DD-WRT router that can keep up with gigabit WAN

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Goto page 1, 2  Next
Author Message
kmand
DD-WRT Novice


Joined: 10 Dec 2010
Posts: 30

PostPosted: Wed Jul 20, 2022 22:16    Post subject: DD-WRT router that can keep up with gigabit WAN Reply with quote
I have a Netgear r7000 (not P) connected to a Comcast/Xfinity gateway with a 1.2 gb broadband connection (marketing "Supersonic"). I run the gateway in bridged mode to the Netgear. No matter how much tuning and software updating I do on the Netgear 500-600 mb is about all I can get.

When I run the gateway as a router bypassing the netgear I do in fact get the advertised broadband bandwidth.

I still want to run ddwrt, and have concluded its going to take a hardware upgrade. I'm looking for the cheapest (maybe even used) replacement that will keep up with the broadband connection running ddwrt.

Suggestions?
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Jul 20, 2022 23:58    Post subject: Reply with quote
Only viable option is DD-WRT for x86. Even consumer-grade AX routers (which afaik it still doesn't support) can NOT fully support gigabit connections w/ the ISP, even w/ CTF/SFE/FA enabled (which are just hacks and break things).

In short, virtually NONE of your typical consumer-grade routers out there, whether OEM or third-party, AX or AC, are truly capable of meeting such demands. They just don't have the horsepower. Vendors know it and are using hacks like CTF/SFE/FA to give the *illusion* they have the capability, but it's pure baloney.

P.S. One thing to be aware of w/ DD-WRT for x86. AFAIK, it doesn't support VLANs or wireless, so you'd like have to support that downstream w/ a managed switch and wireless AP(s). IOW, it's more of a pure router+firewall, compared to what you typically see w/ a consumer-grade, all-in-one router from ASUS, Netgear, or TP-Link.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Jul 21, 2022 6:22    Post subject: Re: ddwrt router that can keep up with gigabit Comcast con Reply with quote
kmand wrote:
I have a Netgear r7000 (not P) connected to a Comcast/Xfinity gateway with a 1.2 gb broadband connection (marketing "Supersonic"). I run the gateway in bridged mode to the Netgear. No matter how much tuning and software updating I do on the Netgear 500-600 mb is about all I can get.

When I run the gateway as a router bypassing the netgear I do in fact get the advertised broadband bandwidth.

I still want to run ddwrt, and have concluded its going to take a hardware upgrade. I'm looking for the cheapest (maybe even used) replacement that will keep up with the broadband connection running ddwrt.

Suggestions?


Your Netgear R7000 can get close to 900 Mb/s.
But that is with some trickery and no QoS and lightly taxed.

My Netgear R7800/XR500 which has a much more powerful CPU can also get close to 900 Mb/s without trickery but still without QoS.

Even more powerful is the NetGear R9000 which has an 10 Gb SFP port you have to buy the module separately and it is runing very hot, this router has a bad name due to bad thermal design and failing radio's, but if you get a good one and you add fans it is a powerful router.

But basically in your situation I agree with @eibgrad and would get an X86 mini PC/router there are recommendation on this forum for that.

But until you get one I would get the maximum out of the R7000 which is upgrading to the latest build and enabling CTF + FA

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Thu Jul 21, 2022 8:55    Post subject: Reply with quote
Netgear R7800 aka XR500 or Netgear R9000 aka XR700
those are consumer grade units that can get close especially R9000 witch has quad core CPU...where R7800 is a dual core but still lots of power...

your best bet x86 or x64 DDWRT PC something like those small PC will to better https://eu.protectli.com/vault-6-port/ or https://www.amazon.com/Router-Fanless-Windows-Untangle-Opnsense/dp/B09Z865MH4

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Jul 21, 2022 10:49    Post subject: Reply with quote
I dont understand...

R7000 should have CTF & FA which can handle Gigabit wan.

Enable it, takes two reboots to get CTF & FA and the built in chip for FA Hardware NAT acceleration to kick in.

Sure you wont be able to use QoS or Port fowarding because CTF & FA bypass such traffic shaping and firewall rules in order to achieve Gigabit WAN speeds, there maybe a way to get port forwarding to work, but since I do not have a gigabit WAN connection on similar hardware as you (exactly same hw on RT-AC68U/R7000), I cannot test and setup and do any write ups on how to, but such exists on the web.

Its possible to get port forwarding to work even with CTF & FA its a non standard setup but it can work if you really need port forwarding (e.g. to support passive connection), else no need to bother, and QoS is mostly not something you need to setup since the OS will handle the traffic congestion algorithm, when the router is not an endpoint, e.g. VPN and others.

You dont need another router.

That said. You are welcome to get an Atheros based device with more CPU power which is also opensource driver wise unlike Broadcom crap which is closed source and hard to maintain. the R7800 being such example, but from what I read, you will have different challenges to overcome on the switch side of such device, that is, depending on your setup, topology and general specific needs.

I suggest you enable CTF & FA and then if it doesn't do Gigabit speeds which it should as that is what it is for, we can try and get some developer attention here to get the Gigabit speeds as it should very well bloody do.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Thu Jul 21, 2022 11:30    Post subject: Reply with quote
QoS works on layer 2-3 and works even if the router is not the endpoint

TCP congestion control works on layer 7 and is endpoint based

But I doubt that any home router has that much CPU power to shape 1Gbit.

With multiple parallel up+download connections, 140Mbit throughput and Cake, the R7800 has ~100% CPU load (with 2x 1.7Ghz).

So you can guess how much CPU power you need for 1Gbit.

Mr. Green

Edit: and dd-wrt for x86 supports WLAN (at least the paid version)
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Jul 21, 2022 12:31    Post subject: Reply with quote
CFT & FA are both software acceleration (CPU) and FA is hardware acceleration via built in chip, so it can or rather should suffice for 1 Gigabit because FA is offloaded to the chip and not CPU, there are videos on Youtube about Broadcom introducing this technology and demonstrating, it can reach 1 Gigabit.

Of course x86 is more powerful like the R9000 has quad core 1.8Ghz per CPU core and even without SFE it should do 1Gigabit and more since it has the SFP port at 10 Gigabit.

Without NAT hardware acceleration, everything is just CPU side so ...

Now because its closed source, and DD-WRT using newer kernels and newer broadcom SDK's in order to rebuild the binaries against these kernels, it may need more tweaking drivers side, thats a whole different ball game.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)


Last edited by the-joker on Thu Jul 21, 2022 12:33; edited 1 time in total
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Thu Jul 21, 2022 12:32    Post subject: Reply with quote
ho1Aetoo wrote:
Edit: and dd-wrt for x86 supports WLAN (at least the paid version)


Thanks. Yeah, I knew that, but I was assuming few ppl would be willing to consider it. You know us third-party users; we're always insisting on freebies. I don't know the terms for the paid version and whether there are on-going maintenance fees, which is typically a showstopper for the average consumer. But certainly worth knowing it's an option.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Thu Jul 21, 2022 12:38    Post subject: Reply with quote
Understand DD-WRT is GPLv2

Opensource does not mean free as in free beer, GPLv2/V3 allows for charging fees, even for instance if I or anyone takes the source code of any GPLv2/v3 project and can bundle the same shit and charge people for it irrespective if its vanilla or modified and such permissive licenses irrespective if I or whoever is or not a developer for said project. Understand the implications, read the GPL and other licenses.

Opensource is about freedom to download, copy, modify and redistribute the result without fear of being sued for various reasons.

People assume opensource immediately means its free as in free beer, but in reality is about freedom to do x with the sourcecode and resulting binaries, not price/cost.

So sure, its a fair deal, most of us use dd-wrt for free as in free beer, after all development has costs, even if in opensource most contributors like me are paid zero or not, in fact most devs these days want to get funded for working on opensource, while Im the opinion that opensource should remain free and include all freedoms of doing whatever as long as my copyrights are honored. (the dev for Rufus has similar ideologies as myself check what he says under donations)

Free as in price/freedom is not and will never be the same thing.

And to finalize (while unrelated to this thread but it applies to some few specific others), GPL also makes provisions about WARRANTIES paragraph 11, and many of the people reporting issues and demanding support should read, quite a few seem to think there is some obligation and that something should work as advertised, the reality is quite the opposite.

Is opensource a good model? I certainly think so and its worth fighting for, and numpties in corporations just dont want to accept the distinction between free as in price and freedom.

Sorry for digression, as Im an advocate for freedom I cant help but make things clear.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Thu Jul 21, 2022 16:13    Post subject: Reply with quote
eibgrad wrote:
Thanks. Yeah, I knew that, but I was assuming few ppl would be willing to consider it. You know us third-party users; we're always insisting on freebies. I don't know the terms for the paid version and whether there are on-going maintenance fees, which is typically a showstopper for the average consumer. But certainly worth knowing it's an option.


No, the dd-wrt "professional license" costs a one-time fee of €20 per device.

If you ask me - not a big sum if you invest hundreds of € in a x86 anyway (at least my personal opinion).

Especially professional WLAN cards are really cheap (ironic).

but admittedly... often it is a good idea to just use additional AP's
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Fri Jul 22, 2022 12:22    Post subject: Reply with quote
Multi-Function Router Q750G5 Intel Celeron J4125,Up to 2.7Ghz 10W AES-Ni (Barebone) 5 Intel 5 LAN ports - $150
8GB RAM $40
ssd second hand or hdd 30-40$
R7800 second hand to use it for an AP as it has a top radios - 50-80$ or a cheaper Archer C7 v2

DDWRT 1 year licence $20

so, less than $350 you can make your own top router...

where XR700 or R9000 price as new is 350-400 GBP

https://www.amazon.com/Router-Fanless-Windows-Untangle-Opnsense/dp/B09Z81XYN3?th=1

as well you can get all in one build in with ram ssd and wifi...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Fri Jul 22, 2022 12:45    Post subject: Reply with quote
You do know that amazon.com prices do not include taxes?
They vary by state and are added at checkout.

This MiniPC has an M2 slot for Wifi.
That means it will probably come with an absolutely useless Intel M2 WLAN card.
All good WLAN cards have a Mini PCIe form factor.

and you can't buy a R7800 in the EU for months and the used ones are defective.

Wink
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Fri Jul 22, 2022 13:13    Post subject: Reply with quote
ho1Aetoo wrote:
You do know that amazon.com prices do not include taxes?
They vary by state and are added at checkout.

This MiniPC has an M2 slot for Wifi.
That means it will probably come with an absolutely useless Intel M2 WLAN card.
All good WLAN cards have a Mini PCIe form factor.

and you can't buy a R7800 in the EU for months and the used ones are defective.

Wink


many second hand reasonable prised R7800
https://www.ebay.co.uk/sch/i.html?_from=R40&_trksid=p2380057.m570.l1313&_nkw=netgear+R7800&_sacat=0

Since Jan 2022 i got few for a different projects...all now with DDWRT...

as well yep this mini PC will come from amazon US so, to EU the price goes up...and yes no point to get it with WiFi module as you can use R7800 in WAP mode...instead..

For US based customer 350$, for EU it will be $100 on the top i guess may be a bit more...

To be honest, I'm not tempted to get one ATM as i don't have a project to put it in...but if its needed...$450 for hardware and licensed DDWRT seems fair..
So, far my Projects never go up than R7800 or R9000 and many of those around....so far... Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Fri Jul 22, 2022 15:25    Post subject: Reply with quote
the-joker wrote:

Sure you wont be able to use QoS or Port fowarding because CTF & FA bypass such traffic shaping and firewall rules in order to achieve Gigabit WAN speeds, there maybe a way to get port forwarding to work, but since I do not have a gigabit WAN connection on similar hardware as you (exactly same hw on RT-AC68U/R7000), I cannot test and setup and do any write ups on how to, but such exists on the web.

Its possible to get port forwarding to work even with CTF & FA its a non standard setup but it can work if you really need port forwarding (e.g. to support passive connection), else no need to bother, and QoS is mostly not something you need to setup since the OS will handle the traffic congestion algorithm, when the router is not an endpoint, e.g. VPN and others.

The problem with CTF/FA/SFE and port forwarding is NAT loopback. Looks like @egc figured it out, he's a pretty smart guy Wink : https://svn.dd-wrt.com/ticket/7472

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Fri Jul 22, 2022 17:47    Post subject: Reply with quote
kernel-panic69 wrote:
The problem with CTF/FA/SFE and port forwarding is NAT loopback. Looks like @egc figured it out, he's a pretty smart guy Wink : https://svn.dd-wrt.com/ticket/7472


Just curious. Are such fixes making known problems compatible w/ CTF, or are they simply bypassing CTF?

In the former, the performance benefits would presumably be preserved, while in the latter, it would NOT.

If it's the latter, then while I appreciate the fix (at least things work again), fact is, your performance is being crippled during those specific operations (e.g., port forwarding), correct?

BTW, I noticed FT (FreshTomato) is marking packets in the mangle table that are specifically known to be incompatible w/ CTF, such as NAT loopback. I find this interesting because it suggests anyone who runs into another unexpected problem could presumably do the same, rather than relying on a developer fix.

Code:
root@lab-tomato2:/tmp/home/root# iptables -t mangle -vnL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 MARK       all  --  *      br0     192.168.2.0/24       192.168.2.0/24       MARK xset 0x1/0x7


Just wondering if dd-wrt should/could do the same.

FWIW, FT does NOT enable CTF by default, which seems appropriate. It specifically warns that turning it ON will disable the QoS and bandwidth limiting features.

AFAICT (and I could be wrong), dd-wrt leaves CTF on by default, providers no warnings, and does NOT disable it should you enable QoS or other things known to be incompatible (at least I did see CTF disabled on the Setup page when I subsequently enabled QoS).

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum