What impacts SFE speed? (Does it work on LAN data?)

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
MrPete
DD-WRT User


Joined: 09 Jul 2013
Posts: 82

PostPosted: Thu May 02, 2019 3:12    Post subject: What impacts SFE speed? (Does it work on LAN data?) Reply with quote
I'm using Kong's latest build on an R7000.
I have wired gigabit ethernet.
Between two workstations, I get gigabit speed as hoped (bypassing the router).
My iptables has "RELATED, ESTABLISHED" as the first rule.

I've played with lots of other settings but here is my current bottom line, using wired LAN (no WAN involved) connections and iperf3 without special tricks:

* Without OpenVPN enabled: ~600mbps
* With OpenVPN enabled: ~500mbps

These numbers are not close to what others have seen.

So, I am wondering what it takes to get the 900mbps that others have seen...

...or does that only work with the WAN?

Thanks much,
Pete
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Thu May 02, 2019 5:58    Post subject: Reply with quote
I am a bit confused as to what you are testing.

The last time I tested my R6400v2 which has comparable hardware I got Gbit speed LAN<>LAN this is just the switch in the router.

Testing WAN<>LAN, that is where the firewall comes into play, I got almost 300 Mb/s without SFE and almost 650 MB/s with SFE

If you want faster you have to buy a faster router like an R7800, or use stock which is also reported being faster.

Oh and with/through OpenVPN I got 35 Mb/s

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
quarkysg
DD-WRT User


Joined: 03 May 2015
Posts: 323

PostPosted: Thu May 02, 2019 9:08    Post subject: Reply with quote
jxm wrote:
SFE speeds up NAT, which is only used by your WAN connection. So it does nothing to improve LAN communications.

Cheers.


Actually, SFE speeds up LAN traffic as well, if the traffic goes thru the Linux firewall. Basically SFE bypasses the netfilter rules once connection has been established. Since the rules are always the same, assuming it has not changed, there’s no point going thru the same filter time and again.
MrPete
DD-WRT User


Joined: 09 Jul 2013
Posts: 82

PostPosted: Thu May 02, 2019 10:22    Post subject: Reply with quote
quarkysg wrote:
Actually, SFE speeds up LAN traffic as well, if the traffic goes thru the Linux firewall. Basically SFE bypasses the netfilter rules once connection has been established. Since the rules are always the same, assuming it has not changed, there’s no point going thru the same filter time and again.


AFAIK, all traffic goes through the firewall, if it is enabled. Thanks for confirming what I thought SFE does.

Since some have seen an R7000 do 900mbps, I'm guessing that what remains of my slowdown is due to the overhead of other aspects of the router.

I now know that simply having OpenVPN running -- even though my iperf traffic isn't going through the VPN -- adds significant overhead.

I have other things configured as well... I'll do some additional testing to see what actually impacts the speed.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Thu May 02, 2019 10:32    Post subject: Reply with quote
That is not what @Quarkysg said, not all traffic is going through the firewall, traffic on your own subnet is just using layer 2 so LAN<>LAN and LAN<>WAN on your own subnet is not going through the firewall.

On a basic setup (where you do not have multiple subnets) only LAN<>WAN traffic is going through the firewall

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Thu May 02, 2019 10:46    Post subject: Reply with quote
Besides users on stock firmware I am not aware of someone having 900 Mb/s on LAN<>WAN traffic with an R7000 (without overclocking), but I do not see everything Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
MrPete
DD-WRT User


Joined: 09 Jul 2013
Posts: 82

PostPosted: Thu May 02, 2019 14:12    Post subject: Reply with quote
egc wrote:
Besides users on stock firmware I am not aware of someone having 900 Mb/s on LAN<>WAN traffic with an R7000 (without overclocking), but I do not see everything Smile

Kong said he did it Wink

I've done some more testing. Disabling some extra services helped a little... but ultimately (using 'top' to watch) the interrupts overload the R7000.

In the PC world I'm familiar with how to improve performance: in general, smart ethernet cards can do some form of DMA (direct memory access) that bypasses the cpu completely for major chunks of packet management. Sounds like Broadcom/Netgear keep that info proprietary and nobody has reverse engineered it. Sad
MrPete
DD-WRT User


Joined: 09 Jul 2013
Posts: 82

PostPosted: Thu May 02, 2019 14:13    Post subject: Reply with quote
egc wrote:
On a basic setup (where you do not have multiple subnets) only LAN<>WAN traffic is going through the firewall

I have multiple subnets... however, in this case I'm just testing from a workstation to the router itself.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Thu May 02, 2019 14:18    Post subject: Reply with quote
That is indeed the problem, that is why stock firmware which has proprietary Broadcom drivers has CTF (I think, it is called CTF, Cut Through Forwarding) which should get you 900 MB/s, but I have never tested that.

But SFE, which is fairly recent for DDWRT, will give a nice speed boost

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum