Slow WAN-to-LAN dd-wrt on Netgear WNR3500U/WNR3500L v1

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Tue Mar 17, 2020 11:15    Post subject: Slow WAN-to-LAN dd-wrt on Netgear WNR3500U/WNR3500L v1 Reply with quote
Hello,
for some years now I've the following firmware on the Netgear WNR3500L (v1 ?) (label says "WNR3500U/WNR3500L"):
Router Model: Netgear WNR3500v2/U/L
Firmware: DD-WRT v24-sp2 (08/07/10) mega

Recently I got Gigabit from my ISP and discovered that the WAN-to-LAN speed of the router is very disappointing: only about 52 Mbps.

I then disabled the SPI Firewall in the dd-wrt web interface, but this didn't bring any improvement.

I suspect the slow speed has to do with iptables connection tracking stuff as it keeps long lists of each connection (--> cat /proc/net/nf_conntrack ).

So, my question is: how can I disable this IMHO useless connection tracking stuff on the router?
What else can I do to get a better WAN-to-LAN throughput?

Btw, WLAN on this device is not used here (Radio is off).
And also tried "Operating Mode" as Gateway, as well as Router; but no change in the speed.

Thx


Last edited by mutluit on Tue Mar 17, 2020 13:58; edited 1 time in total
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7256
Location: Texas, USA

PostPosted: Tue Mar 17, 2020 12:31    Post subject: Reply with quote
You need a newer, more powerful router. That one will not give you gigabit throughput. You probably won't see any change if you upgraded to the latest firmware (42681). If you're not using the wireless on your configuration, you could probably get a supported x86 device and go that route. The only other suggestion I have is the R7800, EA8500, or R9000. The only other suggestion for ethernet-only without wifi would be the WRT3200ACM or WRT32X, and maybe the R7000, R7000P, or R8000. Otherwise, the first three suggestions other than x86 are the best supported by this firmware.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Tue Mar 17, 2020 13:07    Post subject: Reply with quote
kernel-panic69 wrote:
You need a newer, more powerful router. That one will not give you gigabit throughput. You probably won't see any change if you upgraded to the latest firmware (42681). If you're not using the wireless on your configuration, you could probably get a supported x86 device and go that route. The only other suggestion I have is the R7800, EA8500, or R9000. The only other suggestion for ethernet-only without wifi would be the WRT3200ACM or WRT32X, and maybe the R7000, R7000P, or R8000. Otherwise, the first three suggestions other than x86 are the best supported by this firmware.


I now flashed the Firmware Version "DD-WRT v3.0-r33555 mega (10/20/17)" and get 288 Mbits/sec. This is about 5 times more performance, but still far away from Gigabit speed.

Hmm. will also try two other (old) Gigabit routers (Ubiquiti EdgeRouter Lite and Banana Pi R1 (aka Lamobo R1) which I have here, and then maybe look for a newer one.

Thx
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3861
Location: UK, London, just across the river..

PostPosted: Tue Mar 17, 2020 13:36    Post subject: Reply with quote
mutluit wrote:
kernel-panic69 wrote:
You need a newer, more powerful router. That one will not give you gigabit throughput. You probably won't see any change if you upgraded to the latest firmware (42681). If you're not using the wireless on your configuration, you could probably get a supported x86 device and go that route. The only other suggestion I have is the R7800, EA8500, or R9000. The only other suggestion for ethernet-only without wifi would be the WRT3200ACM or WRT32X, and maybe the R7000, R7000P, or R8000. Otherwise, the first three suggestions other than x86 are the best supported by this firmware.


I now flashed the Firmware Version "DD-WRT v3.0-r33555 mega (10/20/17)" and get 288 Mbits/sec. This is about 5 times more performance, but still far away from Gigabit speed.

Hmm. will also try two other (old) Gigabit routers (Ubiquiti EdgeRouter Lite and Banana Pi R1 (aka Lamobo R1) which I have here, and then maybe look for a newer one.

Thx


yep if you believe you can beet the system...

If, Ubiquiti EdgeRouter Lite may do....as it has a dual core @500 MIPS64, than y bother with this old Netgear you have...on and ancient build 33555 ... ???

kernel-panic69 gave you the basics, now you have to do your homework... and learn how CPU demanding are WAN to LAN translations...

good luck...

p.s. just bare in mind those Hardware Accelerations for Packet Processing and not very security proof...

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Tue Mar 17, 2020 13:52    Post subject: Reply with quote
Thx all so far, but the other question remains:
how can I disable/deactivate connection tracking (nf_conntrack) in dd-wrt firmware?

See also
cat /proc/net/nf_conntrack
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3861
Location: UK, London, just across the river..

PostPosted: Tue Mar 17, 2020 14:41    Post subject: Reply with quote
is this a joke ?

nf_conntrack is in the kernel and its in use for various services to run....it will kill your router if you stop it...
there wont be a NAT, Firewall and others...that depend on it Razz

p.s. you can limit some packets to use contrack table...but you must know exactly what you want to achieve...at the end...

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Tue Mar 17, 2020 17:11    Post subject: Reply with quote
Alozaros wrote:
is this a joke ?

nf_conntrack is in the kernel and its in use for various services to run....it will kill your router if you stop it...
there wont be a NAT, Firewall and others...that depend on it Razz

p.s. you can limit some packets to use contrack table...but you must know exactly what you want to achieve...at the end...


I'm using this router as a second router in series to the ISP-router. Also my PCs in LAN have their own iptables-firewalls configured. So then there is no need for a firewall on this router, nor for NAT, nor for SPI. It just shall do what it's primarily designed for (and what the name "router" means): just routing, nothing else.
If completely throwing out (or disabling) conntrack is not possible, then I would need to find a different firmware, maybe OpenWRT, Tomato or so.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3861
Location: UK, London, just across the river..

PostPosted: Tue Mar 17, 2020 18:20    Post subject: Reply with quote
mutluit wrote:
Alozaros wrote:
is this a joke ?

nf_conntrack is in the kernel and its in use for various services to run....it will kill your router if you stop it...
there wont be a NAT, Firewall and others...that depend on it Razz

p.s. you can limit some packets to use contrack table...but you must know exactly what you want to achieve...at the end...


I'm using this router as a second router in series to the ISP-router. Also my PCs in LAN have their own iptables-firewalls configured. So then there is no need for a firewall on this router, nor for NAT, nor for SPI. It just shall do what it's primarily designed for (and what the name "router" means): just routing, nothing else.
If completely throwing out (or disabling) conntrack is not possible, then I would need to find a different firmware, maybe OpenWRT, Tomato or so.


you can put router in WAP/switch mode this will completely disable NAT, SPI, DNS/DHCP and so...

https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point

https://wiki.dd-wrt.com/wiki/index.php/Switch

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Tue Mar 17, 2020 22:39    Post subject: Reply with quote
Alozaros wrote:
mutluit wrote:
Alozaros wrote:
is this a joke ?

nf_conntrack is in the kernel and its in use for various services to run....it will kill your router if you stop it...
there wont be a NAT, Firewall and others...that depend on it Razz

p.s. you can limit some packets to use contrack table...but you must know exactly what you want to achieve...at the end...


I'm using this router as a second router in series to the ISP-router. Also my PCs in LAN have their own iptables-firewalls configured. So then there is no need for a firewall on this router, nor for NAT, nor for SPI. It just shall do what it's primarily designed for (and what the name "router" means): just routing, nothing else.
If completely throwing out (or disabling) conntrack is not possible, then I would need to find a different firmware, maybe OpenWRT, Tomato or so.


you can put router in WAP/switch mode this will completely disable NAT, SPI, DNS/DHCP and so...

https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point

https://wiki.dd-wrt.com/wiki/index.php/Switch


Hmm. but I need to segment my LAN (ie. create a seperate LAN-segment different from that of the ISP-routers LAN)...

I'll try alternate firmwares whether that I what I need is possible with them.

Thx.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7256
Location: Texas, USA

PostPosted: Wed Mar 18, 2020 0:07    Post subject: Reply with quote
No other firmwares are going to fix the problem. You need a more powerful router to fully utilize your internet link. Period.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Wed Mar 18, 2020 13:39    Post subject: Reply with quote
I just tried the original Netgear Firmware Version V1.2.0.56_50.0.96 :
WAN-to-LAN speed is about 580 Mbits/s
(measured using iperf clients (the senders) on 2 remote hosts in WAN connecting at the same time to the local iperf server here in LAN, for a duration of 60 seconds).
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7256
Location: Texas, USA

PostPosted: Wed Mar 18, 2020 13:56    Post subject: Reply with quote
Your router is an N300. Connected to gigabit.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=996134#996134

You can try today's release https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/03-18-2020-r42729/broadcom_K3X/ but I don't think you're gonna get gigabit speed. You need a better router. No question about it. But feel free to be hard-headed.

_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Wed Mar 18, 2020 14:47    Post subject: Reply with quote
kernel-panic69 wrote:
Your router is an N300. Connected to gigabit.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=996134#996134

You can try today's release https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/03-18-2020-r42729/broadcom_K3X/ but I don't think you're gonna get gigabit speed. You need a better router. No question about it. But feel free to be hard-headed.


I surely would try dd-wrt again, but only if it beats the above quoted performance of 580 Mbits/s on Netgear WNR3500L v1 or v2.

Let me someone know who kindly did the performance test with the above said new dd-wrt release.

Btw, here are my above mentioned settings of iperf on Linux:

Server in LAN:
iperf -s -p $PortOfServerInLAN -w 1M

Client(s) in WAN (the sender(s)):
iperf -c $IPofServerInLAN -p $PortOfServerInLAN -w 1M -P 8 -t 60

Just replace the above $variables with your own IP and port.
And, of course on the router one has to do port-forwarding to the server where the iperf-server instance runs.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7256
Location: Texas, USA

PostPosted: Wed Mar 18, 2020 15:19    Post subject: Reply with quote
Cooling mods, overclocking, tweaking the tcp buffers properly. You might get better performance. But otherwise.... you are just shooting yourself in the foot trying to use it on a gigabit Internet link.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
mutluit
DD-WRT Novice


Joined: 17 Mar 2020
Posts: 13

PostPosted: Wed Mar 18, 2020 16:48    Post subject: Reply with quote
kernel-panic69 wrote:
Cooling mods, overclocking, tweaking the tcp buffers properly. You might get better performance. But otherwise.... you are just shooting yourself in the foot trying to use it on a gigabit Internet link.


Man, 580 Mbits/s is a nice value, especially compared to the lousy 52 Mbits/s as stated in my OP with the very old dd-wrt version. The next improvement with 288 Mbits/s with a newer but still older dd-wrt version is not bad, but hey, 580 MBits/s is more than twice faster than that!
I think for another year or so I can live with 580 Mbits/s with this old Netgear WNR3500L device.

Update / Summary of my tests:

WNR3500Lv2 (w/orig Netgear FW V1.2.0.56_50.0.96) : about 580 Mbits/s

WNR3500Lv1 (w/orig Netgear FW V1.2.2.48_35.0.55NA): about 320 Mbits/s


Btw, here's an IMO interessting thread about such WAN-to-LAN speed measurements:
https://www.myopenrouter.com/forum/wnr3500l-wan-lan-throughput-using-different-firmwares

There someone (Kong) says that "Netgear official firmware uses the fast_nat module and due to a different featureset doesn't see the bugs that were seen in tomato. DD-WRT does not use the fast nat module."
He further says "Actually it would be interesting to see how much performance increases if one disables connection traffic using NOTRACK target in iptables rules."
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum