Netgear r7800 dual vs r9000 quad for vpn speed

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2
Author Message
James Greystone
DD-WRT User


Joined: 20 Nov 2011
Posts: 194

PostPosted: Thu Jan 16, 2020 2:28    Post subject: Reply with quote
blkt wrote:
Mullvad or Nord


understood, unfortunately I have a 5 year deal I bought with existing VPN. I have emailed support to enquire about wireguard.

I may try a trial of another service to see if the speed increase makes it worthwhile though.
Sponsor
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Fri Jan 17, 2020 15:29    Post subject: Reply with quote
Are Nord or PIA supporting wireguard now? last time i looked it just said currently testing and i couldn't find any info on it?
If so i would love to test this myself.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jan 17, 2020 15:50    Post subject: Reply with quote
Nord does (what I have seen and heard, but check their website) PIA not (yet) I and hundreds of other users have made that request

https://www.privateinternetaccess.com/blog/2018/09/the-current-status-of-wireguard-vpns-are-we-there-yet/

https://www.privateinternetaccess.com/helpdesk/community/view/wireguard-server-2

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1848
Location: Canada

PostPosted: Fri Jan 17, 2020 17:09    Post subject: Reply with quote
I have put a request to my VPN Provider, IPVanish and are also testing it. They also told me that their "sister" company StrongVPN does support WireGuard support.

https://support.strongvpn.com/hc/en-us/sections/360005457093-WireGuard-

_________________
Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9

Off Site 1

R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4

Off Site 2

R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531


YAMon 3.4.6 | DNSCrypt-Proxy V2
James Greystone
DD-WRT User


Joined: 20 Nov 2011
Posts: 194

PostPosted: Sat Jan 18, 2020 21:57    Post subject: Reply with quote
egc wrote:
The problem is not the encryption, even without encryption the VPN speed is not more than 10% faster.

The problem is the constant switching between user and kernel space.

Wireguard (which does the "same" as OpenVPN) is handled enitrely in kernel space and has tripple the perfomance of OpenVPN.
For my R7800 OpenVPN without encryption 90-95 Mb/s, WireGuard with encryption: 250-260 Mb/s


Wonder if I can pick your brain.

I have approval to beta test wireguard through my providers VPN and after reading your excellent guide I am still a little stuck.

They have provided me with Interface credentials and peer credentials.

Following your guide I believe I have everything set however I can't seem to figure where I insert the PrivateKey = ???

Any help is appreciated.

Using DDWRT and assume it's in the same section as the rest Tunnel? but don't see a private key reference
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun Jan 19, 2020 8:20    Post subject: Reply with quote
James Greystone wrote:
egc wrote:
The problem is not the encryption, even without encryption the VPN speed is not more than 10% faster.

The problem is the constant switching between user and kernel space.

Wireguard (which does the "same" as OpenVPN) is handled enitrely in kernel space and has tripple the perfomance of OpenVPN.
For my R7800 OpenVPN without encryption 90-95 Mb/s, WireGuard with encryption: 250-260 Mb/s


Wonder if I can pick your brain.

I have approval to beta test wireguard through my providers VPN and after reading your excellent guide I am still a little stuck.

They have provided me with Interface credentials and peer credentials.

Following your guide I believe I have everything set however I can't seem to figure where I insert the PrivateKey = ???

Any help is appreciated.

Using DDWRT and assume it's in the same section as the rest Tunnel? but don't see a private key reference


Sure, but as this is of interest to a lot of users, please start a new thread in the Advanced networking forum, with title: Setup WireGuard client for provider
XXX (fill in your provider)

Reply in this thread with a link to the new post

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
James Greystone
DD-WRT User


Joined: 20 Nov 2011
Posts: 194

PostPosted: Sun Jan 19, 2020 16:20    Post subject: Reply with quote
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322822

First time setup Wireguard
ironstaff
DD-WRT User


Joined: 11 Oct 2019
Posts: 157

PostPosted: Sat Mar 14, 2020 14:44    Post subject: Reply with quote
From a purely cpu perspective, the Cortex-a15 in the R9000 is well known to be more powerful than the Krait 300 in both single and multicore speeds. With that being said, the performance considerations for Open VPN load would be primarily single core focused with a secondary focus on core count/multicore performance in order to understand whether the router has more cores to push non-openvpn tasks to efficiently without breaking a sweat and affecting openvpn performance. RAM and cache size is also important.

Since both are from the mobile space, you can see Geekbench 3 results here:

https://www.notebookcheck.net/Smartphone-Processors-Benchmark-List.149513.0.html

Focusing on just single core performance scores, where the dominant cluster would be running the test due to its high load in BigLittle configurations, the Cortex-a15 clocked at 1.7Ghz (search for HiSilicon Kirin 920 geekbench 3 at that link) and utilizing one core scores 858 while the Krait 300 clocked at the same speed on the same single core benchmark puts out 637 (search for snapdragon 600 at that link). Note that there are other benchmarks that back this up online and you can actually benchmark both routers yourself if you have them both.

I think it is obvious that the R9000’s multicore lead is huge compared to the R7800 multicore performance but, since we are talking OpenVPN and its single threaded nature, more emphasis will be place on just single threaded performance results.

Lets not forget that in the R9000, there are more cores to better spread out tasks as the OpenVPN load resides on core zero while the R7800 has only 2 cores, and you can see why the stock OpenVPN performance on the cortex-15 in the R9000 would be higher.

Other important aspects of performance include the higher cache levels in the R9000 and twice the RAM of the 7800. With that being said, the Linux kernel in DD-WRT is woefully under-optimized for OpenVPN UDP performance. Once a lot of tcp/udp buffer tweaks are made to the kernel in both routers, you'll notice the performance gap between both routers widen (with the R9000 commanding a drastically significant lead).

At any rate, I don’t recommend most people to bother with the R9000 since a lot of the CPU instruction sets and extra hardware features are not worth the price premium over the R7800. Now, if you know how to do tcp/udp tuning and use a lot of features in dd-wrt, the doubling of RAM, 4 cores, and bigger cache will be well worth it for a used/renewed version.

With buffer tweaks to the R9000 cpu, tcp, udp loads, and low latency kernel optimizations, I regularly get a minimum of 160 mbps openvpn performance and average about 220 mbps. I Also get in excess of 240 mbps once in a while but don’t like to consider peak values since those are best case scenarios (low cpu load, low remote vpn server traffic at 3am on a Monday, for example).

Depending on your needs, those speeds may be unnecessary so I still recommend going with R7800 and heavily tuning buffers. Its the best value to money router to use for dd-wrt.

_________________
Fleet Deployment of Netgear Nighthawk X10 R9000s
File: DD-WRT v3.0-r45229 std (01/01/21)
Active Settings: SFE, Multi-DHCP, Net Isolation, 10 Gbps SFP+ Module, VLANs, Wireguard Client, FreeRadius, WAN + 4G LTE fail-over, All internal radios - Disabled
PfSense - Intel Xeon, 32GB ECC RAM - Suricata, pfBlockerNG, Squid Proxy + ClamAV, VLANs w/ 802.1x Auth
Cisco WiFi 6 Access Points - Client Isolation & Radius Auth via DD-WRT R9000 w/ WPA3 Enterprise
Cisco Switches - 802.1x-VLANs & Radius Auth via DD-WRT R9000


Last edited by ironstaff on Mon Mar 16, 2020 18:42; edited 2 times in total
ironstaff
DD-WRT User


Joined: 11 Oct 2019
Posts: 157

PostPosted: Sat Mar 14, 2020 14:51    Post subject: Reply with quote
ddaniel51 wrote:
I signed up for a vpn account and then installed the vpn client on my gaming machine attached to a 10Gb core network.

I was able to hit 320mb transfer speeds via vpn.

Since the core, 16 port 10Gb switch, gaming computers, NAS boxes, and the 10Gb ports of the R9000's contribute to a no bottleneck system the only restriction is the Gb WAN port to the 1Gb ISP and there is no way I would saddle the router with a restrictive VPN duty.

With the R9000's on a Gb ISP i don't have to run SFE or QOS. Smile

I regularly do multi gigabit transfers at full rated bandwidth. Life is good.


I also noticed that sfe doesn’t matter on R9000. Makes you wonder why Netgear even bothered to implement hardware nat/asic on it in the first place...

Guess they wanted to charge customers as much as possible Confused
fgenoesezerbi
DD-WRT Novice


Joined: 22 May 2020
Posts: 4
Location: Rome, Italy

PostPosted: Sun Jun 07, 2020 11:31    Post subject: Reply with quote
Ironstaff wrote:
Quote:

Depending on your needs, those speeds may be unnecessary so I still recommend going with R7800 and heavily tuning buffers. Its the best value to money router to use for dd-wrt.


I'd love to pick your brain about this.

I use an R7800 at my house A to create a wireless network that is virtually at my house B using OpenVPN (it connects to a Raspberry Pi 4 running PiVPN). I route 100% of internet traffic from this virtual network to house B. Because I am also running an entirely separate 'local' network from another router (and that's what the R7800 connects to) the R7800 is ending up with double NAT, but it gives me no trouble.

My OpenVPN performance on the R7800 is about 20mbps down/17mbps up. If I connect to the Pi from a Windows PC w OpenVPN client I get as much as 170mpbs down, 17mpbs up (this is close to my line speed, so it could be getting bottlenecked at the Pi or at the line).

What optimizations could I do on the R7800 to squeeze more out of it? I am running both cores at full clock speed. I am running build 40863 (August 31, 2019) which was the most stable of the ones I tried.

I searched the forum but found nothing about buffer optimizations; I also read references to dedicating a core to OpenVPN, but I did not find any practical description of how to do it.

Any wisdom you can share - much appreciated!
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sun Jun 07, 2020 11:56    Post subject: Reply with quote
fgenoesezerbi wrote:
What optimizations could I do on the R7800 to squeeze more out of it? I am running both cores at full clock speed. I am running build 40863 (August 31, 2019) which was the most stable of the ones I tried.

I searched the forum but found nothing about buffer optimizations; I also read references to dedicating a core to OpenVPN, but I did not find any practical description of how to do it.

Any wisdom you can share - much appreciated!


Switch from OpenVPN to Wireguard. Wireguard is much faster as it runs in the kernel while OpenVPN have to switch to user space constantly.

Note: The build 43334 runs stable with Wireguard.
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum