(Asus) Router settings for web server

[phil55]

Hi all,

I'm running a small webserver behind an Asus RT-N66U router on a residential cable connection. I'm wondering if it's possible to optimize the router configuration for better WAN latency.

Which features I should disable/enable to improve HTTP/HTTPS response times? Specifically for the Asus router or in general. Obvious features like WPS have been disabled, and firewall and DoS protection remain enabled... Beyond that, I'm not quite sure (NAT, IPv6, QoS, DNS, etc.)

Note that I use the OpenVPN server to connect remotely.

I can give more details about the server, network, connection, etc. However I was looking at performance improvements on the network level, specifically the router, since the modem is in bridged mode and there isn't any other hardware between the server and the internet.

Thanks

 

[roguetr]

I think the OpenVPN overheads, especially on that router and a restrictive cable upload speed are probably the only things that might affect latency.

What sort of latency were you experiencing? Have you monitored the load on the router with/without OpenVPN? With cable, outbound saturation is usually more of an issue (well here it is).

Really though, with enough bandwidth and CPU cycles, nothing should really be affecting a web server behind a router.

Sent from my MI 5 using Tapatalk

 

[ColinTaylor]

Unless your web server is getting a lot of traffic the overhead added by the router will be negligible. I think you're trying to fix a problem that doesn't exist.

 

[phil55]

There isn't really a "problem".

I recently upgraded the hardware (cpu, ram, SSDs) and increased the upload bandwidth with my ISP, for little to no improvement in time to first byte.

So I'm looking everything over...

The VPN is only connected occasionally. The load times vary a lot depending on whether the connection is primed (cached, DNS, SSL, page cache and everything else). That being said, when everything is at peak, it seems that the initial connection time is the longest. Which is probably due to the cable internet connection, still I thought the router was worth investigating.

I have an RT-AC68U on hand so I will try swapping it out the next time I'm in contact with the network.

 

[CaptainSTX]

Are you using the VPN server on your router to connect to your web server?

The N66 is low on processor power for running a VPN server. It will work if you only need to look at smaller files remotely when traveling but with the low upload speeds from many ISPs plus the load the VPN puts on the processor it will be a slow go. The AC68 with the overclocked 1200Mhz processor will certainly be better.

 

[phil55]

Are you using the VPN server on your router to connect to your web server?

Yes, specifically the OpenVPN option. The server is always enabled, but I connect to it maybe once per week for a few minutes.

I'm not sure what is the overhead when enabled but disconnected. I find it convenient to access the network via VPN as opposed to exposing the SSH port to the internet.

Perhaps I should invest in a proper machine to do VPN duties. I will test the AC68U as well as the N66U with and without the VPN server enabled, when I have physical access.

Thanks

 

[CaptainSTX]

Well with the AC68 you have a dual core processor. With Merlin's firmware he has arranged it so that VPN clients 1,3,5 run on the core that isn't handling the router's main functions. I haven't used a VPN server enough to know if the same is true for a server or if it works the same on stock ASUS firmware,

I do knowthat when running an open VPN client and uploading or downloading files using the VPN tunnel it jumps my processor useage up to 60-70% and I'm using an AC1900P with a 1400Mhz processor. When the router isn't doing much or anything the processor load is almost nil on both cores.

In theory it would seem that the AC68 should be twice as fast as the N66 since the you have two processor cores and their speed is 2X the N66, As you said you will need to run your own tests as your results may very.

When you are testing, see what happens if someone is streaming Netflix on a device on your LAN and you then come into your router using a VPN tunnel from the WAN.

 

[roguetr]

"to first byte", are you implying subsequent interaction seems acceptable?

When initial interaction is slow it's typically a DNS issue. Does using the IP address have the same delay?

Most comments including my own suggest OpenVPN + underpowered router or nothing at all.

If it's not the router then maybe it's OpenVPN itself. Are you using a name to resolve the IP of the webserver? If so have you tried a hosts entry instead? Do you use the VPN as gateway?

Sent from my MI 5 using Tapatalk

 

[roguetr]

Ping tests and traceroutes with and without DNS resolution wouldn't hurt. Also if you're using 2048 bit, drop it to 1024.

Sent from my MI 5 using Tapatalk

 

[phil55]

Just an update... I tried several things:

Replaced the N66U with an AC86U for no real difference in initial connection time and responsiveness. Unfortunately, I had reliability issues with the AC86U (latest firmware).

I switch DNS providers, as suggested by @roguetr, from Namecheap (free DNS) to Route 53 (Amazon web services) and gained about 100 ms-- which is considerable.

Then, I decided to migrate completely to AWS (free tier EC2/RDS) and the connection time is actually quite comparable, perhaps 30~40 ms faster.

The biggest impact on connection time I found is SSL negotiation. It adds upwards of 100 ms on both AWS and my home setup. My home setup is quite beefy compared to the free tier AWS virtual machines, but the residential cable / Asus router just doesn't cut it in terms of bandwidth and reliability.

VPN will be missed.