Single WAN, Single LAN, is not actually what I would (or do) use for "home-based self-hosting". That hosted stuff gets its own network.
Single WAN, Single LAN, is not actually what I would (or do) use for "home-based self-hosting". That hosted stuff gets its own network.
that is what vlans are for. but having only gigabit ports is limiting here.
RISC-V is quite wimpy this far, so it’s not even clear if it can saturate a gigabit with features turned on. The one benefit is that it doesn’t have Intel IME/AMT, AMD PSP or ARM TrustZone backdoors built-in, but I would be extremely surprised if the Chinese SpaceMiT CPU didn’t have Chinese backdoors of its own.
> it’s not even clear if it can saturate a gigabit
If that's the case then it's not the CPU's fault. I can't open the linked site but assuming it's really the same as a BPI-F3 i.e. a SpacemiT K1 chip, that can do 2.8 GB/sec on large RAM to RAM memcpy using a CPU core i.e. 44 Gbps total, 22 Gbps each read and write. Plus I assume it's got DMA so no need to involve the CPU anyway.
Here is a test I ran in April 2025 on a Sipeed LicheePi 3A same chip).
https://hoult.org/K1_memcpy.txt
> RISC-V is quite wimpy this far
The new K3 chip from the same manufacturer does 8.7 GB/s RAM to RAM memcpy using a dual issue in-order A100 ("AI") core, just over 3x faster.
Sure this pales in comparison to recent Apple / Intel / AMD but it's a lot faster than home networking.
Although your benchmark is interesting, I don't think it's very relevant here. In my experience, you'll saturate the CPU through packet decoding, routing, and firewalling long before memory becomes a bottleneck.
That's why all network SoCs have hardware to accelerate such thing, otherwise in software alone they can barely handle simple routing at a few hundred mbps.
That chip doesn't seem to have that: https://cdn-resource.spacemit.com/file/chip/K1/K1_datasheet_...
1 Gb/s is only ~100,000 packets/s at standard MTU. You literally get 10 us/packet which is a eternity. Normal fast-path router operation only really needs to consider the header of <100 bytes/packet, so you are getting ~100 ns of compute per byte of considered data and on even a 1 Ghz processor you are getting over 100 instructions per byte of considered data. Failure to achieve a measly 1 Gb/s really says more about those software implementations than it says anything about the impossibility or difficulty of the problem.
Not all packets are 1500 bytes.
> The one benefit is that it doesn’t have Intel IME/AMT, AMD PSP or ARM TrustZone backdoors built-in, but I would be extremely surprised if the Chinese SpaceMiT CPU didn’t have Chinese backdoors of its own.
That seems worth paying for. How could china hurt me more than my own government?
Yes, you have to decide in your threat model which is worse. There are people who’ve built entire systems on RISC-V FPGA soft cores like Bunnie Huang’s Precursor, but none fast enough to serve as a router.
Yep. It's crazy how effective the US Gov has made it seem like China are the bad guys, when it was US/Israel all along.
Exactly - seems like the only big thing going for it
I helped a bit to develop this UI myself. Support for vlans was baked into it from day 1. The idea being good admin/guest/iot/hosted/etc separation without extra access points.
It still means you're permanently hassled with sticking a switch next to it.
Yes it's not a requirement per se to include an ethernet switch chip on the board. But at a $300 price tag I'll say it does become a failing.
VLANs would appear to defeat the ease of use aspect here. Plus that means you need managed switches, and know how to use them.