hardware that would not consume more thant dedicated devices (like a pair of R4S or RPi4)?

Did somebody tried proxmox for it or are you using other virtualization system?

See STH thread, proxmox works well on one of the many devices explored there. Yes it is an idea worth investigating.

Thank you.

As you say it worths the work, I will investigate it.

Almost 300€ is a bit expensive for me, but I have to think it carefully, as it can provide a good platform for future needs, may be I can use other devices less expensive.
But having 4 2.5 Gb lan ports is interesting.

Concentrating everything in a device is a risk in (if it fails everything fails) but it simplifies things and may save you costs.
For example a UPS for it would be cheap.

Power consumputions is a concern too, but modern PCs has low consumption when idle and having many devices can sum up to more power consumption.

MAY YOU recommend a device?
Several 2.5 Gb ports would be great (at least 2, 3 would be better).
Expandable Ram (up to 32GB in 2 or more slots would be great), NVMe for booting up from (2 slots would be great for doing mirroring) some USB 3.0 and it would be great to have eSATA or a way to connect external disks (an array of up to for disks for using in NAS).

Should be able to do much better than that price, RE: power consumption, but that varies by OS's running in VMs. Also check Odroid H3.

Although it was not exactly what I was looking for just now (It has more advanced capabilities) the storaxa project seems like a great all in one solution.

The only thing I would have added is an internal battery to keep it running for a while after power loss (or the ability to connect an external one that charges from internal power supply).

A pity it is just a kickstart project and not under production.

One more question:

How do you configure lan in proxmox to get access to it and still let openwrt access the lan ports?

I mean that to get access to proxmox config web interface, prxmox has to have access to one of the lan ports and get assigned an ip prior to even running openwrt.

But openwrt should have direct and exclusive access to the wan port and at least one lan port, if it has to be able to configure the switch and all that.

Do you dedicate a lan port exclusively to get access to proxmox?

May openwrt manage the ports and switch if the lan ports in proxmox are not exclusively assigned to openwrt?
How can you configure it if you have only 2 ports in the device?

I

My sad attempt documented in that thread.

Given how prevalent the need for reliable internet access has become in recent years, I'm a strong proponent of keeping things simple - not just during good times, but also in the failure case.

For me, that implies:

• running OpenWrt on x86_64 (dedicated hardware), yes
• running OpenWrt in a virtual machine (aside from testing or for very specific -optional- subnets), hell no
  Yes, OpenWrt works quite well as a virtual machine - and there's no problem doing that for experiments, to feed a lab network (e.g. of virtual machines) with internet that way, but to rely on this for daily operations of the basic network is another topic
  • unless you're really in an enterprise environment with hot-failover live migration and standby resources
  • if you do this nevertheless, keep track of the stacking order (cold-boot, re-bootstrapping) and their implicit dependencies
  • try to keep policy decisions about the configuration in one place, don't end up configuring your network in multiple places (worst case example, managed switch <--> hypervisor <--> router-VM), that will get out of sync quickly.
    • yes, having a dedicated ethernet card for WAN and LAN (even if the later normally is a segmented trunk port for various LAN subnets) helps a lot.
• keep functionality simple and easily replaceable
  • keep cold-standby replacements, doesn't need to be a feature complete or normal performance alternative, but enough to bootstrap your network again (e.g. an old plastic router will do for a few days, even if you're normally used to (above-) 1 GBit/s WAN speeds).
• resist the temptation to overload the OpenWrt installation, just because it would have resources (CPU cycles, storage, RAM) to spare
  it's a security nightmare waiting to happen
  It's really tempting to add additional server instances to an x86 OpenWrt system, but security and the ability to properly audit your system quickly suffers that way.
• don't become a slave to your own technology, you're at home, not at work.
  /K.I.S.S.

OK, you are right.

Yes its tempting to use proxmox to virtualize openWRT.
I see some advantages as being able to take snapshots and make backups to a backup server automatically.

But as I think of it it can be difficult to configure and error prone. Any error while configuring other things in proxmox and it can break everything, or problems during upgrades to proxmox.

And it seems I would need a quite capable integrated system with 4 lan ports. They are not cheap.

So may be for the basic lan services like local dns, dhcp, internet access it is better to run it in a separate and appropiate device dedicated to it.
Probably I will add mqtt to it, but not overload with other server capacities.

And may be it will be cheaper.

I will seek for an appropiate device, with 2 2.5Gb ports (one for lan, one for wan) 4GB memory and 64GB emmc disk and appropiate intel processor.
PAssive cooling in an alluminum case.
A usb port will be enough. No need for hdmi or other things.

Would it be enough?

I don't see many compatible devices with x86 cpus and low power profile.
May you provide any?
Would I find that for 120€ or so?

An alternative might bie a nano pi with 2.5Gb lan (thinking in future needs).

Make a decision about 1 GBit/s or above 1 GBit/s first, the price difference is huge (switches in particular) - and the router itself is rather easy to replace/ upgrade later on, should the need arise.
Think twice if you want to spend on 2.5GBASE-T throughout the house now, and 10GBASE-T soon after.

If you buy new, 2.5GBASE-T Atom systems are reasonably priced at Jeff Bezo's used book store or Jack Ma's market places.

If you don't need above 1 GBit/s speeds now, there are plenty of options discussed at

(particularly in the second half of it, skip the rather dated APU2/3/4/5/6 options with their slow AMD Jaguar cores).

You are right again.

No I do not need 2.5 Gb speed right now. My internet speed won't be even 1 Gbps, just about 300 Mbps or 500 Mbps.
So 1 Gbps would be ok.

But I don't want to make expensive changes if the need for more than 1 Gbps arrives in the future, so
I was thinking of using cat 7 cabling (as I think there is no huge difference with cat6 cabling), and the ethernet outlets and patch pannel would be cat 6.

Now I am reading that cat 7 cable is not TIA compatible (you need different , and cat 6A may get up to 10 Gbps (ideally) and 2.5 Gbps with more ease, so may be better to use cat 6A cable and outlets, that would be more than enough for quite a while (and if that becomes obsolete, probably you are going to need a replacement for fibre optic cabling and only in some selected places).

Any drawback in using cat6A cabling in a small house? I think that cat6A UTP cabling will do and easly be pushed up to 2.5 Gb (specs say up to 10 Gb).

The main switch would be 1 Gb too with PoE in some ports, for most of the home.
But I was thinking of installing a few points with 2.5 Gbp (for the main computer) using a 2.5 Gbps switch or an integrated switch in the router.

But if price is high as you say, I will stay with 1 Gb, as upgrading the router or adding a 2.5 Gb switch can be done quite easily in the future.

But if prices are high I will keep using just 1 Gb, if I can get an x86 router with 3 or 4 2.5 Gb ethernet port for not too much than 1 Gbps, it will be great.

Odroid H3 might do.

My requisites would be that it is compatible with openWRT, but I am getting lost with the options.
In the TOH there are only 2 intel based routers and odroid is not listed.

May be it is a bit early to decide, as it will take time to construct the house, but I was seeking for options.

Let me chime in with my experience.

I used to live with a ZTE from my ISP and nest-wifi (with two google wifi mesh pucks), double-nat'ed. After some years, one of my neighbors (donno who) installed a new wifi system using the same channel (#36) as my nest-wifi. And my wifi went to shit - there's no way to select a channel with google manually.

So I started experimenting. First, I revived my very old Ubiquity EdgeRouter Lite (ERL), installed OpenWRT, switched ISP hardware to bridge mode, and lived like that for a while. Immediate effect: speeds dropped from 800M/800M (dl/ul) to ~500M/600M - Ubiq was simply not powerful enough.

So I thought - why not use the hardware I already have, Synology DS920+ with two eth ports? So I ran a VM with OpenWRT in a QEMU VM under Synology, and it immediately gave me better throughput: 750M/750M, easy.

I lived like that for a couple of months, with zero problems, until my new NanoPi R5s arrived.

Now I'm happily running their FriendlyWRT with docker (TinyProxies, traefik, more) and some other stuff.

The typical throughput is ~900M/950M. Here's my Speedtest for the last week:

c57d7777-3eaa-4475-b9db-208ade3e69ae1248×855 117 KB

How did you make this chart?? The speedtest-cli doesn't seem to come with a tool to present a chart like this.