Low Power / HA - Router options [Discussion]

Levi

Member
Mar 2, 2015
76
5
8
31
I'm currently on a quest to build The Ultimate Off-grid SOHO Server Rack (MegaThread). To do so I'm going to need the lowest power routers available that also support some kinda HA setup.

Current State: Discuss --> Plan --> POC/Test --> Implement/Automate --> Backup/Monitor --> Reiterate

Just a few days ago Jeff Geerling released this review on two different Raspberry Pi Routers. I was really impressed with the DFRobot IoT Router. It was able to run at 1gbps line speed using only 2.5 watts. It supports Open-WRT and DD-WRT so that means HA using a VIP should be supported?

My only concern is that each of these devices has two ports (WAN and LAN). I will connect these routers into two "distribution switches" so its kinda HA? Each Switch will be plugged into its own router and then I will connect the switches to each other with one or two patch cables? It wont look like a cisco diagram lol but if a switch goes out the network should be able to find a path out to the internet.


Canidates

DFRobot IoT Router
Expressobin
Normal WAP flashed?

I would love to hear suggestions on other low-power routers that have high availability. Thoughts and concerns are also appreciated.
 
Last edited:

newabc

Active Member
Jan 20, 2019
172
44
28
I think, in my experience, the power efficiency on networking will cost a big money if anyone only wants a development board at home, other than developing it into a real product which can be manufactured in a factory and then selling it.

Just list something already existed in the market:

(1) Espressobin with 3 or more gigabit ethernet ports: The Netgate SG1100's hardware(STH link) is based on Espressobin(2 boards' tech specs) which are developed with a Marvell cpu solution.

(2) MACCHIATObin with 5 gigabit ports or 2 SFP+ ports: link

Personally, I will prefer 2nd hand thin clients with a pcie x4 slot and 15 watts or less power consumption. I will use Wyse 5070 extended or HP T730(I have both).

Update 1: Espressobin board with 3 ethernet ports and a case costs around $80 on amazon 3rd party seller. Or something like a 2nd hand WiFi router with a Broadcom/Qualcomm CPU and then moding it with OpenWRT.

Update 2: The x86 CPU boxes can run Suricata as IDS/IPS. It needs over 2GB memory for the Snort rules. (Ubiquiti is using ARM-based CPU and Suricata with highly customized rule set on 2GB or less memory.)
 
Last edited:

newabc

Active Member
Jan 20, 2019
172
44
28
If don't consider highly customizable OS like OpenWRT(arm-based) or pfSense(i386/amd64) and running IDS/IPS on a same box of router, the ARM or MIPS-based router solutions with some kind of programmable features that we can have on the market: Mikrotik(RouterOS) and Ubiquiti(linux on ARM).

(1) Mikrotik/RouterOS has a CLI programming language on RouterOS, but it is limited to the router's behaviors only. For home using, we can select from a small box RB760iGS(5 gigabit, 256MB ram, 16MB rom) to RB4011 series(10 gigabit and 1 SFP+).

(2) Ubiquiti's Edgerouter series are on EdgeOS, a customized linux, but they don't have IDS/IPS;
Ubiquiti's Dream Machine Pro and Unifi Security Gateway Pro have Suricata as IDS/IPS, FreeRADIUS as RADIUS sever and both with GUI.

The current OpenWRT on above 2 brand's hardware:

(1) OpenWRT on Mikrotik: OpenWRT wiki has some documents on installing OpenWRT on RB760iGS(page, OpenWRT git commit) and RB2011(page), no RB3011 and RB4011 currently.

(2) OpenWRT on Ubiquiti: OpenWRT wiki said it works on Edgerouter lite, X and pro, but not on USG series.


LTE routers with OpenWRT and other LTE kits:

(1) Searching "LTE router OpenWRT" on amazon.com, we can find some of them. But most of them with "unlocked" labels are only for AT&T and T-Mobile and don't have an external antenna connector for LTE. The "industrial" grade ones usually have an external LTE antenna, but not for OpenWRT.

(2) Mikrotik also has a LTE kit("wAP LTE Kit-US", the US version doubles the price of the regular version.)with RouterOS; Ubiquiti too, but Ubiquiti's is a function device only, not like a programmable one.

Update log after the starting post:
05/31: The links to OpenWRT on RB760iGS, RB2011, Edgerouter X and Pro; the searching link of "LTE router OpenWRT" on amazon.com.
 
Last edited:

eduncan911

The New James Dean
Jul 27, 2015
319
193
43
eduncan911.com
I think I have the devices for you:

UP Squared w/Pentium N4200

  • ~$230 For the N4200, $150 for the N3350 dual core (prices shot up with chip shortages, I got my Pentium 4s for about $170 each)
  • ~5 Watts idle, fanless, and totally silent
  • Proxmox, Xen all saw the NICs (pfSense 2.4 minimal requirement for FreeBSD 11)
  • Full x64 Intel quad-core in Pentium N4200 (Celeron is dual-core, but a LOT cheaper)
    • I only have the Pentium N4200 CPU variants, so all my tests were with them...
    • About 45x faster, per core, than RPi 3b+ (I don't have a RPi 4 to test, but they are only like 10% faster)
    • About 4x faster, per core, than the infamous Atoms in pfsense boxes
    • About 2x faster, per core, than the 8-core low-powered Xeons in the pfsense boxes
  • AES within all CPUs (Celeron N3350, Pentium 4 N4200, Atom E3950)
  • Stress tests w/Pentium N4200:
    • ~940 Mbps full-duplex
    • ~580 Mbps full-duplex AES OpenVPN (~670 Mbps half-duplex)
That's, 5 watts.. For all of that and destroys any other low-powered device I put up against it. It is powered by a 5V 6A PSU, but it doesn't need that much unless you are loading up the M.2, mPCIe, RPi 40-pin header, all USB3 ports, DP, HDMI, USB-OTG, etc etc...

As a bonus, the UP Squared (and most of their SBC boards) all have the same 40-pin header in the Raspberry Pi. They use an FPGA chip, not the old Intel bridge chip that has been discontinued for the Arduinos. Yes, you can actually use real RPi HATs on these boards (if you are willing to convert ARM Python packages to X64 that is).

Mouser (or is it digikey) also sells the UP products here in the states, for a few more bucks, if you don't want to wait for shipping from EU.

As for a very power-efficient, high-performance full L3 enterprise switch: Can't go wrong with the Brocade ICX7150-C12P. About 13 Watts of usage, fanless, and totally silent. And, it's an PoE+ (48V) switch too boot! Not to mention the two 10G SFP+ ports. Look for the Brocade thread here in this same forum for more info.

As for HA... Well, may take some Linux hoop-jumping to get an HA setup with two of these using VRRP/CARP. Me, personally, I am running the UP Core Plus + NetPlus carrier board (4x Intel i210/i211 NICs) as my upstream with LAG for HA with my dual ICX6610 switches (every server I have is LAG/duplicated across two switches, for each connection). I did this because I run Proxmox with Ceph, and it's extremely picky about loosing connections on the corosync dedicated NICs.

---

IMO, off-the-grid would be more than stable with a single UP Squared N4200 as your single router. Throw VyOS on it, or even Proxmox/Xen/ESXi and run VyOS as a VM - or even pfSense if you really wanted to. You can also run Mikrotik's RouterOS on x64 as well, if you are willing to pay the license.

I was running my UP Squared w/Xen on Arch, with pfSense for several years. I had a script that auto-patched Arch every night and rebooted. Only had 1 Arch package sting me (openssl), but other than that rock solid for years. I used IOMMU to pass the internet nic directly into the pfSense VM, and then vif for all other interfaces. At one time, I even had a k3s node running on it. But remote management was a PITA - hence why I've switched to Proxmox.

I also had an LTE4G mPCI modem on the UP Squared that I setup as a failover ISP with a SIM data card (Google Fi gives out free data cards for devices). However, I never really used it. The idea was to VPN to home in the even the ISP failed. I didn't even install it in the UP Core Plus build.
 
Last edited:

newabc

Active Member
Jan 20, 2019
172
44
28
Personal thoughts:
1. Today's development board usually has at least 1GB ram, more than a 2nd-hand router or low-end Mikrotik and Ubiquiti routers.

2. If the development board comes with "SoC CPU + switching chip" and OpenWRT has a driver for the switching chip, that should be pretty good.

3. (a) Most of the thin clients, Qotom boxes and i586/amd64 development boards don't have a switching chip for multiple NICs, so we need to pay at least 5-8 watts on the throughput than a CPU + switching chip design;
(b) and pay more money on Intel NIC chips to achieve stability;
(c) but its long coming is they can equip at least 4GB ram which allows the user to run router/Radius Server/IPS all-in-one.
 
Last edited:

coxhaus

Member
Jul 7, 2020
86
32
18
I find nowadays I want to keep my router simple with the latest security updates. I use a Cisco small business RV340 router with a Cisco L3 SG350-10P switch. I use a couple of Cisco wireless APs powered off the switch. This setup runs like an appliance. It just works. Cisco gives good security support with free firmware updates. The Cisco router and APs have wizards to make setup real easy to get you started. The L3 switch is harder but you really need to define you network for an L3 switch.
 
  • Like
Reactions: Amrhn