Banana Pi R as router


yacc
 Share

2 2

Recommended Posts

I learned that using it as a Router is not recommended because of bad chips and poor support from manufacturer. Not for a networking or  NAS device. 

 

What should we use this BPI-R1 for?  Just as a banana pi?

 

The problem is that all praying will not help: This is a dumb onboard switch IC interconnecting one GbE port of the CPU with all 5 externally exposed Ethernet ports. When you switch this hardware on, it's a switch connecting the so called 'WAN' port with all 'LAN' ports. If this is what you expect then this device is great for you. Otherwise not. Well, in case you love to fool yourself constantly then it's also great for you and you can use it as Internet access router and try to laugh the problem away.

 

The only use case I found for this device I bought unfortunately for a customer last year is to use it as just that: A Banana Pi with an internal switch combined. The horribly low network performance between A20 and switch (300 Mbits/sec max) is not a problem there since the bandwidth is ok (some surveillance cameras are streaming to the SATA disk). The faulty power design of this board is not a problem since I used the work-around to provide DC-IN through the battery connector. A20's poor SATA write performance is also not a problem since the use case allows it und on this device the broken networking limit everything to 30 MB/s anyway. That the crappy WiFi implementation is just that (crap) is ok since it's not used at all.

 

Congratulations: You believed into advertisements and got something different. Now it's up to you trying to accept that or pray every night that your Switchboard some day magically turns into a Routerboard (many R1 owners seem to do this)

 

Additional note: The driver to control the switch IC gets mainlined so maybe the horrible networking performance will improve. But nope, it's then still a Switchboard and not useable as router to separate WAN from LAN ports.

 

Additional note II: Combining NAS and routing on the same board is maybe not the smartest idea anyway.

 

Additional note III: An A20 successor has been launched by Allwinner: R40 (quad core, still native SATA -- see here for details/speculations), maybe this chip will allow to use EMAC and GMAC in parallel. Then devices based on R40 could use a Fast Ethernet WAN port that is physically separated from a GbE port that might be connected to a switch IC. If such a mode is possible and if the vendor we're talking here about builds a R2 with it, I would first check of the many other design flaws are still present and only if not thinking about buying from the same vendor again.

 

Additional note IV: This whole Banana thing has problems on its own: There's Foxconn in Taiwan who creates Banana specs and let someone do the ODM design. Then stuff gets manufactured by another company. And while Foxconn already realized that R1 is crap, made an R1S successor (that obviously was crap too) the manufacturer realized that there are so many poor souls out there believing in 'one device to rule them all' that they simply sell the original crappy PCB revision throughout the whole world since all those people seem to realize that there's something wrong only after purchase.

Link to post
Share on other sites

Donate and support the project!

@dinokpir

 

I am waiting for my replacement Turris Omnia as a "router"

I am using the Lamobo-R1, my ISP provides internet on VLAN 835 so (in my particular situation) it is less likely someone hijacks the whole Lamobo-R1

 

Anyway, if you know the risks and try hard to lessen the risks, the Lamobo-R1 is usable, a little risky but if you dare to take the risks, ok.

Link to post
Share on other sites

1) Correct

 

This is how a router looks like. The router's CPU has access to at least two independent NIC (network interfaces). In case the router is bricked or broken it's still separated what has to be separated (the router is the barrier between WAN and LAN by design):

post-7-0-71978200-1474364976_thumb.png

2) Weird

 

You can use a rather expensive managed switch that supports VLANs to provide almost similar functionality. We need a managed switch with 6 GbE interfaces and define 2 VLANs, the port to the 'CPU' being part of both. With this setup the interface between switch and the CPU will become a bottleneck but since the switch has an own brain/CPU and starts with VLANs enabled (first bringing up the VLANs, then bringing up the ports and therefore NEVER bridging Ethernet frames or IP packets between WAN and LAN) this will work and is only somewhat weird.

post-7-0-67813300-1474364988_thumb.png

3) Impossible

 

If you really want to fool yourself you use a dumb switch that bridges everything between all his ports. If you power on the switch all 6 ports are interconnected since the switch has no own brain/CPU. It's necessary that the CPU nearby gets involved and tells the dumb switch via a so called MDIO interface how to setup VLANs. So it needs the external CPU being booted up approriately to prevent the dumb switch acting as exactly that. In case the external CPU is not available (or bricked or not booted, eg. powered on without SD card with a working OS inserted or even just booting!) everything is forwarded between all switch ports. Which is clearly not what you want since a router that should separate different ports has to separate those even in fault state:

post-7-0-24106300-1474364998_thumb.png

Lamobo R1 implements the latter, a Lamobo R2 using R40 (and given EMAC and GMAC interfaces could be used both at the same time there) could implement the first scenario. The middle scenario is what most R1 owners believe is happening (or they actively fool themselves and think 'hey, the few seconds when the device is booting... who cares that WAN and LAN are bridged?')

 

By adding a simple USB-Ethernet adapter and using this as WAN port you're able to implement 'router behaviour', otherwise not. So It's a simple investion of a few bucks to fix at least the security issue (but then still remain the many other design flaws this board is 'famous' for)

Link to post
Share on other sites

"By adding a simple USB-Ethernet adapter and using this as WAN port you're able to implement 'router behaviour'"

 

In fact, with my Internet box, I dont even need an USB/Ethernet adapter as it can do IP over USB with speed greater than DSL link. (OTH I dont rely on standards boot scripts to ensure security and want to have full control over it).

 

I was interested by R1 and I could use it even with its flawed design. But in fact the sale price is then double that what it should be, so I never bought one.

 

And by the way, can it be correctly cooled when you enclose it with a SATA drive in an acrylic box ?

Link to post
Share on other sites

In fact, with my Internet box, I dont even need an USB/Ethernet adapter as it can do IP over USB with speed greater than DSL link. (OTH I dont rely on standards boot scripts to ensure security and want to have full control over it).

 

That reminds me of cheap H3 devices available in the meantime. Using a NanoPi NEO or M1 connected with a short Micro USB to USB cable to R1's Type A USB port the H3 device will be powered by Lamobo and can also secure the Internet connection (acting as firewall, VPN acceleration and so on). Simply by using Armbian and the g_ether module on the H3 board (would not even require an SD card since it could be FEL booted by Lamobo).

 

Anyway: since this board is overpriced and shows sooooo many design flaws I would never buy one again. Just checked: ClearFog Pro would cost me twice as much as a R1 (currently 192,-€ including VAT and shipping -- already curious how much Clearfog Base will be). And here I can choose a WiFi card that is not just crap but suits my needs, I can attach up to 3 SATA disks using mechanical converters for M.2 or mSATA slots, have one fast USB3 port to attach a bunch of USB disks, get 3 independent GbE NICs that do not suck but show full GbE performance and so on.

 

The one R1 we use at a customer is the only ARM device I ever had to add a fan to for productive usage (blowing air over the whole board to cool down switch IC, HDD, SoC and PMU in summer)

 

Edit: Nice, ALLNET starts to distribute FriendlyARM products in Europe, some of their partners have already NanoPi in stock (but prices are pretty high if you're not enabled to directly order from ALLNET)

Link to post
Share on other sites

Marvell ESPRESSOBin soon on kickstarter starting at $39: http://www.cnx-software.com/2016/09/23/marvell-espressobin-board-with-gigabit-ethernet-sata-pcie-and-usb-3-0-to-launch-for-39-and-up-crowdfunding/

 

WAN and LAN ports are truly separated (the 2 GbE ports behind a switch IC) and I would assume you can turn the mPCIe slot into mSATA and attach another normal SATA using a mechanical mSATA-to-SATA converter or add separate mPCIe-SATA adapters. It needs confirmation whether WAN and LAN ports are connected to the SoC using different paths or all 3 GbE ports are connected to the 88E6141 switch IC.

 

Unfortunately all 3 GbE ports are behind a switch IC which means that I will add a cheap NanoPi NEO via Micro USB as external firewall/VPN/WAN Ethernet dongle. The mPCIe slot can not be turned into mSATA. More information available at the bottom of this page.

Link to post
Share on other sites

Marvell ESPRESSOBin soon on kickstarter starting at $39: http://www.cnx-software.com/2016/09/23/marvell-espressobin-board-with-gigabit-ethernet-sata-pcie-and-usb-3-0-to-launch-for-39-and-up-crowdfunding/

 

WAN and LAN ports are truly separated (the 2 GbE ports behind a switch IC) and I would assume you can turn the mPCIe slot into mSATA and attach another normal SATA using a mechanical mSATA-to-SATA converter or add separate mPCIe-SATA adapters. It needs confirmation whether WAN and LAN ports are connected to the SoC using different paths or all 3 GbE ports are connected to the 88E6141 switch IC.

 

Unfortunately all 3 GbE ports are behind a switch IC which means that I will add a cheap NanoPi NEO via Micro USB as external firewall/VPN/WAN Ethernet dongle. The mPCIe slot can not be turned into mSATA. More information available at the bottom of this page.

 

According to the available schematics, the switch is configured (via bootstrap pins) to come up in "CPU mode", i.e. all ports come up with disabled links until the switch is configured by the CPU.

 

Actually your assumption in your figure 3 is incorrect, all current switch ICs I know allow bootstrapping to come up in isolated mode on power on. Save any errors by the HW design engineer, it is completely fine to use a switch for isolation.

 

The 2.5Gbps link speed allows to stream 1Gbps to each LAN port concurrently (e.g. some data coming from the SATA port, or the USB 3.0 port, or something else connected to the mPCIe port, e.g. PCIe-to-SATA).

Link to post
Share on other sites

Actually your assumption in your figure 3 is incorrect, all current switch ICs I know allow bootstrapping to come up in isolated mode on power on.

 

Well, at least on Lamobo R1 it's not the case. IIRC according to schematic it should be possible but one IC is missing (don't remember exactly and also not where).

 

Thanks for correcting me regarding ESPRESSOBin -- good to know that it should work there (already confirmed? -- with Lamobo R1 it took some time before first users realized the problem and it got documented)

 

Edit: just did a quick search. It's U20 on Lamobo R1 that should be populated but isn't.

Link to post
Share on other sites

Well, at least on Lamobo R1 it's not the case. IIRC according to schematic it should be possible but one IC is missing (don't remember exactly and also not where).

 

Thanks for correcting me regarding ESPRESSOBin -- good to know that it should work there (already confirmed? -- with Lamobo R1 it took some time before first users realized the problem and it got documented)

 

Edit: just did a quick search. It's U20 on Lamobo R1 that should be populated but isn't.

 

If we did want to stick a AT93C66A in there, like the diagram says... what do you have to program this circuit with? Can we get a code from somewere?

Link to post
Share on other sites

Well, at least on Lamobo R1 it's not the case. IIRC according to schematic it should be possible but one IC is missing (don't remember exactly and also not where).

 

I guess you meant a resistor, not an IC. This comment over at github 511 ; solder a 2k2 ohm resister on unpopulated R1308 soldering pads.. 

extract: According to the docs, this pin strapping option affects the Port Control Register and Switch Mode Register which might need additional care by the driver.

 

more about it in the link above

Link to post
Share on other sites

I guess you meant a resistor, not an IC

 

I remembered someone else was talking about an EEPROM. Thanks for mentioning the resistor but this doesn't change much. This board is broken in so many regards that it's not worth a look. The whole idea behind (being router and media player at the same time) is so stupid that I still believe the best idea is to simply drop support for this device.

Link to post
Share on other sites

Thanks for mentioning the resistor but this doesn't change much.

 

The whole idea behind (being router and media player at the same time) is so stupid.

Well, I guess a resistor is easier to get and to solder.

 

There are so many things that are stupid to do, and still some people like to do it i.e. eating Donuts (it is stupid because you hardly can stop if you get the right mixture of fat and sugar. Not to start would be the right decision).

And the idea per se is not stupid TK, it is just unsafe to use it as your firewall, router and media player all together.

Link to post
Share on other sites

And the idea per se is not stupid TK, it is just unsafe to use it as your firewall, router and media player all together.

 

In other words: you never thought about what you're doing? :)

 

You can use anything related to the HDMI port only when you use 'legacy' kernel (a somewhat community patched old and outdated vendor kernel made by Allwinner guys that give a shit about anything and especially security) and the graphics stack. GPU/VPU drivers have a pretty high attack surface (see the result of this quick check of NVIDIA drivers) and you don't want to run smelly vendor kernels on anything that should play firewall or router role.

 

So once you use mainline kernel on this device you can already forget about the HDMI port and then it's pretty easy to switch on your brain and to throw the whole device in the bin since there are so many 'real routers' around that can do the job better.

 

How do you deal with this: https://github.com/allwinner-zh/linux-3.4-sunxi/commit/6964d467510849e3e262518cb87bff7ef92e01f5

Link to post
Share on other sites

30 minutes ago, renard said:

Will Armbian support it from stock (stupid question yet I don't know what is the priority and who chooses the platforms to support)?

was still done >1 month ago.. :P

 

Edit:

@renard you don't have to delete cause you missed a thread about R2. :D Since the search engine isnt't that good I'll recommend the google custom search for you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

2 2