What's new

How To Find The Best Router For Gigabit Internet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thiggins

Mr. Easy
Staff member
cisco_white_paper_c11-465436-1.jpg
Gigabit wire-speed routers can produce significantly lower throughput depending on the features you use.

Read on SmallNetBuilder
 
good writeup - Marvell and QCA seem to excel across the board, Broadcom and Cavium in certain use cases...

Wish I would have known you were planning this article, I would have sent over my 2440 to include in the testing...

FWIW - I did a forum post digging into CTF a couple of years back... https://www.snbforums.com/threads/broadcoms-hardware-acceleration.18144/

Quick comment about VPN... even with AES-NI and other tricks, big cores, esp. Intel/AMD do better here, mostly due to fast and wide memory, esp. with OpenVPN...

(OpenVPN is only one type of VPN tech - there are others, and L2TP/IPSec can perform very well on lower spec chips compared to OpenVPN)

Would be curious to see more about Alpine (quad/dual A15's) and some upcoming ARMv8 chips coming from Marvell and QCA...

Even then, with pfSense, one does need a fair amount of horsepower and good NIC's to get even close to 1GB...

And in the pfSense space - pfSense is a SW based router...

2.3 was a big step forward with tryforward() - and netmap-fwd is on the roadmap for a future release (3.0?)

https://www.netgate.com/blog/pfsense-around-the-world-better-ipsec-tryforward-and-netmap-fwd.html

https://github.com/Netgate/netmap-fwd/blob/master/netmap-fwd.pdf
 
Last edited:
Great article! I do expect this level of article comes from snb and never disappointed.
Could you make this a part of standard test? It is really useful when picking routers.
 
Tim,

Timely article for me. I noticed the same results you did with the ERPOE-5 that I was messing around with (same as ERLITE-3).

R8500 easily allows me to max out my gigabit connection as long as I am not doing QoS. I was hopeful that I could take advantage of some of the neat features found in the UBNT router but that didn't seem to be the case, especially when I turned on QoS - same as you, got knocked down to around ~100mbit.

Any chance you can review this?
http://www.balticnetworks.com/mikrotik-cloud-core-router-ccr1009-7g-1c-pc-w-passive-cooling.html

This seems to have some impressive specs on paper but I am curious what it could do in the real world.

I will say in this new era of now having gigabit cable at home (docsis 3.1) all of a sudden, routing performance is really important.
 
With the prices they charge for these routers, why don't these companies keep the same price points, but make a design that uses something like an Intel Core i3 CPU, so that there can be ample CPU to better handle OpenVPN?
 
Hi,

the test, as I understood it from the first part of the article, seemed to be 'how much of the promised gigabit will a router deliver through a forwarded port?'

Why is QoS suddenly in the mix? And why would anyone want QoS on a gigabit uplink?

thanks for clearing this up
simon
 
Why is QoS suddenly in the mix? And why would anyone want QoS on a gigabit uplink?

There are some uses, e.g., if you don't want your torrent download causing issues with your 8K streaming.

Overall gigabit is really not enough for most consumer use cases.
 
Last edited:
Why is QoS suddenly in the mix? And why would anyone want QoS on a gigabit uplink?
- QoS may still be needed to manage uploads (consider not all users have 1000Mbps up, maybe only 100Mbps)
- QoS may still be able to help manage/limit impact to WiFi clients

I toyed with QoS a bit on my FW more to prevent torrent and CIFS traffic from saturating one of my FW interfaces (not the WAN), but I found it was slowing things down way more than helping and disabled it. So now when my torrents must re-check themselves, I just let the DMZ interface of the FW peg itself out for a few minutes and then things settle back down.
 
And, of course, if you're trying to get a full gigabit through any VPN tunnel, you can forget using any consumer Wi-Fi router. Higher encryption levels mean lower throughput. So even with quad-core ARM processors and lower encryption levels, you'll be hard pressed to find anything that can provide higher than 50 Mbps through a VPN tunnel. For anything higher than that, you'll need to build your own router with a PC grade multi-core CPU.

I don't agree with this statement. A lot of modern ARM based SoCs can run wire speed VPN these days. However, these SoCs have dedicated network accelerators (or whatever the manufacturer choses to call it) to do so, such as Qualcomm's IPQ SoCs.
r7500_ipq8064.png

However, these features are rarely implemented in consumer level routers, so it's very possible that you need a more professional level piece of hardware regardless, but only because the manufacturers chose to not enable something that the SoC is capable of doing. This is not unusual, as it's how the router makers differentiate their product offerings. However, it's wrong to say that the SoCs aren't capable of offering VPN speeds in excess of 50Mbps, since that's simply no longer the case.
 
Sadly, even with a router like the Netgear R7800, the openVPN throughput is not very good. It is fine for streaming, but it will not take advantage of even a 100mbit connection. Overall, the end result is what matters, and VPN on consumer routers is either horribly unoptimized, or the hardware is insanely slow.
 
Would be curious to see more about Alpine (quad/dual A15's) and some upcoming ARMv8 chips coming from Marvell and QCA...

Interesting tidbit: Asus has an Alpine-based router in development...


Tim, I must say I was surprised by some of your results. In some cases (like Asuswrt), port forwarding is able to work with CTF enabled because they mark each packet that gets port forwarded. At the kernel level, any marked packet will then bypass CTF. Your results would indicate that there would still be some acceleration in place even when a packet goes through a port forward. Maybe Broadcom improved their CTF implementation over the years.

Which type of QoS did you test on the Asus? Traditional QoS will force CTF to be disabled when you enable it, but Adaptive QoS (based on the Trend Micro engine) will work with CTF kept enabled.
 
the test, as I understood it from the first part of the article, seemed to be 'how much of the promised gigabit will a router deliver through a forwarded port?'
No. I set out to find out why my tests did not show reduced throughput. ONE case reported was using port forwarding. So I set it as the default test case.

Other people have answered why QoS uplink was checked.
 
Overall gigabit is really not enough for most consumer use cases.
Uh. Yes. It's more than enough. Very few websites are even capable of supporting sustained Gigabit Ethernet rates.
 
I don't agree with this statement. A lot of modern ARM based SoCs can run wire speed VPN these days.
Tell me which consumer routers can handle gigabit wire speed and I'm happy to update the article.
 
Tim, I must say I was surprised by some of your results. In some cases (like Asuswrt), port forwarding is able to work with CTF enabled because they mark each packet that gets port forwarded. At the kernel level, any marked packet will then bypass CTF. Your results would indicate that there would still be some acceleration in place even when a packet goes through a port forward. Maybe Broadcom improved their CTF implementation over the years.
Sorry, I'm confused. The tests show that port forwarding does NOT reduce throughput, with the possible exception of one case.

Which type of QoS did you test on the Asus?
I tested the smart/ adaptive mode with all four categories checked. I don't have my test notes with me right now, so sorry I'm not being exact.
 
Tell me which consumer routers can handle gigabit wire speed and I'm happy to update the article.

That's a loaded statement - many think that OpenVPN is the only one - it's not, but even then, most consumer routers use just that, and there, the ARM based routers do have a bit of a challenge hitting 40-50Mbps at best...
 
Interesting tidbit: Asus has an Alpine-based router in development...

The Alpines are interesting - but... depends on what Asus does with AsusWRT - most of the improvements are much newer than what AsusWRT has the moment with the kernel, compiler, and packages...

Getting outside of Alpine - the Intel x86-64 Silvermont/Airmont chips are interesting - they clock higher, and have more bandwidth on the memory interfaces - so while not wire speed for VPN, they will do a better job than the ARMv7's already in the consumer space.

Marvell and Qualcomm (not QCA) - they've done some interesting work on ARM - I had a short term lab test with the Machiatto-bin board from Marvell, and it was, to put it nicely, furious on certain things... the Intel Goldmont cores, I suspect much of the same...

But none of this stuff is in the 2017 crop of consumer routers in the mainstream - we have a couple of Alpines that are shipping...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top