Asus RT-AX88U Pro - Traffic Analyzer Causing limits in download speed

[The_Bishop]

This has been something I've been beating my head against for a long while.

I've got 2Gb service from Xfinity. My own modem (Arris S34) connected to the AX88U Pro on the 2.5Gb port, my PC is hard wired via a 2.5 switch connected to the 88U Pro. 2.5 network card in said PC.

If I run a cable directly to the modem from my PC, I get 2.1-2.2 very reliably. Through the previously configured router I get 1.4-1.5.

I just did a complete wipe of the router to install the latest 3006.102.5 firmware. Factory reset in the router web interface, install the new firmware, reboot router, WPS button reset, reboot router, factory reset via web interface. Yeah, it's probably overkill but I'm trying to eliminate any variables (been having strange wifi/router crashes on latest 3004, no additional addons just Merlin).

So, long way around to my point. I did a basic config of the router to get the Wifi up so family will quit complaining. Run a speed test from my PC, and I'm getting 2.1-2.2. Great! Apparently is was some prior firmware oddness.

I start adding in the services I previously used. First up is the AIProtection. (I have a teen that's not the brightest about staying away from sketchy sites despite numerous discussions) Since I'm curious, I run a speed test. All good. Next up is the traffic analyzer. I use this to see if my teen is staying up to 4am on her PC using discord. Another speed test. Suddenly down to 1.5gbps. Curious, I disable traffic analyzer and re-test... Speeds back to 2.1-2.2.

Well, now I know what's causing the slowdown and I'm assuming it's CPU bound in the router which is slightly disappointing. During the speed test Core 1 (of 4) hits 96% utilization. Surprised the load isn't spread/more balanced.

The tests were all done at the same server to avoid that variable.

Should I consider a newer router so I can use all the features I would like to without the slowdown?

Traffic Analyzer on:

Traffic Analyzer off:

 

[OzarkEdge]

Well, now I know what's causing the slowdown

Does anyone using the network complain about a slow down?

OE

 

[bbunge]

What do you get with Asus firmware?

 

[John Fitzgerald]

AiProtection speed tax. The extra features you use come at a cost.
Well documented.

 

[The_Bishop]

Does anyone using the network complain about a slow down?

OE

When the traffic is heavy (Multiple streams, gaming, etc) yes, the slowdowns and latency get pretty noticeable.

 

[The_Bishop]

AiProtection speed tax. The extra features you use come at a cost.
Well documented.

Funny thing is AiProtection doesn't cause it. The only thing that causes the slowdown is the Traffic Analyzer.

 

[The_Bishop]

What do you get with Asus firmware?

I was going to load up the Asus firmware, but opted to stick with the Merlin version for my jump to 3006.

 

[Tech9]

When the traffic is heavy (Multiple streams, gaming, etc) yes, the slowdowns and latency get pretty noticeable.

You can do all this on 200-300Mbps ISP line.

 

[Justinh]

And this is cable (not fiber)? I believe with cable things can get slower depending on what your neighbor cable users are doing (time of day usage patterns).

 

[The_Bishop]

It is cable, but the tests comparing Traffic Analyzer being on or off were done back to back making this less likely.

 

[The_Bishop]

You can do all this on 200-300Mbps ISP line.

Possibly but sometimes I need to move large (multi-gigabyte) files between external servers and my PC hence the 2 gig plan I have. It would be nice if I could use all of my bandwidth to do so.

It's irrelevant in the bigger picture. My point was and is that having traffic analyzer enabled becomes speed limiting on my current router, and I was asking if anyone else had one of the higher end asus routers that could deal with the traffic analyzer being active without slowing down the actual data being moved.

 

[Seth Harman]

If you're concerned about time of use why not just use Time Scheduler under parental controls to block devices between certain hours?

 

[degrub]

In the ASUS world, you might have to go to a BE class with a 10G WAN port to get a faster processor to reduce the speed reduction from running traffic analyzer on the router. Or you could run a separate device off a switch that copies all the traffic from the WAN stream to another port on the switch that is connected to the packet sniffing device. If the traffic is just from one set of users, you could intercept the packets on the LAN side if they are not connecting over wifi to the main router.

Or if there is a QOS rule that allows your IP address to get, say 90 % of the available bandwidth....

 

[Tech9]

becomes speed limiting on my current router

All home routers rely heavily on NAT acceleration techniques. Your router has few levels some of which are incompatible with specific firmware options and get disabled automatically. If you enable Bandwidth Limiter on any network for example the WAN-LAN throughput will go down to ~450Mbps. This is what the CPU can process. Routing is on single CPU core, no multi-tasking. Even if you update the router to current high-end models - the situation won't change much. Keep in mind home routers are passively cooled devices and power efficiency is top priority. This is not a design flaw, but a balance between power and performance. What you see in specifications is "up to" and not guaranteed. Top performance only in light configuration with TrendMicro components disabled.

My Ubiquiti Gateway with ARM CPU has similar limitations. With enabled SQM, IPS, limiters, etc. can't do above 450Mbps WAN-LAN.

 

[CaptainSTX]

This has been something I've been beating my head against for a long while.

I've got 2Gb service from Xfinity. My own modem (Arris S34) connected to the AX88U Pro on the 2.5Gb port, my PC is hard wired via a 2.5 switch connected to the 88U Pro. 2.5 network card in said PC.

If I run a cable directly to the modem from my PC, I get 2.1-2.2 very reliably. Through the previously configured router I get 1.4-1.5.

I just did a complete wipe of the router to install the latest 3006.102.5 firmware. Factory reset in the router web interface, install the new firmware, reboot router, WPS button reset, reboot router, factory reset via web interface. Yeah, it's probably overkill but I'm trying to eliminate any variables (been having strange wifi/router crashes on latest 3004, no additional addons just Merlin).

So, long way around to my point. I did a basic config of the router to get the Wifi up so family will quit complaining. Run a speed test from my PC, and I'm getting 2.1-2.2. Great! Apparently is was some prior firmware oddness.

I start adding in the services I previously used. First up is the AIProtection. (I have a teen that's not the brightest about staying away from sketchy sites despite numerous discussions) Since I'm curious, I run a speed test. All good. Next up is the traffic analyzer. I use this to see if my teen is staying up to 4am on her PC using discord. Another speed test. Suddenly down to 1.5gbps. Curious, I disable traffic analyzer and re-test... Speeds back to 2.1-2.2.

Well, now I know what's causing the slowdown and I'm assuming it's CPU bound in the router which is slightly disappointing. During the speed test Core 1 (of 4) hits 96% utilization. Surprised the load isn't spread/more balanced.

The tests were all done at the same server to avoid that variable.

Should I consider a newer router so I can use all the features I would like to without the slowdown?

Traffic Analyzer on:
View attachment 68082

Traffic Analyzer off:
View attachment 68081

I can confirm what you are seeing is correct. I have the same router as you as well as 2 gig service from Comcast/Xfinity. If I run a speed test on the router I consistently get download speeds in excess if 2 gigs with either traffic monitoring statistics on or off. If I test on a PC (1 gig LAN Port) connected to the router with Ethernet I get a significantly lower download speed if traffic monitoring is enabled. No impact on upload speeds.

 

[The_Bishop]

All home routers rely heavily on NAT acceleration techniques. Your router has few levels some of which are incompatible with specific firmware options and get disabled automatically. If you enable Bandwidth Limiter on any network for example the WAN-LAN throughput will go down to ~450Mbps. This is what the CPU can process. Routing is on single CPU core, no multi-tasking. Even if you update the router to current high-end models - the situation won't change much. Keep in mind home routers are passively cooled devices and power efficiency is top priority. This is not a design flaw, but a balance between power and performance. What you see in specifications is "up to" and not guaranteed. Top performance only in light configuration with TrendMicro components disabled.

My Ubiquiti Gateway with ARM CPU has similar limitations. With enabled SQM, IPS, limiters, etc. can't do above 450Mbps WAN-LAN.

I had previously been running Ubiquity hardware and ran into hard speed limits on 1Gb service. Also kept running into various instabilities, which led to me saying 'screw it' and moving to the asus routers.

Seems as if consumer internet speeds are outpacing the capabilities of consumer grade routers, which is unfortunate.

 

[The_Bishop]

I can confirm what you are seeing is correct. I have the same router as you as well as 2 gig service from Comcast/Xfinity. If I run a speed test on the router I consistently get download speeds in excess if 2 gigs with either traffic monitoring statistics on or off. If I test on a PC (1 gig LAN Port) connected to the router with Ethernet I get a significantly lower download speed if traffic monitoring is enabled. No impact on upload speeds.

See, now the funny part is I always get inferior speed test results on the router vs. my PC. I have a 2.5 connection from the router to the modem, and a 2.5 connection from the router to my PC. I just tried with all the Ai protection and traffic analyzer off, and on my PC I'll get 2.2+Gbps. The router's speed test, at the same server, won't break 300mbps.

 

[degrub]

Did you unsubscribe / disallow license as well (i forget the term they use) ? You have to do that as well as turn it off to get speed back.

And since the router is using CPU to run the speedtest code, it is not giving a real result. Capable PC on router LAN port is what you have to do. Of course, the LAN port on both devices has to be capable of the full bandwidth.

 

[The_Bishop]

Did you unsubscribe / disallow license as well (i forget the term they use) ? You have to do that as well as turn it off to get speed back.

And since the router is using CPU to run the speedtest code, it is not giving a real result. Capable PC on router LAN port is what you have to do. Of course, the LAN port on both devices has to be capable of the full bandwidth.

Yes, I did and yes, I'm also aware of the router CPU limitations.

 

[degrub]

Almost sounds like NAT hardware acceleration got turned off or not used in the speedtest.
Is any QOS in use ?