It's hard to understand why you'd buy this rather than flashing OpenWRT onto one of thousands of existing routers, most of which have more ports, and can be picked up for less than $55 + the price of a CM4.
Because there are not thousands of existing routers supporting openwrt.
OpenWRT needs at least 64MB RAM now and most consumer oriented crap which has that amount of RAM is expensive and under same model number you always have revisions galore most of them unsupported and some even of completely different architecture than other revisions.
Many times there is less than 50% chance that you buy a supported revision unless you go with things like Turris Omnia or Raspberry Pi..
Yea, $55 for a OpenWRT router is hard to find for a quality one that supports/embraces flashing your own firmware and with 64mb+ RAM. Those come in $300-700+ flavors.
Which at that point, a true enterprise solution via ubiquiti or even cisco is affordable.
They also do this the right way and upstream device support before they sell the device, so they don't have to support it. Upstream OpenWrt are already doing it.
One quick reason why not to flash an existing OTS router is RAM.
IMHO most consumer routers need to be reset because they have memory leaks, that reduce the amount of memory available for the routing table. A power cycle becomes the common fix.
Meanwhile 4GB of RAM on PfSense can probably power an office of 50 engineers with 50% of its ram left available (and no swap)... and it will never need to be restarted.
I recently bought a TP-Link travel router and tried to install OpenWRT firmware on it, but it refused the update. I'm afraid more and more routers will have some kind of signature mechanism that will block any third-party updates.
Note: the specific router (TL-WR902AC) has a support page on OpenWRT, but apparently for newer versions it doesn't work.
If this continues, how will OpenWRT remain relevant?
It has enough hardware that you could run a few services at once. For example, Pi Hole, a Plex media server, etc. My brother does the above with a much more expensive and less capable Celeron powered Synology NAS.
Keep in mind that the way the second Ethernet interface is connected to the Pi will have an impact on performance.
The board mentioned above uses PCIe, as does the even smaller alternative “Raspberry Pi Compute Module 4 IoT Router Carrier Board Mini” from DFRobot [1].
Other boards use USB 3, like the “Dual Gigabit Ethernet NICs Carrier Board for Raspberry Pi Compute Module 4” from SeedStudio [2].
USB NIC consumes more CPU. Also if you are trying to use pfSense or another *BSD based router, they don't support the USB NICs very well. I ran that setup for a bit and it was dropping packets left and right. After I switched to a Linux kernel all the issues disappeared. The problems are mostly software, not hardware.
Also, if you use a hypervisor and your router in a VM with USB pass through. The overhead on the CPU for USB pass through is significant. Better to PCI pass through the entire USB controller.
So, there are gotchas and pit falls but they are mostly manageable and avoidable with a bit of understanding.
I ran a pi4 + USB NIC as a router for years before switching to proxmox VM based router (still USB NICs). It was fine, the switch was rough until I figured out the issues.
What gave USB NICs a bad reputation in the SBC community is that before the RPi4 the USB bus was USB 2.0 (the RPi4 has a USB 3.0 bus) and this meant that the max speed was 480 MBps if the NIC consumed the entirety of the bus. A USB NIC would never be able to get to 1 Gbps speed no matter what might have been claimed.
With the RPi4 you have USB 3.0 on the main USB bus so the max bandwidth there is now 5 Gbps, but the next bottleneck to be faced is the PCIe x1 bus that is used to connect these CM4 modules to the third-party carrier boards. Now you are hitting a 4 Gbps limit.
While neat, I'm not sure why should get this over a NanoPi R4S[1] if it's a router I'm after. The R4S is quite capable[2] and at $65 for the 4GB model, significantly cheaper than this board plus a CM4 module even at pre-chip shortage prices.
Sure this has HDMI output and more GPIO, but still.
> Due to the shortage of the chip that has a unique built-in MAC address, we no longer list the R4S board with a unique MAC address for retail sales. If you want to order the R4S board with a unique MAC address, you have to place an order with a minimum order quantity of 100 pieces.
You might want two or more routers (or network cards) on the same layer 2 (physical) network, if you buy two devices with the same MAC ARP (address resolution protocol) for example can't work. Typically the chip manufacturer "buys" MAC address ranges from IEEE, some cheap chip manufacturers won't. You can sometimes work around this in software by allocating a new random address to the interface
A Ubiquity ERX with 1 gb wan support can be bought for $60. CM4 compute modules are hard to find or overpriced at the moment. Not sure what the point is spending close to $100+ on this when there are cheaper options out there.
I'm looking to upgrade from this specific router - likely towards a NanoPi R4S / R4SE running OpenWRT which clocks in around $60-80 with a case and seems to be better spec.
The RaspberryPi advantage is its ubiquity. This means more eyes on any problem as well as being easy to reuse when no longer fit for purpose. (e.g. one of my Pis has been an adblocker, a kodi / plex box, and a few other things at various times). My ERX is and will forever be a router at the mercy of ubiquiti releasing new firmware fixes.
> The bad is that the ER-X CPU speed is decidedly mid-range. If you run SQM to tame bufferbloat, it will top out somewhere between 130-185 Mbps depending on OpenWrt version. It is good for ~20 Mbps running OpenVPN, and ~90 Mbps running a Wireguard VPN. So you are going to outgrow it sooner rather than later, if it is not already too slow for you. I've also noted it's getting pretty expensive to buy, which is strange. But I haven't found many alternatives as small as an ER-X with 5 ports included. So far, it does the job for me.
This seems like it might be still a little underpowered for some of my future plans (adblock, 1Gbps symmetric fiber for remote NAS access, etc.) I'll give it a whirl though.
I've been running openwrt on one for a year or two and it's been totally rock solid. LuCI is a huge upgrade over the Edgeos UI, hardware acceleration is supported and zero faff wireguard (plus all the other owrt goodness).
A strange product, If I felt I had to use a rpi as a router(To be honest there are many other platforms I would choose before the rpi for a router) I would get a vlan capable switch, a pi4 and do the old router on a stick setup instead.
The problem with the single-port router-on-a-stick is that it effectively cuts your throughput in half. 10/100/1000 is full-duplex, but since your traffic is going both ways on the same port you get 1G total rather than 1G in each direction. Having two gbe ports means you can get a full gigabit in _both_ directions at once. Not sure how often that would happen in the real world, but for some it may be worth considering...
The other question is whether the hardware can do that kind of throughput... I've run for years on an old crusty J1900 with 3 realtek NICs onboard, and while it can saturate a 1G connection with bulk traffic, it does struggle to route small packets.
Would you trust VLAN’s ability to securely separate and route traffic on the same port? I might be a bit old school but for this kind of stuff I really prefer proper, physical separation.
As much as I would trust the router os to separate and route traffic across ports. or perhaps you mean the switch. in which case I would probably spot check ports to make sure the switch firmware was not doing something weird, but in general yes, vlans are well specified and commonly used and I would mostly trust the switch vendor to handle them is the specified manner.
You can create a way better router using an old thinkpad (t400, t6x, whatever) which will probably have 1 Gbit ethernet, 3 mini PCIe slots (?!) which can get you 2 separate Wifi interfaces and WWan, also an expesscard slot which can give you another 1 Gbit ethernet port. Just add a switch (for LAN) and you'll have a router which probably outperforms most routers in 100$ range, which is the budget you'll need.
I did all that and I'm quite happy with results. Maybe I'll do a blog post, when I finally start my blog.
Not GP, but I did something similar for a few years with an old T60. I used the expresscard slot onboard to connect a quad-port server NIC using a pcie riser.
For OS, I tried a couple different options including PFsense, VyOS, centos with Shorewall, and eventually settled on good old Debian with iptables rules.
What was nice about using an old laptop was that you get a built-in UPS that's good for at least an hour (with the screen off) so you almost never have downtime because of power outages (provided your modem still has power, and the node/dslam is still up).
Once one adds the (now mostly unobtanium) RPi CM4 cost plus a suitable box and accessories, it goes well beyond the $150 figure, which is still not bad per se, but I would rather spend twice for a more robust and powerful system such as either a APU2 by pcengines.ch or a IPU from NRG Systems. They're x86 based, so OpnSense is also fully supported along OpenWRT.
I would like a $55 board that turns a RPi into an Arduino. In the sense that: I 'flash' some code to it, then when I plug it in it powers on and just 'works' (per my code), and when I unplug it it does not self destruct, and can be plugged in again (and again) without issue.
Bonus points for powering from whatever the display connector is.
(Portenta H7 is getting there coming from the Arduino end, but still woeful cpu capacity, and the one I got had display issues)
If you simply unplug a RPi without shutting it down properly there is a chance that the SD card will get corrupted. It is possible to 'harden' the system by mounting the SD card read only, but that is a faff to set up and I've still had corrupted cards. This makes the RPi not useful for kiosk type applications.
Contrast with Arduino, where I plug it into my laptop and upload some code, thereafter I can plug it in/out/'turn it all about' with power and it reliably does 'stuff'
Have you considered any of the raspberry pi power button options that exist? Something with a reasonable size capacitor and a signal pin to let the Pi know to shutdown when it's lost power, before the capacitor runs out, might work?
Yes capacitor power button would work (assuming it is reliable). Still an amount of faff and expense to set up, especially if you are scaling a deployment. It would be great if the RPi (or some version of it) had this 'pre-installed'.
It's great to compete with a netgear or something but it is still software routing. A board that uses fpga or something for a switch fabric would be worth the money to get all that nice pps.
A common configuration is to pair a router with a managed switch that can handle VLANs and have a trunk port between the switch and router such a setup is called a "router on a stick" https://en.m.wikipedia.org/wiki/Router_on_a_stick
Never heard of it. Took a quick look and I assume it's arm based? What OS would you run? I'm partial to PFSense for this use-case, but I don't believe they have an arm build available for anything except their own Netgate gear. I'd like a small x86 based machine for the purpose, and it looks like people are now using old thin clients with PCI slots which are also a nice option.
You'd need to run openwrt on it - basically the go to ARM firewall distro. I've got the prior gen - R4S - and have been using that as router/firewall for the last year or so. Not for the feint hearted but works.
>I'd like a small x86 based machine for the purpose,
Maybe check out the x86 rockpi, or odyssey from seeedstudio. Or something like this
Yep, I've actually got some of the fanless guys branded as "protectli" or something like that around the office, I didn't know there were generic ones on aliexpress - that's a good link, thank you.
And yep, I've only ever used dd-wrt, never openwrt directly, so not sure about that, but I've no desire to hand edit iptables rules or anything like that - I'll take a GUI any day.
reply