Posted: Thu May 02, 2019 3:12 Post subject: What impacts SFE speed? (Does it work on LAN data?)
I'm using Kong's latest build on an R7000.
I have wired gigabit ethernet.
Between two workstations, I get gigabit speed as hoped (bypassing the router).
My iptables has "RELATED, ESTABLISHED" as the first rule.
I've played with lots of other settings but here is my current bottom line, using wired LAN (no WAN involved) connections and iperf3 without special tricks:
* Without OpenVPN enabled: ~600mbps
* With OpenVPN enabled: ~500mbps
These numbers are not close to what others have seen.
So, I am wondering what it takes to get the 900mbps that others have seen...
SFE speeds up NAT, which is only used by your WAN connection. So it does nothing to improve LAN communications.
Cheers.
Actually, SFE speeds up LAN traffic as well, if the traffic goes thru the Linux firewall. Basically SFE bypasses the netfilter rules once connection has been established. Since the rules are always the same, assuming it has not changed, there’s no point going thru the same filter time and again.
Actually, SFE speeds up LAN traffic as well, if the traffic goes thru the Linux firewall. Basically SFE bypasses the netfilter rules once connection has been established. Since the rules are always the same, assuming it has not changed, there’s no point going thru the same filter time and again.
AFAIK, all traffic goes through the firewall, if it is enabled. Thanks for confirming what I thought SFE does.
Since some have seen an R7000 do 900mbps, I'm guessing that what remains of my slowdown is due to the overhead of other aspects of the router.
I now know that simply having OpenVPN running -- even though my iperf traffic isn't going through the VPN -- adds significant overhead.
I have other things configured as well... I'll do some additional testing to see what actually impacts the speed.
Joined: 18 Mar 2014 Posts: 12882 Location: Netherlands
Posted: Thu May 02, 2019 10:32 Post subject:
That is not what @Quarkysg said, not all traffic is going through the firewall, traffic on your own subnet is just using layer 2 so LAN<>LAN and LAN<>WAN on your own subnet is not going through the firewall.
Besides users on stock firmware I am not aware of someone having 900 Mb/s on LAN<>WAN traffic with an R7000 (without overclocking), but I do not see everything
Kong said he did it
I've done some more testing. Disabling some extra services helped a little... but ultimately (using 'top' to watch) the interrupts overload the R7000.
In the PC world I'm familiar with how to improve performance: in general, smart ethernet cards can do some form of DMA (direct memory access) that bypasses the cpu completely for major chunks of packet management. Sounds like Broadcom/Netgear keep that info proprietary and nobody has reverse engineered it.
Joined: 18 Mar 2014 Posts: 12882 Location: Netherlands
Posted: Thu May 02, 2019 14:18 Post subject:
That is indeed the problem, that is why stock firmware which has proprietary Broadcom drivers has CTF (I think, it is called CTF, Cut Through Forwarding) which should get you 900 MB/s, but I have never tested that.