Shortcut Forwarding Engine?

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2  Next
Author Message
yodog
DD-WRT User


Joined: 04 Mar 2017
Posts: 89

PostPosted: Thu Aug 17, 2017 8:29    Post subject: Shortcut Forwarding Engine? Reply with quote
I tried searching but didn't really come up with anything in a reasonable amount of time searching. What exactly is this feature on the main ddwrt page? I've only noticed it recently. I am using an R9000 with a 8/3/2017 BS build at the moment. Any insight and info on this would be much appreciated as well as recommendations to have it enabled or disabled and what are the pros and cons of each, thanks.
Sponsor
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Thu Aug 17, 2017 9:11    Post subject: Reply with quote
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=310267&start=0
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

tmo1138
DD-WRT User


Joined: 24 Mar 2015
Posts: 175
Location: Tacoma, Wa

PostPosted: Sun Apr 22, 2018 21:59    Post subject: Reply with quote
This seems to be the best overview of SFE that I've found..

https://source.codeaurora.org/quic/qsdk/oss/lklm/shortcut-fe/plain/README?h=banana

_________________
Routers:
Netgear R8000 - DD-WRT v3.0-r43420 std (06/15/20)
Netgear R9000 - DD-WRT v3.0-r43420 std (06/15/20)


Useful links:

Builds:
ftp://ftp.dd-wrt.com/betas/2020/


dd-wrt supported devices:
http://www.dd-wrt.com/wiki/index.php/Supported_Devices

So long <kong> and thanks for all the fish!
ddaniel51
DD-WRT Guru


Joined: 19 Feb 2013
Posts: 1464

PostPosted: Mon Apr 23, 2018 2:13    Post subject: Reply with quote
I run Yamon on my R9000 and cannot enable SFE because of it.

The R9000 does gigabit Internet without SFE enabled and is the reason I use them.

_________________
Segment 1 XR700 10Gb LAN, 1Gb WAN ISP BS
Wired AP 1 Unifi Wifi 6 LR US 1Gb LAN
Wired AP 2 Unifi Wifi 6 LR US 1Gb LAN
Wired AP 3 Unifi Wifi 6 LR US 1Gb LAN
Syslog Services Asustor 7110T NAS 10GB
NetGear XS716T 10GB Switch
download1.dd-wrt.com/dd-wrtv2/downloads/betas/ (Brain Slayer)
YAMon https://usage-monitoring.com/index.php
jmfolcik
DD-WRT User


Joined: 06 Nov 2010
Posts: 125

PostPosted: Sat May 19, 2018 0:07    Post subject: Reply with quote
I've been using it on and off all this year, and really haven't had any concrete evidence its been implemented/enabled as stated when I turn it on.

Has anyone here used it and saw a noticeable improvement on an underpowered router? I get around 70megabit with and without it with a 650mhz single core Atheros on wan to lan. Maybe its implementation is bugged on the Tplink 841?

When I swap in a gig router I get 120megabit. but that router is Broadcom and a POS for reliability.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Sat May 19, 2018 0:28    Post subject: Reply with quote
I have noticed a difference. When I have SFE turned on, I get the same as stock firmware throughput, when off there is a drop off.

YMMV but some have said they have problems with it but I have not, just understand the limitations such as when using QOS or things like Yamon
code65536
DD-WRT User


Joined: 28 Dec 2011
Posts: 100
Location: .us

PostPosted: Mon May 21, 2018 9:03    Post subject: Reply with quote
SFE definitely makes a difference, but you need very fast Internet to see that difference.

I'm using a TEW-673GRU as my router (it has a single-core CPU running at 680MHz, so it's not exactly a powerful system; I have the WiFi disabled, though, since it's only 11n and I instead have a separate 11ac device that acts as my AP), and I have symmetric 1Gbps service from Google Fiber.

My speed tests cap out at around 300 Mbps without SFE. With SFE enabled, I get over 900 Mbps on the same speed test (it's actually slightly faster than the router provided by Google Fiber--I prefer to use my own device rather than the heavily-dumbed-down and restrictive one from Google).

So, yes, if you have Gigabit-class service, SFE makes a huge difference and you definitely need to have it enabled. But anything under 200Mbps, you probably won't notice anything different. And of course, you router must also have a Gigabit WAN port; I think one of the posters above was seeing only 70 Mbps because they're comparing a 100Mbit WAN to a Gb WAN.

_________________
Buffalo WZR-1750DHP: 34311
TRENDnet TEW-673GRU: 34311
TRENDnet TEW-811DRU: 33986
quarkysg
DD-WRT User


Joined: 03 May 2015
Posts: 323

PostPosted: Mon May 21, 2018 14:03    Post subject: Reply with quote
SFE also reduces CPU utilisation as it bypasses unnecessary firewall checks once a connection has been established. I turned it on although I only have a 50mbps connection, as I need all available CPU cycles since I also use OpenVPN on my router, which is a CPU hog.
tcabez
DD-WRT Novice


Joined: 11 Apr 2020
Posts: 6

PostPosted: Mon Jun 15, 2020 17:54    Post subject: Reply with quote
I'm sorry for reviving a 2 year dead thread, but I'd like to know if using the SFE has any security implications? I'm new to DDWRT so please state even the obvious. Google isn't producing very good results.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Mon Jun 15, 2020 22:10    Post subject: Reply with quote
tcabez wrote:
I'm sorry for reviving a 2 year dead thread, but I'd like to know if using the SFE has any security implications? I'm new to DDWRT so please state even the obvious. Google isn't producing very good results.


No it will not, think of it similar to cut through forwarding
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Jun 15, 2020 22:12    Post subject: Reply with quote
tcabez wrote:
I'm sorry for reviving a 2 year dead thread, but I'd like to know if using the SFE has any security implications? I'm new to DDWRT so please state even the obvious. Google isn't producing very good results.


hmmm safe,....what is safe..define level of safe ???
What is your router / current build running?

in simple words...SFE in terms of security...in order to speed-up the traffic/packets trough the software NAT, it punches a hole in it...(as it doesn't check some packets), but its considered safe, unless someone targets that bit...in very tiny scenarios...
many other router software's has it, as well some routers come with hardware NAT acceleration 'witch is basically the same' but has a chip for it...
If you need SFE......to squeeze some more performance out of your router, than you use it , but its not a favourite thing to use...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tcabez
DD-WRT Novice


Joined: 11 Apr 2020
Posts: 6

PostPosted: Tue Jun 16, 2020 3:39    Post subject: Reply with quote
I'm running latest build for an R7000. Everyone is saying I need SFE to achieve gigabit as I have full gigabit fiber internet. I'm just concerned that since it punches a hole, that its allowing things to bypass checks that you want? I thought I read in an old Dev log from the guy from Qualcomm that came up with it, that it allowed some checks then it punches. But I just want to make sure I'm not opening a gaping hole to the outside world, or making it very easy for someone to remotely attack me easier.
giuliomagnifico
DD-WRT User


Joined: 11 Apr 2016
Posts: 454
Location: Italy

PostPosted: Tue Jun 16, 2020 6:02    Post subject: Reply with quote
I don’t know the state of SFE and QoS now, but if you don’t have gigabit connection and you lose the QoS performance gain, I prefer to disable SFE.
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Tue Jun 16, 2020 7:32    Post subject: Reply with quote
giuliomagnifico wrote:
I don’t know the state of SFE and QoS now


hasnt changed.

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

MonarchX
DD-WRT User


Joined: 26 Sep 2009
Posts: 119

PostPosted: Thu Nov 12, 2020 12:53    Post subject: Reply with quote
This feature doubles bandwidth throughput on my LinkSys E2500 running the latest DD-WRT.

I have 120Mbps connection with Gigabit LAN router and I can achieve about 100-110Mbps with WireGuard VPN (on PC client) with that configuration, but that router is not considered to be safe and secure.

I chose to double-NAT with LinkSys E2500 running DD-WRT to keep myself more secure. LinkSys E2500 is a 100Mbps LAN router and with SFE disabled and WireGuard, I get about 40-50Mbps maximum speed. With SFE enabled, I get 75-85Mbps.

Is there more information about SFE? If it punches a NAT hole like STUN, ICE, and WebRTC, then it may not be worth it.

The Gigabit router is bad at filtering multicast and disabling UPnP correctly. Does SFE prevent DD-WRT from properly filtering multicast signals? Does SFE bypass other DD-WRT security measures?
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum