Posted: Wed Jul 20, 2022 22:16 Post subject: DD-WRT router that can keep up with gigabit WAN
I have a Netgear r7000 (not P) connected to a Comcast/Xfinity gateway with a 1.2 gb broadband connection (marketing "Supersonic"). I run the gateway in bridged mode to the Netgear. No matter how much tuning and software updating I do on the Netgear 500-600 mb is about all I can get.
When I run the gateway as a router bypassing the netgear I do in fact get the advertised broadband bandwidth.
I still want to run ddwrt, and have concluded its going to take a hardware upgrade. I'm looking for the cheapest (maybe even used) replacement that will keep up with the broadband connection running ddwrt.
Only viable option is DD-WRT for x86. Even consumer-grade AX routers (which afaik it still doesn't support) can NOT fully support gigabit connections w/ the ISP, even w/ CTF/SFE/FA enabled (which are just hacks and break things).
In short, virtually NONE of your typical consumer-grade routers out there, whether OEM or third-party, AX or AC, are truly capable of meeting such demands. They just don't have the horsepower. Vendors know it and are using hacks like CTF/SFE/FA to give the *illusion* they have the capability, but it's pure baloney.
Joined: 18 Mar 2014 Posts: 12882 Location: Netherlands
Posted: Thu Jul 21, 2022 6:22 Post subject: Re: ddwrt router that can keep up with gigabit Comcast con
kmand wrote:
I have a Netgear r7000 (not P) connected to a Comcast/Xfinity gateway with a 1.2 gb broadband connection (marketing "Supersonic"). I run the gateway in bridged mode to the Netgear. No matter how much tuning and software updating I do on the Netgear 500-600 mb is about all I can get.
When I run the gateway as a router bypassing the netgear I do in fact get the advertised broadband bandwidth.
I still want to run ddwrt, and have concluded its going to take a hardware upgrade. I'm looking for the cheapest (maybe even used) replacement that will keep up with the broadband connection running ddwrt.
Suggestions?
Your Netgear R7000 can get close to 900 Mb/s.
But that is with some trickery and no QoS and lightly taxed.
My Netgear R7800/XR500 which has a much more powerful CPU can also get close to 900 Mb/s without trickery but still without QoS.
Even more powerful is the NetGear R9000 which has an 10 Gb SFP port you have to buy the module separately and it is runing very hot, this router has a bad name due to bad thermal design and failing radio's, but if you get a good one and you add fans it is a powerful router.
But basically in your situation I agree with @eibgrad and would get an X86 mini PC/router there are recommendation on this forum for that.
But until you get one I would get the maximum out of the R7000 which is upgrading to the latest build and enabling CTF + FA
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Thu Jul 21, 2022 8:55 Post subject:
Netgear R7800 aka XR500 or Netgear R9000 aka XR700
those are consumer grade units that can get close especially R9000 witch has quad core CPU...where R7800 is a dual core but still lots of power...
your best bet x86 or x64 DDWRT PC something like those small PC will to better https://eu.protectli.com/vault-6-port/ or https://www.amazon.com/Router-Fanless-Windows-Untangle-Opnsense/dp/B09Z865MH4 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Thu Jul 21, 2022 10:49 Post subject:
I dont understand...
R7000 should have CTF & FA which can handle Gigabit wan.
Enable it, takes two reboots to get CTF & FA and the built in chip for FA Hardware NAT acceleration to kick in.
Sure you wont be able to use QoS or Port fowarding because CTF & FA bypass such traffic shaping and firewall rules in order to achieve Gigabit WAN speeds, there maybe a way to get port forwarding to work, but since I do not have a gigabit WAN connection on similar hardware as you (exactly same hw on RT-AC68U/R7000), I cannot test and setup and do any write ups on how to, but such exists on the web.
Its possible to get port forwarding to work even with CTF & FA its a non standard setup but it can work if you really need port forwarding (e.g. to support passive connection), else no need to bother, and QoS is mostly not something you need to setup since the OS will handle the traffic congestion algorithm, when the router is not an endpoint, e.g. VPN and others.
You dont need another router.
That said. You are welcome to get an Atheros based device with more CPU power which is also opensource driver wise unlike Broadcom crap which is closed source and hard to maintain. the R7800 being such example, but from what I read, you will have different challenges to overcome on the switch side of such device, that is, depending on your setup, topology and general specific needs.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Thu Jul 21, 2022 12:31 Post subject:
CFT & FA are both software acceleration (CPU) and FA is hardware acceleration via built in chip, so it can or rather should suffice for 1 Gigabit because FA is offloaded to the chip and not CPU, there are videos on Youtube about Broadcom introducing this technology and demonstrating, it can reach 1 Gigabit.
Of course x86 is more powerful like the R9000 has quad core 1.8Ghz per CPU core and even without SFE it should do 1Gigabit and more since it has the SFP port at 10 Gigabit.
Without NAT hardware acceleration, everything is just CPU side so ...
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Thu Jul 21, 2022 12:38 Post subject:
Understand DD-WRT is GPLv2
Opensource does not mean free as in free beer, GPLv2/V3 allows for charging fees, even for instance if I or anyone takes the source code of any GPLv2/v3 project and can bundle the same shit and charge people for it irrespective if its vanilla or modified and such permissive licenses irrespective if I or whoever is or not a developer for said project. Understand the implications, read the GPL and other licenses.
Opensource is about freedom to download, copy, modify and redistribute the result without fear of being sued for various reasons.
People assume opensource immediately means its free as in free beer, but in reality is about freedom to do x with the sourcecode and resulting binaries, not price/cost.
So sure, its a fair deal, most of us use dd-wrt for free as in free beer, after all development has costs, even if in opensource most contributors like me are paid zero or not, in fact most devs these days want to get funded for working on opensource, while Im the opinion that opensource should remain free and include all freedoms of doing whatever as long as my copyrights are honored. (the dev for Rufus has similar ideologies as myself check what he says under donations)
Free as in price/freedom is not and will never be the same thing.
And to finalize (while unrelated to this thread but it applies to some few specific others), GPL also makes provisions about WARRANTIES paragraph 11, and many of the people reporting issues and demanding support should read, quite a few seem to think there is some obligation and that something should work as advertised, the reality is quite the opposite.
Is opensource a good model? I certainly think so and its worth fighting for, and numpties in corporations just dont want to accept the distinction between free as in price and freedom.
Thanks. Yeah, I knew that, but I was assuming few ppl would be willing to consider it. You know us third-party users; we're always insisting on freebies. I don't know the terms for the paid version and whether there are on-going maintenance fees, which is typically a showstopper for the average consumer. But certainly worth knowing it's an option.
No, the dd-wrt "professional license" costs a one-time fee of €20 per device.
If you ask me - not a big sum if you invest hundreds of € in a x86 anyway (at least my personal opinion).
Especially professional WLAN cards are really cheap (ironic).
but admittedly... often it is a good idea to just use additional AP's
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Fri Jul 22, 2022 12:22 Post subject:
Multi-Function Router Q750G5 Intel Celeron J4125,Up to 2.7Ghz 10W AES-Ni (Barebone) 5 Intel 5 LAN ports - $150
8GB RAM $40
ssd second hand or hdd 30-40$
R7800 second hand to use it for an AP as it has a top radios - 50-80$ or a cheaper Archer C7 v2
DDWRT 1 year licence $20
so, less than $350 you can make your own top router...
as well you can get all in one build in with ram ssd and wifi... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
You do know that amazon.com prices do not include taxes?
They vary by state and are added at checkout.
This MiniPC has an M2 slot for Wifi.
That means it will probably come with an absolutely useless Intel M2 WLAN card.
All good WLAN cards have a Mini PCIe form factor.
and you can't buy a R7800 in the EU for months and the used ones are defective.
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Fri Jul 22, 2022 13:13 Post subject:
ho1Aetoo wrote:
You do know that amazon.com prices do not include taxes?
They vary by state and are added at checkout.
This MiniPC has an M2 slot for Wifi.
That means it will probably come with an absolutely useless Intel M2 WLAN card.
All good WLAN cards have a Mini PCIe form factor.
and you can't buy a R7800 in the EU for months and the used ones are defective.
Since Jan 2022 i got few for a different projects...all now with DDWRT...
as well yep this mini PC will come from amazon US so, to EU the price goes up...and yes no point to get it with WiFi module as you can use R7800 in WAP mode...instead..
For US based customer 350$, for EU it will be $100 on the top i guess may be a bit more...
To be honest, I'm not tempted to get one ATM as i don't have a project to put it in...but if its needed...$450 for hardware and licensed DDWRT seems fair..
So, far my Projects never go up than R7800 or R9000 and many of those around....so far... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14217 Location: Texas, USA
Posted: Fri Jul 22, 2022 15:25 Post subject:
the-joker wrote:
Sure you wont be able to use QoS or Port fowarding because CTF & FA bypass such traffic shaping and firewall rules in order to achieve Gigabit WAN speeds, there maybe a way to get port forwarding to work, but since I do not have a gigabit WAN connection on similar hardware as you (exactly same hw on RT-AC68U/R7000), I cannot test and setup and do any write ups on how to, but such exists on the web.
Its possible to get port forwarding to work even with CTF & FA its a non standard setup but it can work if you really need port forwarding (e.g. to support passive connection), else no need to bother, and QoS is mostly not something you need to setup since the OS will handle the traffic congestion algorithm, when the router is not an endpoint, e.g. VPN and others.
The problem with CTF/FA/SFE and port forwarding is NAT loopback. Looks like @egc figured it out, he's a pretty smart guy : https://svn.dd-wrt.com/ticket/7472
Just curious. Are such fixes making known problems compatible w/ CTF, or are they simply bypassing CTF?
In the former, the performance benefits would presumably be preserved, while in the latter, it would NOT.
If it's the latter, then while I appreciate the fix (at least things work again), fact is, your performance is being crippled during those specific operations (e.g., port forwarding), correct?
BTW, I noticed FT (FreshTomato) is marking packets in the mangle table that are specifically known to be incompatible w/ CTF, such as NAT loopback. I find this interesting because it suggests anyone who runs into another unexpected problem could presumably do the same, rather than relying on a developer fix.
Code:
root@lab-tomato2:/tmp/home/root# iptables -t mangle -vnL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 MARK all -- * br0 192.168.2.0/24 192.168.2.0/24 MARK xset 0x1/0x7
Just wondering if dd-wrt should/could do the same.
FWIW, FT does NOT enable CTF by default, which seems appropriate. It specifically warns that turning it ON will disable the QoS and bandwidth limiting features.