RMerlin
Asuswrt-Merlin dev
Since this is a frequently discussed topic, I thought I'd put what I know about this in a new thread.
CTF is Broadcom's closed-source, proprietary "secret sauce" that allows routers based on their hardware to achieve near gigabit performance. It does so through various methods which are not publicly known (even manufacturers don't get access to the ctf.ko source code AFAIK). One of it involves bypassing parts of Linux's Netfilter (the FORWARD chain is the most known one).
So as you can already see, "hardware acceleration" isn't an entirely accurate name. At least one portion of that acceleration is really a software trick (bypassing part of Linux's stack).
Due to these bypass, it prevents various firmware-level features from working. Anything that relies on the FORWARD chain for instance. The solution used by router manufacturers usually work on two different levels:
1) Some manufacturers like Asus and Netgear (if I remember correctly) will allow port-forwarding to work by modifying the Linux kernel so that any packet that gets marked will be flagged to bypass the CTF code. At the iptables level, any port-forwarded packet gets marked with a value. This way, you can have HW acceleration enabled and still use port forwards. The obvious consequence of this is that any traffic going through a port forward will not be "hardware-accelerated". So if you were to push a lot of traffic over a forwarded port, that traffic would probably not be able to reach near gigabit performance.
(caveat: I never actually tested this. I assume that CTF bypass is applied to every single packets that gets marked, not just on part of it)
2) When certain incompatible features are enabled, then the router is rebooted with CTF disabled. In this mode, the processing is then entirely done by Linux. It allows you to do anything you'd want (as a firmware developer), but performance is seriously impacted. A typical 600 MHz MIPS device (such as the RT-N66U) will reach a WAN to LAN limit of around 150-200 Mbps (less if you start heavily processing traffic through QoS, parental control, custom firewall rules, etc...). Unfortunately, it's not always clear to the end user when HW acceleration is automatically disabled by such a thing. If your router has telnet access, you could see if the ctf.ko kernel module is loaded or not, using the "lsmod" command.
CTF is what explains why most third party firmwares (such as DD-WRT) tend to have lower throughput than manufacturer stock firmwares. For people with average (North American levels there) WAN rates of 10-100 Mbps, this is not an issue. Any additional feature will come at no real cost on maximum throughput. But for our more fortunate oversea friends who get 100-1000 Mbits link speeds, CTF is virtually essential.
Due to the nature of its closed-sourceness, and also the fact that many advanced features do not work with CTF enabled, this is why most third party firmwares such as DD-WRT or OpenWRT don't support CTF.
Now, another recent topic: the different levels of hardware acceleration. Recent Broadcom chips support a new technology they call "Flow Acceleration", or "FA" for short. Broadcom's demonstration can be seen in this video:
https://www.youtube.com/watch?v=vwRmQkkZ71E
In home routers that have hardware supporting this, it gets handled by the same ctf.ko module, in addition to support being implemented at the Ethernet driver level. Unfortunately I don't know which specific Broadcom chips support this, or which specific routers support it. I know that neither the RT-AC56U or RT-AC68U (as of this date) support this at the hardware level. No idea about Netgear or Linksys's recent products.
In Asus's particular case (since it's the one I'm most familiar with - someone else could fill us up on the other manufacturers), they are handling this as a "Hardware acceleration level". Level 1 is just traditional CTF. Level 2 is traditional CTF + FA. One coming product that does support both levels will have to downgrade from Level 2 to Level 1 when one of the new features they are adding will be enabled.
One thing I do not know however is what kind of performance impact FA has on a router. Traditional CTF was already able to push things fairly close to gigabit speed with a minimal CPU impact.
(disclaimer: most of this is based on my own experience over the years. Due to the blackbox nature of CTF, I might not be 100% correct on all of this, so if anyone has any additional detail or corrections, feel free to share)
CTF is Broadcom's closed-source, proprietary "secret sauce" that allows routers based on their hardware to achieve near gigabit performance. It does so through various methods which are not publicly known (even manufacturers don't get access to the ctf.ko source code AFAIK). One of it involves bypassing parts of Linux's Netfilter (the FORWARD chain is the most known one).
So as you can already see, "hardware acceleration" isn't an entirely accurate name. At least one portion of that acceleration is really a software trick (bypassing part of Linux's stack).
Due to these bypass, it prevents various firmware-level features from working. Anything that relies on the FORWARD chain for instance. The solution used by router manufacturers usually work on two different levels:
1) Some manufacturers like Asus and Netgear (if I remember correctly) will allow port-forwarding to work by modifying the Linux kernel so that any packet that gets marked will be flagged to bypass the CTF code. At the iptables level, any port-forwarded packet gets marked with a value. This way, you can have HW acceleration enabled and still use port forwards. The obvious consequence of this is that any traffic going through a port forward will not be "hardware-accelerated". So if you were to push a lot of traffic over a forwarded port, that traffic would probably not be able to reach near gigabit performance.
(caveat: I never actually tested this. I assume that CTF bypass is applied to every single packets that gets marked, not just on part of it)
2) When certain incompatible features are enabled, then the router is rebooted with CTF disabled. In this mode, the processing is then entirely done by Linux. It allows you to do anything you'd want (as a firmware developer), but performance is seriously impacted. A typical 600 MHz MIPS device (such as the RT-N66U) will reach a WAN to LAN limit of around 150-200 Mbps (less if you start heavily processing traffic through QoS, parental control, custom firewall rules, etc...). Unfortunately, it's not always clear to the end user when HW acceleration is automatically disabled by such a thing. If your router has telnet access, you could see if the ctf.ko kernel module is loaded or not, using the "lsmod" command.
CTF is what explains why most third party firmwares (such as DD-WRT) tend to have lower throughput than manufacturer stock firmwares. For people with average (North American levels there) WAN rates of 10-100 Mbps, this is not an issue. Any additional feature will come at no real cost on maximum throughput. But for our more fortunate oversea friends who get 100-1000 Mbits link speeds, CTF is virtually essential.
Due to the nature of its closed-sourceness, and also the fact that many advanced features do not work with CTF enabled, this is why most third party firmwares such as DD-WRT or OpenWRT don't support CTF.
Now, another recent topic: the different levels of hardware acceleration. Recent Broadcom chips support a new technology they call "Flow Acceleration", or "FA" for short. Broadcom's demonstration can be seen in this video:
https://www.youtube.com/watch?v=vwRmQkkZ71E
In home routers that have hardware supporting this, it gets handled by the same ctf.ko module, in addition to support being implemented at the Ethernet driver level. Unfortunately I don't know which specific Broadcom chips support this, or which specific routers support it. I know that neither the RT-AC56U or RT-AC68U (as of this date) support this at the hardware level. No idea about Netgear or Linksys's recent products.
In Asus's particular case (since it's the one I'm most familiar with - someone else could fill us up on the other manufacturers), they are handling this as a "Hardware acceleration level". Level 1 is just traditional CTF. Level 2 is traditional CTF + FA. One coming product that does support both levels will have to downgrade from Level 2 to Level 1 when one of the new features they are adding will be enabled.
One thing I do not know however is what kind of performance impact FA has on a router. Traditional CTF was already able to push things fairly close to gigabit speed with a minimal CPU impact.
(disclaimer: most of this is based on my own experience over the years. Due to the blackbox nature of CTF, I might not be 100% correct on all of this, so if anyone has any additional detail or corrections, feel free to share)