Hacker News new | past | comments | ask | show | jobs | submit login
$55 board turns a Raspberry Pi CM4 into a router (liliputing.com)
44 points by edward 3 days ago | hide | past | favorite | 72 comments

It's hard to understand why you'd buy this rather than flashing OpenWRT onto one of thousands of existing routers, most of which have more ports, and can be picked up for less than $55 + the price of a CM4.

Because there are not thousands of existing routers supporting openwrt. OpenWRT needs at least 64MB RAM now and most consumer oriented crap which has that amount of RAM is expensive and under same model number you always have revisions galore most of them unsupported and some even of completely different architecture than other revisions.

Many times there is less than 50% chance that you buy a supported revision unless you go with things like Turris Omnia or Raspberry Pi..

Flashing it is also not trivial.

... but I do still think it's a good option compared to the WTF-that's-a-lot-for-a-router price of the CM4 one, especially with the current prices.

Yea, $55 for a OpenWRT router is hard to find for a quality one that supports/embraces flashing your own firmware and with 64mb+ RAM. Those come in $300-700+ flavors.

Which at that point, a true enterprise solution via ubiquiti or even cisco is affordable.

There are some real steals if you dig deep enough. Case in point the Xiaomi 4A GbE:

  * $30 (not missing a zero)
  * OpenWRT support
  * 128MB RAM
  * 3 gigabit ethernet ports
  * 802.11ac Wi-Fi
Sure it's not going to compare to a full Raspberry Pi (tiny flash, no USB, no video, no expandability), but for plain routing it's fantastic value.

These more expensive routers usually have at least 4 GBE ports, and two or three wifi radios, capable of beam forming. So it's apples and oranges.

(Mine was a used one, under $100.)

Check out GL.inet.

(I don't work for them, I just like their products)

The ubiquity edge router x is about $60+

GL.inet has some very nice little cheap devices that come with openwrt.

Flint is their newest / highest end router, has about the compute perf. of Pi3, but has WiFi 6.

The lagging customized OpenWRT release cycle worries me. My router is the thing I most want to be up to date with patches / fixes.

You can flash upstream owrt to then. You don't have to run the vendor firmware. I buy GL.iNet devices and the first thing I do is flash upstream.

wow, these look indeed great. I hope I remember these when my current router dies.

Why are some of their devices EOL if they use OpenWRT?

Because companies don't make the same product forever.

Why aren't Ford making the Model T anymore? Why aren't Viewsonic making CRT monitors anymore? etc

Of course I didn't mean hardware EOL, that I understand, but why discontinue software updates then?

Because they're a business, not a charity.

They also do this the right way and upstream device support before they sell the device, so they don't have to support it. Upstream OpenWrt are already doing it.

One quick reason why not to flash an existing OTS router is RAM.

IMHO most consumer routers need to be reset because they have memory leaks, that reduce the amount of memory available for the routing table. A power cycle becomes the common fix.

Meanwhile 4GB of RAM on PfSense can probably power an office of 50 engineers with 50% of its ram left available (and no swap)... and it will never need to be restarted.

I recently bought a TP-Link travel router and tried to install OpenWRT firmware on it, but it refused the update. I'm afraid more and more routers will have some kind of signature mechanism that will block any third-party updates.

Note: the specific router (TL-WR902AC) has a support page on OpenWRT, but apparently for newer versions it doesn't work.

If this continues, how will OpenWRT remain relevant?

It's relevant? I don't know if it's been "relevant" this decade.

It's relevant for anybody who wants to run their own flavor of software on their router for whatever reason.

It has enough hardware that you could run a few services at once. For example, Pi Hole, a Plex media server, etc. My brother does the above with a much more expensive and less capable Celeron powered Synology NAS.

UEFI bootloader, PoE support, and generally good Linux driver experience out of the box. Whether that's enough is highly dependent on the user.

I don't disagree but the headline is calling out the $55.

Keep in mind that the way the second Ethernet interface is connected to the Pi will have an impact on performance.

The board mentioned above uses PCIe, as does the even smaller alternative “Raspberry Pi Compute Module 4 IoT Router Carrier Board Mini” from DFRobot [1].

Other boards use USB 3, like the “Dual Gigabit Ethernet NICs Carrier Board for Raspberry Pi Compute Module 4” from SeedStudio [2].

I wouldn’t recommend using USB.

[1]: https://www.dfrobot.com/product-2242.html

[2]: https://www.seeedstudio.com/Rapberry-Pi-CM4-Dual-GbE-Carrier...

>I wouldn’t recommend using USB.

I've heard this from networking wizards all the time during my internship but nobody actually explained whats wrong with usb to ethernet NICs

As the unfortunate owner of an intel NIC, USB ones where actually way more reliable.

USB NIC consumes more CPU. Also if you are trying to use pfSense or another *BSD based router, they don't support the USB NICs very well. I ran that setup for a bit and it was dropping packets left and right. After I switched to a Linux kernel all the issues disappeared. The problems are mostly software, not hardware.

Also, if you use a hypervisor and your router in a VM with USB pass through. The overhead on the CPU for USB pass through is significant. Better to PCI pass through the entire USB controller.

So, there are gotchas and pit falls but they are mostly manageable and avoidable with a bit of understanding.

I ran a pi4 + USB NIC as a router for years before switching to proxmox VM based router (still USB NICs). It was fine, the switch was rough until I figured out the issues.

I had similar experience. Passing a USB2 NIC to pfSense in VM. The performance was horrible.

What gave USB NICs a bad reputation in the SBC community is that before the RPi4 the USB bus was USB 2.0 (the RPi4 has a USB 3.0 bus) and this meant that the max speed was 480 MBps if the NIC consumed the entirety of the bus. A USB NIC would never be able to get to 1 Gbps speed no matter what might have been claimed.

With the RPi4 you have USB 3.0 on the main USB bus so the max bandwidth there is now 5 Gbps, but the next bottleneck to be faced is the PCIe x1 bus that is used to connect these CM4 modules to the third-party carrier boards. Now you are hitting a 4 Gbps limit.

> As the unfortunate owner of an intel NIC

Odd comment. Intel are one of the best NIC vendors out there.

What was your specific device and problem?


Hosting specific things (minecraft and smb in my case) has a chance of crashing it so hard only a power cycle fixes it.

It's hard to reproduce with smb but with MC I can reliably make it crash by spawning a couple hundred mobs in quick succession.

While neat, I'm not sure why should get this over a NanoPi R4S[1] if it's a router I'm after. The R4S is quite capable[2] and at $65 for the 4GB model, significantly cheaper than this board plus a CM4 module even at pre-chip shortage prices.

Sure this has HDMI output and more GPIO, but still.

[1]: https://www.friendlyelec.com/index.php?route=product/product...

[2]: https://www.stupid-projects.com/posts/benchmarking-the-nanop...

From the first site:

> Due to the shortage of the chip that has a unique built-in MAC address, we no longer list the R4S board with a unique MAC address for retail sales. If you want to order the R4S board with a unique MAC address, you have to place an order with a minimum order quantity of 100 pieces.

the f...?

Umm yeah, can someone smarter than me explain why we would want a globally unique MAC address in a router?

You might want two or more routers (or network cards) on the same layer 2 (physical) network, if you buy two devices with the same MAC ARP (address resolution protocol) for example can't work. Typically the chip manufacturer "buys" MAC address ranges from IEEE, some cheap chip manufacturers won't. You can sometimes work around this in software by allocating a new random address to the interface

Oh, that makes sense. Thank you!

Here's my recent comment[1] with real life example.

[1] https://news.ycombinator.com/item?id=32211843

A Ubiquity ERX with 1 gb wan support can be bought for $60. CM4 compute modules are hard to find or overpriced at the moment. Not sure what the point is spending close to $100+ on this when there are cheaper options out there.

I'm looking to upgrade from this specific router - likely towards a NanoPi R4S / R4SE running OpenWRT which clocks in around $60-80 with a case and seems to be better spec.

The RaspberryPi advantage is its ubiquity. This means more eyes on any problem as well as being easy to reuse when no longer fit for purpose. (e.g. one of my Pis has been an adblocker, a kodi / plex box, and a few other things at various times). My ERX is and will forever be a router at the mercy of ubiquiti releasing new firmware fixes.

> My ERX is and will forever be a router at the mercy of ubiquiti releasing new firmware fixes.

The Ubiquiti ER-X is supported by OpenWRT. Since you're planning to use OpenWRT in the future, why not run it on your ER-X?

I missed that - thanks!

Edit: or maybe not?


> The bad is that the ER-X CPU speed is decidedly mid-range. If you run SQM to tame bufferbloat, it will top out somewhere between 130-185 Mbps depending on OpenWrt version. It is good for ~20 Mbps running OpenVPN, and ~90 Mbps running a Wireguard VPN. So you are going to outgrow it sooner rather than later, if it is not already too slow for you. I've also noted it's getting pretty expensive to buy, which is strange. But I haven't found many alternatives as small as an ER-X with 5 ports included. So far, it does the job for me.

This seems like it might be still a little underpowered for some of my future plans (adblock, 1Gbps symmetric fiber for remote NAS access, etc.) I'll give it a whirl though.

I've been running openwrt on one for a year or two and it's been totally rock solid. LuCI is a huge upgrade over the Edgeos UI, hardware acceleration is supported and zero faff wireguard (plus all the other owrt goodness).

A strange product, If I felt I had to use a rpi as a router(To be honest there are many other platforms I would choose before the rpi for a router) I would get a vlan capable switch, a pi4 and do the old router on a stick setup instead.

The problem with the single-port router-on-a-stick is that it effectively cuts your throughput in half. 10/100/1000 is full-duplex, but since your traffic is going both ways on the same port you get 1G total rather than 1G in each direction. Having two gbe ports means you can get a full gigabit in _both_ directions at once. Not sure how often that would happen in the real world, but for some it may be worth considering...

The other question is whether the hardware can do that kind of throughput... I've run for years on an old crusty J1900 with 3 realtek NICs onboard, and while it can saturate a 1G connection with bulk traffic, it does struggle to route small packets.

I've seen metrics on a Pi4 routing full speed 1Gbps at around 25% CPU (over 2 NICs)

Would you trust VLAN’s ability to securely separate and route traffic on the same port? I might be a bit old school but for this kind of stuff I really prefer proper, physical separation.

As much as I would trust the router os to separate and route traffic across ports. or perhaps you mean the switch. in which case I would probably spot check ports to make sure the switch firmware was not doing something weird, but in general yes, vlans are well specified and commonly used and I would mostly trust the switch vendor to handle them is the specified manner.

You can create a way better router using an old thinkpad (t400, t6x, whatever) which will probably have 1 Gbit ethernet, 3 mini PCIe slots (?!) which can get you 2 separate Wifi interfaces and WWan, also an expesscard slot which can give you another 1 Gbit ethernet port. Just add a switch (for LAN) and you'll have a router which probably outperforms most routers in 100$ range, which is the budget you'll need.

I did all that and I'm quite happy with results. Maybe I'll do a blog post, when I finally start my blog.

Neat answer. What O/S do you run on it?

Not GP, but I did something similar for a few years with an old T60. I used the expresscard slot onboard to connect a quad-port server NIC using a pcie riser.

For OS, I tried a couple different options including PFsense, VyOS, centos with Shorewall, and eventually settled on good old Debian with iptables rules.

What was nice about using an old laptop was that you get a built-in UPS that's good for at least an hour (with the screen off) so you almost never have downtime because of power outages (provided your modem still has power, and the node/dslam is still up).


I have heard good things about OrangePi R1 [0]. Dual Ethernet port , 512MB RAM , the works.

[0] https://bit.ly/3zX5N1C -- AliExpress

Make sure any "fruit clone" can run Armbian or OpenWrt, otherwise you'll never get updates for it.

How many packets per second sustained for what size forwarding logic. Two interfaces is a tad low.

Once one adds the (now mostly unobtanium) RPi CM4 cost plus a suitable box and accessories, it goes well beyond the $150 figure, which is still not bad per se, but I would rather spend twice for a more robust and powerful system such as either a APU2 by pcengines.ch or a IPU from NRG Systems. They're x86 based, so OpnSense is also fully supported along OpenWRT.





I would like a $55 board that turns a RPi into an Arduino. In the sense that: I 'flash' some code to it, then when I plug it in it powers on and just 'works' (per my code), and when I unplug it it does not self destruct, and can be plugged in again (and again) without issue.

Bonus points for powering from whatever the display connector is.

(Portenta H7 is getting there coming from the Arduino end, but still woeful cpu capacity, and the one I got had display issues)

Might want to try something like buildroot or yocto, so you can have a r/o root fs with your code in.

Or the ESP32 or larger STM32 microcontrollers.

can you tell us more about what you mean by 'self destructing while not being plugged' ?

If you simply unplug a RPi without shutting it down properly there is a chance that the SD card will get corrupted. It is possible to 'harden' the system by mounting the SD card read only, but that is a faff to set up and I've still had corrupted cards. This makes the RPi not useful for kiosk type applications.

Contrast with Arduino, where I plug it into my laptop and upload some code, thereafter I can plug it in/out/'turn it all about' with power and it reliably does 'stuff'

Have you considered any of the raspberry pi power button options that exist? Something with a reasonable size capacitor and a signal pin to let the Pi know to shutdown when it's lost power, before the capacitor runs out, might work?

Yes capacitor power button would work (assuming it is reliable). Still an amount of faff and expense to set up, especially if you are scaling a deployment. It would be great if the RPi (or some version of it) had this 'pre-installed'.

Apparently the CM4 comes with on-board eMMC as an option. About time!

not OC, but I guess linux not booting, because the file system got corrupted.

A better blog post on the manufacturers site about this. The linked post (lilputing) seems like a regurgitation perhaps?


Edit: my mistake. This is an older board by the same manufacturer.

It's great to compete with a netgear or something but it is still software routing. A board that uses fpga or something for a switch fabric would be worth the money to get all that nice pps.

It seems like you'd want more than 2 Ethernet ports for a router? WAN + LAN and you might as well use a direct connection.

A common configuration is to pair a router with a managed switch that can handle VLANs and have a trunk port between the switch and router such a setup is called a "router on a stick" https://en.m.wikipedia.org/wiki/Router_on_a_stick

Does anyone know where you can actually buy CM4 compute modules these days?

At least not from scalping resellers?

I’d rather get a R5S. Imperfect but at least has 2.5gig

Never heard of it. Took a quick look and I assume it's arm based? What OS would you run? I'm partial to PFSense for this use-case, but I don't believe they have an arm build available for anything except their own Netgate gear. I'd like a small x86 based machine for the purpose, and it looks like people are now using old thin clients with PCI slots which are also a nice option.

You'd need to run openwrt on it - basically the go to ARM firewall distro. I've got the prior gen - R4S - and have been using that as router/firewall for the last year or so. Not for the feint hearted but works.

>I'd like a small x86 based machine for the purpose,

Maybe check out the x86 rockpi, or odyssey from seeedstudio. Or something like this


Yep, I've actually got some of the fanless guys branded as "protectli" or something like that around the office, I didn't know there were generic ones on aliexpress - that's a good link, thank you.

And yep, I've only ever used dd-wrt, never openwrt directly, so not sure about that, but I've no desire to hand edit iptables rules or anything like that - I'll take a GUI any day.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact