First draft of Flow Acceleration wiki entry

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Sat May 29, 2021 18:01    Post subject: First draft of Flow Acceleration wiki entry Reply with quote
Here's my first draft of an entry for FA let me know what you all think:

https://forum.dd-wrt.com/wiki/index.php/Hardware#Flow_Acceleration_and_Cut-Through_Forwarding
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sat May 29, 2021 19:43    Post subject: Reply with quote
Where's the more detailed info about SFE? If we're going to do one, we need info on both somewhere in the wiki. Also, CTF and BCM_FASTNAT pre-dates SFE. You should consider doing some more research. CTF binary blob exists in the GPL tarballs for Linksys E-series around 2014-2015.

https://www.google.com/search?q=broadcom+ctf+module+release+date

https://www.google.com/search?q=broadcom+fastnat+fastpath

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Sat May 29, 2021 20:49    Post subject: Reply with quote
kernel-panic69 wrote:
Where's the more detailed info about SFE? If we're going to do one, we need info on both somewhere in the wiki. Also, CTF and BCM_FASTNAT pre-dates SFE. You should consider doing some more research. CTF binary blob exists in the GPL tarballs for Linksys E-series around 2014-2015.

https://www.google.com/search?q=broadcom+ctf+module+release+date

https://www.google.com/search?q=broadcom+fastnat+fastpath


You are correct we need something about SFE. When I started this I figured that SFE would be sufficiently disconnected from CTF and FA so as to be able to not conflate everything. But in digging into the past forum messages it seems clear that SFE was positioned as a competitor/alternate to CTF so it's really already been conflated, and the GUI options also mix the two, so that's kind of a lost cause.

My concern is users assuming that SFE and CTF are the same level of stability when they are lightyears apart. CTF and FA are hardware-dependent while SFE isn't. FA is barely experimental while SFE is pretty mainstream. Yes CTF has been around a while but the older version is almost a different animal.

I'll add a section on the hardware page for SFE ahead of the CTF+FA page.

I did know that CTF predated SFE but according to messages in the forum at that time from Kong and Brainslayer, it was a dry hole. Besides the fact that it required a binary blob kernel in addition to the binary blob ctf.ko (which was a non-starter for Brainslayer), Kong reported that CTF was buggy.

I don't know where exactly Brainslayer obtained the current ctf.ko and FA modules from, but clearly they are NOT compiled in such a way that the cannot be linked into an open kernel. I strongly suspect Broadcom built them specially for him since no other project that uses CTF seems to be using modern kernels. And I don't think ANY other project uses the hardware FA driver.

There's a ton of other forums out there with people singing the praises of CTF on the K26 kernels but most seem to be using a binary blob kernel from ASUS along with their ctf.ko module, and even ASUS originally started out with code they obtained from OpenWRT or Tomato, one of the two. A lot of those projects, to me, seem sort of frozen in time. OpenWRT is active, yes, but so many forks of it seem to have supported a few devices then come to a dead end. Even Tomato seems moribund except for the FreshTomato fork and while it is very welcoming that that fork supports some router models that dd-wrt has written off and ignored, I take a very dim view of their most-un-neighborly defaults of channel 4 at 40Mhz for the 2.4Ghz wifi. We have enough azzholes out there who are on the 2.4Ghz band who are not using 1, 6 or 11 at 20Mhz we don't need to add a bunch of noobs on channel 4.

NEvertheless while the history of SFE and CTF and FA and how they came to exist in the open router projects is indeed fascinating, I didn't think a newbie to dd-wrt would really give a damn. CTF and FA came late to dd-wrt and yes, 5 years ago there were people lighting up the dd-wrt forums, angry that they could not get the full power of their gigabit Internet connection using dd-wrt, and, sadly, there are even recommendations that the OEM firmware is -better- due to this, believe it or not.

You can google "is dd-wrt dead" and find nonsense articles saying that on the Internet ever since a decade ago. Most of these are regurgitations of other "dd-wrt dead" articles or they are thinly disguised advertisements for other devices by Microtik and Ubiquity fanboys but many do stem from the "I want my CTF" refrain from Dire Straits (oh wait, that was "I want my MTV", oh well same whine)

The arrival of the SFE code allowed dd-wrt to tell people "look, CTF ain't that great if you want the same speed just buy a new router with a fast CPU and run SFE-enabled code on it and you get the same throughput" but that really just bought some time. Mainline Internet core routers from Cisco and Juniper have offloaded most packet-processing from the router CPU for over a decade, and despite the fact that a 3 year old PC will run rings around most dd-wrt routers, people have not accepted the idea that if they honestly want and need the speed, quit screwing with the greasy kid stuff and boot up Linux on a real computer. The consumer has gotten comfortable with viewing the box that says "router" as a "real router" and viewing the box that says "Intel" as a "real computer" and never the twain shall meet, despite the best efforts of the Raspberry Pi guys saying "but but but you can replace that $800 PC with a $40 Piiiiiiiiiii" So, yeah, the makers like Netgear, ASUS, Linksys/Belkin and so on are going to run with this and continue cranking out "routers" and the industry is going to continue making more go-fast packet ethernet chips and the average speed of Internet lines is going to continue to rise. CTF and FA are going to be required by more and more people in the future I think.

Ultimately what end users care the most about are results, while the academic discussions are fun to read, does any of this stuff work? My intent is to do some ethernet-to-ethernet testing on just that and post the results to the wiki, but I'm not going to be able to setup complete testing on it for a few more weeks. You are an intellectual type which is why you objected to the flaws in the academics I found it interesting you did not object to the lack of real data of whether this stuff actually works right.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sat May 29, 2021 21:00    Post subject: Reply with quote
The original binary object kernel module files were for Linux 2.6; I presume that somehow BrainSlayer got his hands on the actual source code or figured out something to make it work with newer kernels. I do thank you for taking the time to do this.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Sat May 29, 2021 21:07    Post subject: Reply with quote
hmmmm nice job, but as KP69 noted, SFE also needs to be on "the menu"...not bad idea BS to make a small help sections inside GUI...too...
The other side of the coin that is 'missin'...bit and pieces that concern security...there was a good discussion on the forum ages ago...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Sun May 30, 2021 0:40    Post subject: Reply with quote
Alozaros wrote:
hmmmm nice job, but as KP69 noted, SFE also needs to be on "the menu"...not bad idea BS to make a small help sections inside GUI...too...
The other side of the coin that is 'missin'...bit and pieces that concern security...there was a good discussion on the forum ages ago...


I'll put that in under the Caveats I was meaning to do that but forgot. Unfortunately it's -very- speculative since the way it works isn't published, so there's no way for a 3rd party to audit it.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun May 30, 2021 9:31    Post subject: Reply with quote
Nice job !!

Not sure how/if CTF&FA handles port forwarding.

Marked traffic should be excluded from FA so perhaps that traffic should be marked?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Sun May 30, 2021 17:24    Post subject: Reply with quote
egc wrote:
Nice job !!

Not sure how/if CTF&FA handles port forwarding.

Marked traffic should be excluded from FA so perhaps that traffic should be marked?


I believe that some of the "well known" traffic like http/https is identified by the driver and passed to the regular Linux IP stack thus it will work on a port forward. BUT, I don't know this for sure, it is one of the things I was going to test out when I did some speed tests with the code.

The same issue exists for the SFE bypass code as well but that works with port forwarding with even non-well-known traffic.
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Sun May 30, 2021 19:08    Post subject: Reply with quote
kernel-panic69 wrote:
I do thank you for taking the time to do this.


You are welcome - please take a look at it again as I have tried incorporating SFE
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon May 31, 2021 7:58    Post subject: Reply with quote
https://forum.dd-wrt.com/wiki/index.php/Hardware#Flow_Acceleration_and_Cut-Through_Forwarding

Quote:
Of course, most wifi protocols do not operate on Gigabit speeds anyway.


Wifi5 easily manages 1Gbit, with 80Mhz 4x4 or 160Mhz 2x2

So you could say that Wifi5 is gigabit capable and newer standards like Wifi6 anyway.
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Mon May 31, 2021 8:57    Post subject: Reply with quote
Good catch, that was mainly a placeholder sentence. The fact is I don't even know if FA works with wifi or not - it might. It's one of the things I plan to test out.
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Mon May 31, 2021 15:45    Post subject: Reply with quote
well, with small home routers, the slow processor is usually the sticking point.
that's why you need SFE/CTF/FA ... because the processor is too slow for gigabit speed with software NAT.

It is similar with the WLAN, which also needs a lot of resources at gigabit speed.

So theoretically I say everything is good which lowers the processor load.
Less load through NAT frees up more resources for WLAN.

However, only the really powerful routers should be able to achieve real gigabit, maybe Marvel armada, alpine, IPQ8074

With the stock firmware, even slower routers can do it.

the better atheros and mediatek WLAN chipsets actually have their own processors.
Like the QCA9984 I use, which has its own ARM CPU, and its own operating system and WLAN chip offload (which does not always work properly).

The load on the main processor is still there.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon May 31, 2021 18:27    Post subject: Reply with quote
ho1Aetoo wrote:
well, with small home routers, the slow processor is usually the sticking point.
that's why you need SFE/CTF/FA ... because the processor is too slow for gigabit speed with software NAT.

It is similar with the WLAN, which also needs a lot of resources at gigabit speed.

So theoretically I say everything is good which lowers the processor load.
Less load through NAT frees up more resources for WLAN.

However, only the really powerful routers should be able to achieve real gigabit, maybe Marvel armada, alpine, IPQ8074

With the stock firmware, even slower routers can do it.

the better atheros and mediatek WLAN chipsets actually have their own processors.
Like the QCA9984 I use, which has its own ARM CPU, and its own operating system and WLAN chip offload (which does not always work properly).

The load on the main processor is still there.


With stock my 1043v2 almost does a Gig, but has a HA chip..while with DDWRT it chokes up with 160-180Mbit+

But Than again if you need a Gig WAN than you'd need a proper router, no point to fry a slow router with tricks, as it performance will be compromised...

Of course many people want the cheapest router to drive like a Ferrari...nope it wont go that way...get a better router...!!! Laughing Laughing

Don't forget 7800 has two not utilised Krait cores too, so if they come into hand, it will do...better even without SFE...
For the record im not fan of SFE and ect.....just saying it...my view...if i need more ill get more...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Tue Jun 01, 2021 6:00    Post subject: Reply with quote
Alozaros wrote:
But Than again if you need a Gig WAN than you'd need a proper router, no point to fry a slow router with tricks, as it performance will be compromised...

Of course many people want the cheapest router to drive like a Ferrari...nope it wont go that way...get a better router...!!! Laughing Laughing

Don't forget 7800 has two not utilised Krait cores too, so if they come into hand, it will do...better even without SFE...
For the record im not fan of SFE and ect.....just saying it...my view...if i need more ill get more...


"commercial" routers like the Cisco enterprise and edge routers DO use "tricks" as well. That's what "fast switching" vs "process switching" is all about. Fast switched packets are NOT handled by the CPU in Cisco IOS.

Linux was never designed for routers. It evolved from a System V Unix flavor while FreeBSD evolved from BSD Unix which was a variant of the original AT&T Bell Labs Unix. It is a server OS and it's primary purpose is server OS stuff, not moving packets from one interface to another.

Technically, ANYTHING that moves packets from one interface to another based on a routing table, is a router.

But a "proper" router is what I would call a router that can move every packet that arrives at any of it's interfaces to another interface without dropping it. That is the primary purpose of a router is hauling packets around. Not running VPNs or NAT or NAS fileserving.

A "slow router" is a router that cannot do this and so drops some packets. But one man's trash is another man's treasure. Just because an older 300Mhz CPU router can't do this with gigabit but CAN do it with a 7Mbt DSL line doesn't mean it's slow. It's plenty fast on that DSL line.

And, even a 7800 cannot do gigabit-to-gigabit routing if EVERY PACKET must pass through the iptables/netfilter stack. Why? Because Linux just does far too much manipulation of the packet while it passes through the network stack. this is why SFE and CTF and FA were developed.
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Tue Jun 01, 2021 7:14    Post subject: Reply with quote
Alozaros wrote:
Don't forget 7800 has two not utilised Krait cores too, so if they come into hand, it will do...better even without SFE...


Well, the IPQ8065 has 2 Krait 300 cores, which are 8-9 years old by the way.
At that time, they were used in the Snapdragon 400/600 (which is lame compared to today's smartphone processors).

But these are the normal CPU cores that already work.
You mean the 2 NSS cores (Networking SubSystem) / NPU (Network Processing Unit).

These are 2 specialized 800mhz cores with a crypto engine.
They can shovel packets or accelerate e.g. AES.

The NSS cores work in some OpenWRT builds, but again with similar limitations as SFE (no QoS possible).

So in the end this is not the allround solution for everyone.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum