AC68w/u 1000mhz - Reasonable expected routing speeds?

[butter_fry]

This is a question about the ac68 routers (with the newer 1ghz processors) and speeds.
I'm in Seattle and one of the ISPs are rolling out some gigabit FTTH in my neighborhood. I eagerly signed up of course, but its caused me to take a look at my infrastructure. Like I said above, I've got a newer ac68 at home where the connection will be, but also I've got another at my business with a VPN between the two.

So the question I've got is, do any of you have an ac68 with a full gigabit connection and how do you find the general performance?

Seeing that my current max upload is 20mbit through my cable company and the CPU hits ~25% peak with the VPN saturated i can surmise that a 1000mbit VPN will pin it. I can deal with a bit less speed over the VPN, but when say streaming a movie or copying a large file I get worried that it will nearly take down the network because of CPU saturation. I wish there was a way to limit OpenVPN CPU usage (maybe there is?)

Also my guess is pretty much any consumer router won't be able to do the VPN at those speeds, I'm willing to offload the VPN to one of the servers though, so that is an option.
Thanks for any responses.

 

[butter_fry]

...And I know this isn't merlin FW sepecific but I am running and have been running his code for years on my routers. I know he's done a bunch of OpenVPN work recently so I figure that it would be best to stick it in this sub forum. Like i said, i expect to have to offload the VPN connection to a proper server anyhow. I'm mostly interested to find out if it is reasonable to expect the ac68 to handle these speeds generally on the internet side.

 

[ColinTaylor]

Have you seen this: http://www.smallnetbuilder.com/wire...etgear-r7000-a-asus-rt-ac68u?showall=&start=1

 

[butter_fry]

Have you seen this: http://www.smallnetbuilder.com/wire...etgear-r7000-a-asus-rt-ac68u?showall=&start=1

I did, but that was also from 2013 (and with the slower BCM4708A processor) and I know quite a bit of work has been done with the software side of things since then. I know this unit is on the edge of feasibility, but was hoping for some recent first-hand accounts.

 

[agilani]

This is a question about the ac68 routers (with the newer 1ghz processors) and speeds.
I'm in Seattle and one of the ISPs are rolling out some gigabit FTTH in my neighborhood. I eagerly signed up of course, but its caused me to take a look at my infrastructure. Like I said above, I've got a newer ac68 at home where the connection will be, but also I've got another at my business with a VPN between the two.

So the question I've got is, do any of you have an ac68 with a full gigabit connection and how do you find the general performance?

Seeing that my current max upload is 20mbit through my cable company and the CPU hits ~25% peak with the VPN saturated i can surmise that a 1000mbit VPN will pin it. I can deal with a bit less speed over the VPN, but when say streaming a movie or copying a large file I get worried that it will nearly take down the network because of CPU saturation. I wish there was a way to limit OpenVPN CPU usage (maybe there is?)

Also my guess is pretty much any consumer router won't be able to do the VPN at those speeds, I'm willing to offload the VPN to one of the servers though, so that is an option.
Thanks for any responses.

Can't speak for gig speeds, but I can easily get 250 down / 25 up on my rt-ac68p running at 1ghz. I haven't tried throughput on vpn. At those speeds one core is pegged at 40% and the other is pegged at 15%.

 

[butter_fry]

Can't speak for gig speeds, but I can easily get 250 down / 25 up on my rt-ac68p running at 1ghz. I haven't tried throughput on vpn. At those speeds one core is pegged at 40% and the other is pegged at 15%.

Yeah... that is the part that worries me. 40% * 4 = 160%CPU. I know it doesn't really scale like that, but throw in wireless processing overhead and other router functions.. It is really looking like i'll be maxing this thing out no matter what. It might be time to start looking at a dedicated hardware routing solution and relegate the consumer router to wireless.

 

[pete y testing]

Yeah... that is the part that worries me. 40% * 4 = 160%CPU. I know it doesn't really scale like that, but throw in wireless processing overhead and other router functions.. It is really looking like i'll be maxing this thing out no matter what. It might be time to start looking at a dedicated hardware routing solution and relegate the consumer router to wireless.

yup its pretty simple as at this stage there are no domestic grade routers capable of the wan to lan speed you are talking about , see the link below

http://www.smallnetbuilder.com/tools/charts/router/view

the figures posted are with pretty much all router and qos functionality bypass and is really just a reference of the pure wan - lan throughput capability , when the other features are re enabled depending on many factors you can expect much lower results , but the question remains what are you going to connect to that could even possibly give you the actual speeds anyway , just because your pipe is 1 gig doesnt mean anything else you connect to is , its a bit like having a Bugatti Veyron and driving it on any speed limited road in the world sure it can do 269.86mph if it was allowed but its not and cant

even if you get yourself a home gateway type box with server software and bucket loads of ram you are still going to be restricted to what you connect to , also even the giga ethernet is going to struggle with that speed , if it where me i would just pay less and get say the 500M speed plan and it would still be as fast for almost everything

 

[butter_fry]

yup its pretty simple as at this stage there are no domestic grade routers capable of the wan to lan speed you are talking about , see the link below

http://www.smallnetbuilder.com/tools/charts/router/view
........ 500M speed plan and it would still be as fast for almost everything

Yup, I get that, I am under no illusion that I'll never really see the true speed of it. I've even considered wrapping the entire thing in a tunnel. With that much to spare, who cares right?
The scenario that would push it is accessing storage from the house, where that new connection would be. Editing video/Photos over that with a near LAN type speed. For sure the VPN would need to be offloaded. Pulling large files with the 100m business connection (yeah ok that is only 10% of the full 1g) while still having enough CPU on the router for the rest of the employees/multi tasks. I don't think anything would drive me nuts more than not being able to use the network while copying a file.

thanks for that link.. that'll help. I'm surprised the dedicated Cisco and ERlite aren't more efficient. I guess i'm not worried about that last Mbit either, that isn't the point. I just want something with enough overhead to deal with normal network/wireless traffic as well. I think the point of this thread has been reached though, i need to come up with something a bit more robust than the ac68's.

 

[RMerlin]

The RT-AC68U can reach close to gigabit performance (I've seen quite a few speed tests hitting 800-900 Mbps with it), as long you make sure that NAT acceleration is kept enabled. Some features are not compatible with it, so NAT acceleration gets disabled when you enable these (for instance, IPTraffic).

VPN performance on an RT-AC68U will cap at around 50 Mbps with an AES-128-CBC tunnel. Expect performance to drop even more if using a stronger cipher.

 

[Dixit]

I have a AC68P (similar and same CPU speed) and I have an ATT Gigabit fiber coming to the house. Gigabit up and down. I have the latest 380.58 firmware and Im able to basically saturate the gigabit both up and down practically as per this speedtest. Here is one taken just 4days ago for me.



Only issue I have, is the VPN performance, I know RMerlin just mentioned best will be 50Mbps, is the main issue CPU limitations there? Id love to get at least say 100-200Mbps via the VPN, not sure if that is simply not possible. Ive tried quiet a bit of different variations of settings and ciphers and can never get anywhere near a decent amount.

Dixit

 

[butter_fry]

Dixit
that's great, just the type of question i had. thanks!

As for the VPN, 100-200 would make me thrilled but i'd never expect that much. It is all about the CPU from my understanding and there isn't a consumer grade router that has the horsepower to come even close. Perhaps you can offload that to a server instead?

 

[Dixit]

Ive thought about it, but would rather have an appliance, been thinking about the Unifi USG device, but im not a fan of it due to a lot of complaints about its GUI and a lot of bugs. Might have to keep looking.

Dixit

 

[RMerlin]

Only issue I have, is the VPN performance, I know RMerlin just mentioned best will be 50Mbps, is the main issue CPU limitations there?

Yes. These routers have no hardware-based acceleration for encryption, so they are limited by raw CPU performance.

Sent from my Nexus 9 using Tapatalk

 

[Rango]

Butterfly for vpn speeds check out this thread mate. This topic has been deeply explored by me in spectacular lol

Max 60Mbps on aes-128

http://www.snbforums.com/threads/sp...cryptions-help-by-sharing-your-results.30506/

 

[butter_fry]

Nice, thx rango....err wait, just read it. That first page was semi useful, but the rest it wend down a rabbit hole of VM/PFSENSE/Networking/Comcast/Powerusage.....

I think I got it.. 50-60mbit is to be the expected CPU limit for AES-128 encryption @ 1ghz cpu. Too slow for me. It would be easier to walk home, copy the file to my USB drive and walk back to the office. Time to look at some sort of dedicated solution.

PFSense - Yeah sure, but like rango found out build small or the power bill will get you. Build big enough to do what you need to do though.
ERouter - mmm seems like the best AIO solution:CPU horsepower ratio. The price is right but it also seems you get what you pay for. the Lite version seems to last about a year.

 

[Dixit]

I think I got it.. 50-60mbit is to be the expected CPU limit for AES-128 encryption @ 1ghz cpu. Too slow for me. It would be easier to walk home, copy the file to my USB drive and walk back to the office. Time to look at some sort of dedicated solution.

I actually just tested this. Put it on AES-128-CBC mode. Went to a different ISP (Comcast), installed OpenVPN client on that Windows7 machine. Connected back to the Asus AC68P, and transferred a file through Windows share. I looked at the Traffic Analyzer in Asus, and saw it go from 7KBs/sec idle to about 6700-7000KB/sec. That's about 56Mbps. Windows showed the actual speed around 5.7MB/sec (Which is more around 45.6Mbps). I looked at the CPU and CPU#2 was basically hovering between 79-95% mainly. So it seems like it was basically pegged. So not going to get anymore than this rate as its been discussed unless its offloaded.

Dixit

 

[butter_fry]

So just to wrap this up for posterity and those walking this path in the future. In regards to a stock ac68 and routing speeds. It seems to handle the full 1 gbit connection just fine. Testing is a bit tough because these kinds of speeds are on the edge of what can be accurately tested these days. But I'm not counting after 700mb/s which seems to be the fluctuation depending on the time of day. Before dawn I get the full 900+ but as the world wakes up things start bouncing up and down a few 100mbit. *gasp*

As for VPN Merlin was exactly correct. I average out at about 50mbit on my site to site with 128aes openvpn. CPU is the limitation.

I've considered a bit of a router CPU overclock but I can't see that as bringing much return. Ok maybe a few more mbit on that vpn, but honestly that's a few seconds less per 100MB of file transfer. These kinds of speeds really demand a new class of routing device that really hasn't emerged out of the tinker community (ubiquity et al) yet.