How To Find The Best Router For Gigabit Internet

[sfx2000]

What is "loaded" about the statement? If I'm wrong, I'm offering to update the article.

I meant in in a positive way - OpenVPN has a lot of overhead, but L2TP/PPTP have less, and there are the closed source solutions for SSL/VPN that might, or might not, be fast...

I don't think there is a correction needed...

 

[L&LD]

However, this little exercise has shown I need to expand SmallNetBuilder's router testing to move beyond default configurations and do some poking to see if commonly used features knock down throughput. Look for testing like this to be included in the new router test process that is coming soon.

Tim, your quote above has me quite excited for upcoming reviews!

Will you possibly be retesting some of the older/current models too?

 

[thiggins]

Will you possibly be retesting some of the older/current models too?

Well, I already did retest some for this article. But, yes, I will retest some.

 

[TheLostSwede]

Tell me which consumer routers can handle gigabit wire speed and I'm happy to update the article.

My point is that it's unfair to blame "ARM processors" and claim that you need an x86 processor to achieve wire speed VPN performance. This is not true. As to how the router manufacturers decide to implement the features available on the other hand, is not down to me. As far as I know, there aren't many consumer based x86 routers either, right?

 

[somms]

FWIW: Tim's test result is consistent with where the download throughput caps out on the R7000 running Shibby's tomato v138 with CTF enabled over my gigabit FTTH so this seems it is a hardware rather than any firmware limitation. With CTF disabled the R7000 running tomato only achieves @300MBps up/down !

 

[RMerlin]

Sorry, I'm confused. The tests show that port forwarding does NOT reduce throughput, with the possible exception of one case.

Yes, that's why I'm surprised by the results, as I did not expect that.

I tested the smart/ adaptive mode with all four categories checked. I don't have my test notes with me right now, so sorry I'm not being exact.

Thanks, that answers my question. Adaptive QoS is able to work while HW acceleration is enabled, so your results are in line with what I would have expected.

The only difference in the four categories are which priority is allocated to which type of traffic.

 

[sfx2000]

My point is that it's unfair to blame "ARM processors" and claim that you need an x86 processor to achieve wire speed VPN performance. This is not true. As to how the router manufacturers decide to implement the features available on the other hand, is not down to me. As far as I know, there aren't many consumer based x86 routers either, right?

Alpine, some upcoming Marvell, and then we have China (Allwinner, Rockchip, Mediatek, Spreadtrum) with their ARM's on a kit... current state of ARM's in consumer gear is mostly really old Cortex-A9's - and yes, we have a couple of QCA Snapdragon's, but they're ARMv7 Cortex-A9 equivalents)

Consumer Gear on X86 - Qnap has announced a really nice product around their SoC, and we have the Roqquos device (which would be nice to see a review).

I'm thinking Tim's article does point out, and perhaps the intent, is that we're running into a wall with current SoC's - there are some shortcuts, and some of those shortcuts pay off really well, but at a cost...

 

[thiggins]

Yes, that's why I'm surprised by the results, as I did not expect that.

Got it. Sorry I misunderstood. I was going to check one of the older Broadcom-based routers reported to reduce throughput with forwarded ports. But I got rid of all of them.

 

[thiggins]

My point is that it's unfair to blame "ARM processors" and claim that you need an x86 processor to achieve wire speed VPN performance.

So what off-the-shelf ARM board/box can someone throw Pfsense, DDwrt or something else on and get a Gigabit VPN?

 

[TheLostSwede]

Alpine, some upcoming Marvell, and then we have China (Allwinner, Rockchip, Mediatek, Spreadtrum) with their ARM's on a kit... current state of ARM's in consumer gear is mostly really old Cortex-A9's - and yes, we have a couple of QCA Snapdragon's, but they're ARMv7 Cortex-A9 equivalents)

Consumer Gear on X86 - Qnap has announced a really nice product around their SoC, and we have the Roqquos device (which would be nice to see a review).

I'm thinking Tim's article does point out, and perhaps the intent, is that we're running into a wall with current SoC's - there are some shortcuts, and some of those shortcuts pay off really well, but at a cost...

Mediatek is Taiwanese, not Chinese (and Realtek for that matter), but have so far not had anything that can offer good VPN performance as they've focused on the entry/low-end of the router market. The MT7623 should in theory be able to offer wire speed VPN as it has a 1Gbps crypto engine which according to their datasheet can deliver 1Gbps IPSec throughput. Can't say I've seen any routers based on the MT7623 as yet though.

AllWinner and Rockchip doesn't offer any kind of CPU offloading/additional processing for the network and does in general not have amazing Ethernet performance, although based on a project I'm working on, with a few tweaks it's possible to get near maximum Gigabit speed with the AllWinner Hx series of processors. Obviously a lot of this depends on the board design as well and no, it wouldn't work with VPN enabled.

Are you talking about the QNAP QBoat? http://www.cnx-software.com/2017/01/08/qnap-qboat-sunny-development-board/
Isn't that using the same processor core as the Puma 6 which Arris is using in their buggy cable modems that end up having lag spikes because it's not fast enough (and doesn't do offloading on a dedicated DSP) for Full Spectrum Frequency Capture?

The Roqquos is highly unlikely to do full wire speed VPN as well, although it is a quad core Atom (from 2013) so maybe it has enough processing power, but I actually doubt it. As you say, it would be interesting to see some tests, as they make some bold claims for what looks like a very odd piece of hardware.

 

[TheLostSwede]

So what off-the-shelf ARM board/box can someone throw Pfsense, DDwrt or something else on and get a Gigabit VPN?

Unfortunately no, at least not any I know of. The problem is that the SoC manufacturers tend to keep the offload processor/DSP close to their chest and you need special software from them to enable it. This is not publicly available and there's no way to utilise that part of the processor without said code. I know Buffalo made a VPN router (wired only) based on the Cortina CS7542 that could hit 100Mbps over VPN, but it seemingly only sold in Japan. Yes, that's not wire speed, but it's faster than 50Mbps.

Again, this comes back to manufacture product differentiation and until more consumers demand good VPN connectivity on their routers, it's unlikely to change.

 

[sfx2000]

Are you talking about the QNAP QBoat? http://www.cnx-software.com/2017/01/08/qnap-qboat-sunny-development-board/
Isn't that using the same processor core as the Puma 6 which Arris is using in their buggy cable modems that end up having lag spikes because it's not fast enough (and doesn't do offloading on a dedicated DSP) for Full Spectrum Frequency Capture?

Not the QBoat - which is an interesting board, without a doubt... I'd like to get my hands on one...

It's also not the Puma6 - that was... well, something...

No, QNAP showed a consumer oriented device over in the Intel booth - The TGX-150, which uses a much newer small-core Intel chip - main site mentioned it here -- https://www.smallnetbuilder.com/other/ces/ces-2017/33058-qnap-ces-2017-announcements

Intel has also done a CSP gateway - targeted towards Gb connectivity...

http://www.intel.com/content/www/us/en/connected-home/anywan-grx750-home-gateway.html

Both of these are built off the GXR750 chip - numbers look good...

Unlike the C20xx/C30xx chips, this is a very focused GW chipset...

(not saying that C20xx/C30xx is bad, but the GXR750 is a dedicated router SoC purpose built for this market)

 

[sfx2000]

Mediatek is Taiwanese, not Chinese (and Realtek for that matter), but have so far not had anything that can offer good VPN performance as they've focused on the entry/low-end of the router market. The MT7623 should in theory be able to offer wire speed VPN as it has a 1Gbps crypto engine which according to their datasheet can deliver 1Gbps IPSec throughput. Can't say I've seen any routers based on the MT7623 as yet though.

AllWinner and Rockchip doesn't offer any kind of CPU offloading/additional processing for the network and does in general not have amazing Ethernet performance, although based on a project I'm working on, with a few tweaks it's possible to get near maximum Gigabit speed with the AllWinner Hx series of processors. Obviously a lot of this depends on the board design as well and no, it wouldn't work with VPN enabled.

China/Taiwan - it's all one China at the end of the day

Little bit of history with Mediatek - When intel sold off ARM business to Marvell - Qualcomm grabbed the ARM guys, Mediatek grabbed the modem guys - and that's how we got to where we are now... there's a lot of Xscale inside Snapdragon, and there's a lot of the Bullverde modem in Mediatek - while MediaTek is a RoC company, I've always viewed them where their key business is - Shenzen... Most recently, Mediatek's jump into the network realm is mostly due to their acquisition of Ralink...

Granted AllWinner is focused on one area, and this is not routing - they have a nice cipherblock in the chip, but nothing to back it up for networking, mostly focused on end-point, e.g. Set-Top boxes and 3rd screens...

Realtek - not known strongly for App processors - they've gotten some good ground on the low-end NAS and STB markets lately... and they get networking

What I like about Allwinner and Realtek is that you can deal with them pretty easily - they want to sell chips at the end of the day... And one can buy them on the spot market in Shenzen without an NDA... try that with Marvell, Broadcom, QCA, Mediatek, or Intel these days - almost impossible unless you know someone...

Anyways - on the low end - the most interesting chips I see are the Intel GRX750 and the Alpines - and once we see what Marvell has brought forth with their ARMv8 big cores...

(I've had a couple of days with their 8040 board from SolidRun - it's a beast...)

I guess what I'm getting at is that the current ARM's - they're basically not up to the task without some secret sauce - and that secret sauce also applies to the upcoming chips...

 

[sfx2000]

Granted AllWinner is focused on one area, and this is not routing - they have a nice cipherblock in the chip, but nothing to back it up for networking, mostly focused on end-point, e.g. Set-Top boxes and 3rd screens...

And fwiw - I don't know of any other vendor that can do a 4K STB at 30FPS - 1GB RAM/8GB eMMC at less than $35USD other than Allwinner right now - that's not just the chip, that's the entire delivered platform - the H3 does this... amazing stuff...

I'm not sure how they do it, but they do... and they're making money at it.

 

[TheLostSwede]

Realtek used Lexra RLX cores in a lot of their SoC, as they own the IP, so there is no cost to them to do so. Lexra RLX is MIPS derived, just not as good and not up to date.
However, they seem to be moving to ARM more and more and products like the RTD1295 looks interesting, but so far has only made it into video players, which is a bit odd, as it could be used for just about anything, including a NAS or router.
It would not make a good VPN router though.

Mediatek on the other hand doesn't seem to focus much on the router market any more, but the MT7623 looks like it could be a serious contender as I mentioned above.

Banana Pi is working on a router board based on said chip - http://www.cnx-software.com/2017/01...ocessor-comes-with-5-gbe-ports-sata-and-more/
Sadly they don't seem to understand how to make a router board, but hey...

 

[System Error Message]

all these dedicated hardware solutions do have a limit you know. For example the crypto engine can only do so much 256bit AES before it tops out and we dont know if it is affected by frequency, bottlenecked by bandwidth either.

Realtek's SoC has the FPU not part of the CPU so it will be slow at math, not that float math is important for routers but it would depend on what else is running on it. However it does have a GPU so perhaps that can help for any float math or encryption too. Also the video/audio engine will not use the CPU if the format follows what the hardware supports otherwise like in many PCs relies on the CPU.

mediatek's SoC looks decent (3 PCIe lanes) but is outdated as it has only 2Gb/s hardware NAT with 1 CPU connected port (potential for dual WAN but still 1Gb/s) and half the speed for crypto which means it cannot keep a 2Gb/s (1Gb/s symmetrical) with PPP. The CPU seems to be good though.

None of the SoC support more than 2 CPU connected ethernet ports.

 

[sfx2000]

Realtek's SoC has the FPU not part of the CPU so it will be slow at math, not that float math is important for routers but it would depend on what else is running on it. However it does have a GPU so perhaps that can help for any float math or encryption too. Also the video/audio engine will not use the CPU if the format follows what the hardware supports otherwise like in many PCs relies on the CPU.

The Realteak SoC has the FPU internal - it's part of the ARM Cortex-A53... and running in Aarch64, it can post some very interesting numbers... This chip in particular, is more oriented towards the Set Top box with the GPU/Audio stuff hanging out there... FWIW - I believe both QNAP and Buffalo have introduced some low-end NAS boxes with this chip.

The Mediatek - it does look a bit data with Cortex-A7 - but it's still a nice little chip - ex-Ralink (Ralink was a MIPS shop primarily) - in any event, Mediatek does have other chips that are, perhaps, more capable than this one. In any event, they do perform well, and the internal buses on the Mediatek/Ralink designs are flexible and fast.

As far as Banana-PI - their first board (Allwinner based) was kind of a challenge, the Mediatek board does seem to be much more thought out and addresses many of the weaknesses of the Allwinner board - challenge for SinoVoIP is pricing (Mediatek is on the spendy side compared to AllWinner) and software support - which on the SW side tends to be more community driven directly...

 

[sfx2000]

Realtek used Lexra RLX cores in a lot of their SoC, as they own the IP, so there is no cost to them to do so. Lexra RLX is MIPS derived, just not as good and not up to date.

Lexra was an interesting story - They built an RTL core that used MIPS instructions minus four particular items specifically covered by MIPS patents... and they licensed it to pretty much everyone - which put them in serious trouble with MIPS...

Long story short, they did good stuff - and the exit for Lexra - MIPS bought their IP...

http://probell.com/lexra/

Longsoon over in China did something similar, working around the same 4 instructions that Lexra did... eventually they also became a MIPS licensee at some point after the initial Godson introduction to production.

Anyways - Realtek did build upon the Lexra IP, but I would consider them to be a lexra variant - they did some good work there, but again, derivative...

 

[System Error Message]

actually what i was asking is that if the FPU was shared by all 4 cores similar to how AMD bulldozer does the same, 2 cores sharing the SSE and FPUs as with architectures like ARM and MIPS the FPU is an optional component as are some other units as without it the numbers are handled via software through the use of other units.

i do wish these SoC manufacturers would put more PCIe 2.0 lanes at least and perhaps a little more into it. I want to see at least 4 lanes and some things they include in non x86 PC/mobile based SoCs such as both flash and sata. Even tilera's SoC has 8 Pcie lanes, flash, sata and plenty of cpu connected ports and other things though lacking usb3 but also comes with full dual channel DRAM controllers as well. You can never have too many peripheral connectors as that means you only need 1 design for a wide number of products or you could do what was done in the old days and have a chip (like the northbridge and southbridge for x86) to handle ethernet, audio, sata and all other peripherals and connect to the CPU via a wide main bus

 

[sfx2000]

actually what i was asking is that if the FPU was shared by all 4 cores similar to how AMD bulldozer does the same, 2 cores sharing the SSE and FPUs as with architectures like ARM and MIPS the FPU is an optional component as are some other units as without it the numbers are handled via software through the use of other units.

The FP/SIMD stack (neon/vpf4, aka asimd) is in each a53 core - it's not a shared resource like Bulldozer.

In Aarch32/64 ARMv8-a, AES/Crypto can run on the a53, but that's an option... (not all a53's have the AES stuff)