[besenwesen]

Hi all,
TLDR first; I want to build my own (mini) router based on an ARM processor. For this (and some additional functionality) I choose ArchARM over pfsense and other appliances. My question now is: What hardware can you recommend for my journey?

Now the details:
The hardware components I desire:
- Gbit ethernet port x2 (10GE appreciated)
- >=4GB Ram (8 Would be nice though)
- quad core with at least 1.2 GHz
- price: <400EUR or (if anyone suggests the holy grail of power efficiency routing hardware <700EUR)

The software I want to run on this little allrounder:
- Routing software (pppoe, shorewall, pihole(dns), dhcp, any l2tp-vpn software (not decided yet))
- PiHole (saw on AUR that there is a build I want to try)
- Ubiquiti Controller (or Unifi Controller? - That fancy setup software for Unifi devices, also found in the AUR)

Side Note: The less hardware, the better. I don't care about wifi6 or 42 USB ports. I essentially need 2 eth ports, a hard drive, cpu, ram and power button.

What I have found by searching the web (Examples):
- reRouter CM4 1432 (Pi Based mini computer)
- Any Raspberry Pi Dual Gigabit Ethernet CMs
- Linkstar h68k
Latter is currently my goto favorite but im not sure if the processor is compatible with ArchARM. This Post
[url]https://archlinuxarm.org/forum/viewtopic.php?f=65&t=15930&p=69116&hilit=Rockchip+RK3568#p69116
[/url]regarding the CPU Model were left unanswered, therefore im quite unsure.

Why ArchLinux? Why ARM? Why building a router? JUST WHY?
7 Years ago I started with Archlinux, I checked Debian, macOS, OpenBSD, NetBSD, Manjaro and basically everything else out there (I don't count in windows... I won't get back these 3 days of my life). <Personal Opinion> Everything s*cks besides Arch. I had a kernel panic once, booted an older kernel and waited 6 hours for a patch, done. The only "Problem" I've ever had with Arch were a matter of 3 minutes (+pacman -Syu after 6hrs). All other distros/OSs were way more pain.</Personal Opinion>
Furthermore, pfsense is all nice and such, but I don't want to run 3 RPis in my private home network for every new idea I have. I want that (efficient) all in one solution without involving virtualisation on a 1200W/hr server rack(already tried that, had 120W/Hr; way too much nonetheless)). Additional to that, I just want to learn. I used different appliances and now want to start my own little 'RouterOS' by myself. If I find a hardware solution, and if anyone is interested I can document my journey on this forum so that others can benefit from the knowledge I got during this process. Just let me know



Any help or advice appreciated!

[graysky]

Depending on your connection speed and use cases for the router, you can go with a RPi4B+USB dongle or if you need more horse power, an x86 mini PC. In either case I recommend running OpenWrt, not Arch nor Arch ARM. OpenWrt is a very mature distro built from the ground up for routing. Arch and Arch ARM are not.

[besenwesen]

[quote] Depending on your connection speed and use cases for the router, [/quote]
Everything with at least 1Gbit suffices my needs. But I saw a test in which someone measured the bandwidth of an RPi that had its NIC connected over its USB connector. Bandwidth decrease of 30% of an 1GBit interface. That's not acceptable for me.

[quote] if you need more horse power, an x86 mini PC. In either case I recommend running OpenWrt, not Arch nor Arch ARM. OpenWrt is a very mature distro built from the ground up for routing. Arch and Arch ARM are not [/quote]
I know that these x86 powerhouses with a random routing appliance are an easy Goto. Powerconsumption, intel bugs and a lack of customizability and flexibility are arguments against those.
However, if I go back to an appliance, it is PFSense for sure. My decision for Archlinux is clearly the customizability and flexibility, therefore my question.

[graysky]

If RPi4B does not have enough processing power for you, the only option is x86. Power consumption on a modern one is trivial. I have an AMD 5800U mini pc which pulls 5 W idle. 8 W running snort on a gigabit connection. It is rock solid/no downtime. Not sure what bugs you think exist that aren't going to be present on any other distro. In any case, that is my recommendation.

[besenwesen]

If an RPi4b can route traffic from one iface to another with Gbit speed then its okay. It have to be capable of at least 1Gbit, with the usb bridge between the pi and the ethernet I can imagine that this is not going to work.
If you have an alternative that maybe even reach 2.5gbit/s that is ARM based, let me know. If not, I hope ARM based mini computers are taking over the home computing/routing market by the end of the decade... *Fingers crossed*

[technosf]

I am building out a [b]MochaBin[/b] - 4-core AARCH64 1.2G CPU, 8G of RAM, 2xSFP ports (10Gbt works, also has a 2.5Gbt), + 5 RJ45 spread over 3 Phys. I got it from the kick starter for ~$220 (add $50) for the two SFP modules I bought in addition).

[url]https://globalscaletechnologies.com/product/mochabin-copy/[/url]

Its a new device, so not a much doc around it, but I am learning a lot and setting it up is fairly straight forward.

It's going to be my router, email server, plus adding ELK on it, and plenty of room for more projects.

[jclds139]

If you're really bent on this and sticking to ARM, I'd look into something Rockchip or Allwinner-based since there's some decently powered ones that expose mini-PCIe ports that you could use for the second switch. An RPi CM4 with the right carrier board could do the trick too, again because of the exposed PCIe lanes.

I will second the suggestion of using OpenWRT instead of ALARM for a router, though. If nothing else it will be SO much easier to configure as such than a general purpose OS like Arch.

[luna]

Going to post a dissenting opinion here. OpenWRT is a terrible operating system. The philosophy is directly opposed to Arch in every way:

* OpenWRT uses a release model and releases happen... well, they happen when they happen (generally several months to years in between)
* there is no updating between releases. The wiki has a dedicated page telling you not to update between versions where it stresses this point multiple times in big, bold, black letters
* each release involves making a backup of, completely wiping, and restoring said backup, of your configuration (which has managed to miss critical files for me, despite the software telling me it would back them up)
* each release is distributed as a binary blob that you install with a noninteractive blackbox upgrade program (source code is available, of course, but the only supported method of upgrading is very Windows-like)
* every package is a cut-down version of the software that you're used to from real Linux systems, including the removal of most debugging / other output code and *all* documentation so it can be hard / impossible to troubleshoot problems
* every package you install is wiped on upgrade and needs to be reinstalled
* the wiki is a confused mess of out of date, flat out wrong, and conflicting information mixed in with dire warnings like the above
* there is next to no support for customizing your installation beyond package, e.g. filesystem
* the OS as a whole is predicated on the hard assumption that every machine it's installed on has ~20 MB total of storage available and maybe 256 MB RAM and every design decision reflects this; there is no accommodation for larger devices
* most damning of all, the entire premise of the system is a hack; it's designed to be installed alongside existing firmware such that rolling back must be possible, even if that's not what the user wants. This is necessary for cheap consumer devices, but in tandem with the previous point, this hacky nature informs and indeed restricts everything about the OS

I suffered through OpenWRT for a year or so while I looked for a device capable of running real Linux and I hated every single minute of it. I picked up a Banana Pi R3, put ALARM on it, and have been *infinitely* happier. I have a real computer running a real kernel with real packages--and I can also reach almost gigabit speeds over wifi, with my clients being the limiting factor.

Edit: Stay away from Allwinner, they're jerks who don't respect the GPL. Rockchip are good, though, as are MediaTek (like with the BPI R3 I mentioned above).

[clotspond]

I know that these x86 powerhouses with a random routing appliance are an easy Goto. Powerconsumption, intel bugs and a lack of customizability and flexibility are arguments against those.

[moonman]

RPI4 is more than capable of routing 1Gbit/s. I believe it's better to get a realtek USB nic (instead of ASIX) as it has lower CPU load, decent drivers and multiple things are offloaded.

I did an experiment and put OpenWRT on RPi4 and used it as a router + SQM QOS + wireguard site-to-site VPN and it does around 930Mbit/s (I believe 940Mbit/s is maximum for gigabit ethernet with 1500 frames which can be increased to 997Mbit/s with jumbo frames, but only locally), but that was more than likely due to QOS. My upload is only 100Mbit/s so that doesn't matter.

Wireguard performance was awesome as well. The other end of wireguard connection is only 300Mbit/s but RPi4 managed that just fine.

The key is to enable packet steering.

Load on full speed 930Mbit/s download is 70-80% on first core and way less on the rest.

With that said, if you plan on using snort or such, it may not be enough.

As for OpenWRT being crap, I fully disagree. I think it's brilliant OS which is very lightweight. It's designed to be run on very limited resources ( limited RAM, nand, etc), yet it's very modular, compact and with tons of features. Of course you can't expect the same level of freedom as with mainstream OS from an OS with busybox and micro C library (uClibc or musl now). Upgrades are much easier now with "attended sysupgrade" plugin. It basically looks at the packages you have installed, compiles a full firmware image on a remote server that includes all packages you have installed and does the upgrade locally. All configs are intact and you don't need to manually reinstall the packages anymore.

My point is, I agree with graysky. If you want something that works, get OpenWRT which is designed as a routerOS. If you want a fun little project or to tinker, then by all means, get ArchLinux ARM and turn it into a router. There is nothing wrong with either.