Posted: Sat Jan 14, 2023 6:45 Post subject: How to improve speed for hardwired 2nd router(own subnet)
Hope it is the right place as I will be using either E1000V2/E2000/E4200V1 (all has latest DD-WRT flashed already and working).
Use case: Have to connect a new downstream router to the main router (WAN port of downstream router to LAN port of main router) and needs its own subnet to separate the 2 network. Do not want Main router's machine to see anything on the downstream subnet. I care mostly on hardwire speed only. All speed reference below refer to CAT5E connections.
How: Downstream router has its own subnet (192.168.2.x) VS main router has 192.168.1.x subnet.
Issue: It works fine. But speed on the downstream subnet is less than half of the speed I get if I connect direct to main router network. 100Mbps vs 230Mbps I am seeing. If I disable DHCP on downstream router(making it a switch) then I get the 230Mbps full speed from it.
Same issue with all the routers listed above that I can deploy as expected.
Question: Is this normal when I have to go thru Double NAT/DHCP like my setup??
Any specific config I should have/can check to improve on the speed thru the downstream subnet??
Thanks a lot.
(** New/Own subnet, Double NAT/DHCP is a requirement; else I will just connect a dumb switch and be done with it.)
Last edited by gti on Sun Jan 15, 2023 1:48; edited 1 time in total
Joined: 18 Mar 2014 Posts: 12884 Location: Netherlands
Posted: Sat Jan 14, 2023 7:00 Post subject:
The Firewall and the NAT are the culprit.
On Basic Setup page you can try if ShortCut Forwarding Engine "CTF" instead of "SFE" give some more speed.
The other thing which can give some more speed is using Router Mode instead of Gateway Mode (Advanced Routing TAB).
The router will not NAT traffic, but you need a static route set on the main router back to the secondary router ( ip route add 192.168.2.0/24 via <ip address of WAN of secondary router> ) and make sure the main router does NAT the traffic from the secondary router (192.168.2.0) out of its WAN, if the main router is DDWRT it does not other firmwares usually do.
Thank you egc for the info/tips.
Yes I can confirm that those old routers are the main issue now ... tested a better router just now in the same Double NAT/DHCP setup and the speed penalty was eliminated. So I know where to go from here.
Thanks again!!
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Sun Jan 15, 2023 1:31 Post subject:
If you have a Kirkwood E4200 (v2) running DD-WRT, submit the patches to support it. Only the v1 is supported officially.
Outside of that, you will be limited on your E1000 to ethernet port speed. The E2000 is your next weakest link due to the 300MHz clock speed of the CPU. In switch (router) mode, you shouldn't be using SFE or CTF, it can actually have adverse effects because you are not doing any NAT in that mode. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Thanks for the additional comments KP!!
Typo I have E4200V1 not V2.
This is more like a POC in progress to deploy some spare hardware I have collected over the years with some unique real life limitation/constraints that keeps changing ... LOL
Fully understand these dino-era gears won't go too far if an all.
Learned a few things and I will likely come up with some other issues sooner or later.
Thank you guys.
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Sun Jan 15, 2023 3:19 Post subject:
I kinda figured it was a typo, couldn't resist pointing it out, though. The V2 was one of the devices that at one time prompted a "No Marvell Support" in DD-WRT, if I am not mistaken(?). Re-purposing older devices isn't such a bad thing and sometimes a necessary evil. Case in point of my own is re-purposing retired Cisco controller and wifi APs with the latest available firmware(s) to at least try and mitigate things. At least I'm not like the US Government and have the proper warnings on the captive portal page required to click to use the network...