Does this look like a decent starting point for a first router build?
Cross posted from: https://lemux.minnix.dev/post/204890
That seems a bit pricey considering you still need a few items. I’ve had a QOTOM for quite a while that has served me well. Looks like they have Intel four 2.5 Gb ports with an N100 for pretty cheap.
https://www.aliexpress.us/item/3256804116114245.html
Throw a stick of RAM and an m.2 drive in there and it would be cheaper and more capable than the Banana Pi. You could even throw Proxmox on there and virtualize pfsense.
For that matter you could pickup a off the shelf router and install openwrt.
You just described my setup of about a year. I’m struggling to update opnsense, last time I tried it just stopped working and I had to restore a snapshot from proxmox to get it working again. If anyone reading this has any suggestions I’m all ears!
Just updated proxmox and opnsense with few snags and it just worked. Phew.
I’ve been running OPNsense on Proxmox for years now, it just seems to plug along. I run ZFS for the datastores and do a snapshot before updates, but I’ve never had to use one.
Recently got it working with HA and inadvertently tested it by having a drive failure on my primary node. I remoted in for for something else and realized it had failed over to the second node about a week before, and I’d never heard a word from the family about internet being down.
That’s great. It’s been chugging along beautifully with no downtime for me too. It’s just that one failed update attempt, losing internet and network while it was down, and needing to go Ethernet directly into the box to do the snapshot rollback late at night made me afraid to try again. Last night it took me two hours to update everything , first proxmox 7 to 8, then OPNsense needed 4 rounds of update and reboot but each one was seamless.
I’m also on ZFS with two primary mirrored drives. Do you have to check zfs status regularly to see if a drive has failed? Or is there some kind of warning system when logging in via SSH?
I’m thinking of turning my rarely used windows gaming PC into a proxmox host with a Linux gaming VM for my next adventure.
Edit: realized it was a whole node that failed, not just a drive. Cool setup! I’m not there yet. I’m curious about your setup, what’s between the modem and the router?
Proxmox will report SMART errors via email if you set that up. You could also run a system like Nagios to run the checks via another box. I actually run Home Assistant with the Proxmox HACS extension to monitor it. It’s on a VM so that isnt’ ideal, so I also run Node Red on the little I5 PBS box to send alerts if it can’t contact Proxmox itself now. The node going down without me realizing it was a bit of a wakeup call, though it failed my docker host and router over so seamlessly it was astounding.
I have nothing between the router and the modem except a switch so each Proxmox node can have a NIC on the external network and failover/migrating can pick up the modem and use it. I suppose I could VLAN, but the servers have 2 network ports anyway so that works fine.
A couple weeks ago, this was my plan.
How is the software support? It seems like you could alternatively get a nice quad-core x86 Intel box with a handful of 2.5G ports off of AliExpress for around $120(you’d have to bring your own RAM and SSD in those cases though) and enjoy full Ubuntu/OpenWrt support.
According to the official website, it will officially have Android 12.0, Debian 11 and Buildroot support and will unofficially support Armbian, Ubuntu 20.04, Ubuntu 22.04 and Kylin OS.
As for x86, I’d really like to try and avoid it for a router.
As for x86, I’d really like to try and avoid it for a router.
Why? (genuine question)
x86_64 is inefficient and insecure
Is this board using FOSS RISC-V with open schematics? If not, there’s very good reason to suspect it too.
RK3855 = 4x Cortex-A76 + 4x Cortex-A55
Also, I trust ARM (almost definitely backdoor’d) over x86_64 (confirmed backdoor’d)
They’re both with backdoors how do you trust either?
I don’t trust either, I’m just saying I trust ARM more. English is confusing and trust can be both boolean and float at the same time
ARM trust: 0.2 (false)
x86 trust: 0.1 (false)
I didn’t know RISC-V routers were a thing. There’s OPNSense support for RISC-V?
There isn’t. I was asking if the Banana Pi used RISC-V
It’s ARM
It’s a couple levels of power more than what I need for a router in my opinion.
The competitor is the Orange Pi 5 Plus, also has 2x 2.5GB Ethernet, same SoC, more USBports, no integrated WiFi+BT (optional M.2 module), eMMC connector, M.2 NVMe socket (up to 2280).
So you’d suggest the Orange Pi Plus?
I have one, and Armbian has an official release for it and works quite well with a Kioxia 512GB NVMe.
But at this moment I’m just saying there are similar boards out there, and the 5 Plus might be slightly cheaper (no wireless though). Radxa also has a similar board based on same SoC but only has one GbE port and price might be similar to the Banana Pi.
Fuck, I accidentally clicked this and was saving it in my inbox 😭
Any idea how fast it can do wireguard? I paid like $600 for a protectli vault that can do almost a gigabit per second through wireguard.
According to this, seems to be limited to the speeds of the Ethernet port: https://superuser.com/questions/1822842/wireguard-performance-on-linux-and-sbcs-banana-pi-orange-pi-zero-3
The link you posted has nothing to do with this SoC?
You’re not going to get 2.5G over wireguard on the 3588, but you are definitely going to get over 1G.
Wireguard scales well with cores, but due to the way big.LITTLE is implemented on the 3588, it could lose performance if it tries to split the workload between core complexes.
Sorry, I’m a blank slate on this topic. I’m greedily trying to lap at the fountain of everyone else’s knowledge.