After some consideration, I’ve decided to replace my consumer router at home with an OpnSense box I control, and use the consumer router as just an access point. The model I have doesn’t seem to support OpenWrt but the default firmware supports access point mode complete with mesh functionality, otherwise I would have just installed OpenWrt on it. I still like the consumer router’s mesh Wi-Fi capabilities, especially the wireless range extender, but don’t trust it enough to let it be the actual root device separating my home network from the open internet. My reasoning is that by having it behind the OpnSense router, I can monitor and detect if it’s exfiltrating any “analytics” data and block them. Worst case scenario I realize it’s too noisy with the analytics and buy a proper business grade access point, or an M.2 Wi-Fi 6 card with some beefy antennas.
Now I’m trying to decide if I should use one of my old mini PCs or if I should get a brand new one with an up to date processor and microcode. The biggest reason I don’t want the consumer router to be the root device anymore is because I don’t know how well they patch their firmware against attackers constantly scanning the internet for vulnerable devices. I imagine an open source router OS with tons of eyes on it and used by actual professionals would inherently be more secure than whatever proprietary cost cut consumer firmware my current router has. I’ve already picked out a suitable mini PC I’m not using and the reason I even started down this rabbit hole is because I have it, but after thinking more about it, I’m worried that whatever security I gain might be undermined by the underlying hardware being old and outdated, especially since the processor is definitely pre Spectre/Meltdown and I doubt it’s still getting microcode or firmware updates.
Again, the reason I ask is because the internet really wants me to think old disused computers are perfect for converting into routers, and I really don’t want to buy a new computer if I don’t have to. How important is the hardware for a router? Can I expect OpnSense to have sufficient security on pretty much any hardware or will a sufficiently old computer completely defeat the purpose of even switching away from the consumer router?
Alternatively, I also have another mini PC with a Ryzen 5 from 2020, and I can reposition it from its current job to router duty, though it would definitely be overkill and wasting the hardware capabilities. Would that be substantially more secure than an older Intel processor?
I also have a Raspberry Pi 4 I can put OpenWrt on, would that somehow be more secure than an x64 computer?
What you’re saying is mostly right, and in a practical sense is right, as well, but not as much from a technical sense. This is the specific block that is problematic.
This is generally correct, per cycle. Overall, it really depends. The problem is, the x86 architecture does okay as long as it’s kept busy and the work to be performed is predictable (for the purposes of look-ahead and parallelization). This is why it’s great for those mathematical calculations you referred to, and why GPUs took over - they’re massively better performers on tasks that can be parallelized such as math calculations and graphics rendering. Beyond that, the ARM use case has been tuned to low power environments, which means the computing does poorly in environments that need a lot of calculations because, in general, more computing requires more power (or the same power with more efficient hardware, and now we’re talking about generational chip design differences). Now, couple that with the massive amount of money spent to make x86 what it is, and the relatively lower amounts that RISC and ARM received, and the gap gets wider.
Now, as I started with, even a basic x86 computer running at mostly idle is going to have pretty low power consumption, dollar-wise. Compare that to the power draw on a new router, or even a newer low-power mini PC, and your ROI is not going to indicate the need for that purchase if you have the hardware just sitting around idle. And it will still perform better than a raspberry pi configured to act as a router if your bandwidth is above about 250 mbps, if I remember correctly (and something like 120 mbps for the v4 and earlier generations).
100%!
One of the operation types that benefitted from much of that money and software development time is cryptography, where entire chunks of silicon are dedicated to quickly performing the (for better or worse) pipelined calculations that allow us to conduct secure transmissions along to their destinations.
There’s a lot of technical differences I just wanted to go a step above saying “arm is just a lil guy and x86 is a muscly dude who can’t function without his protein”, which seems appropriate to me.