Poor performance port forwarding

[dannytrigo]

Hello,

I have an Asus RT AC66U, running the Merlin firmware (though I haven't had chance to check yet if the problem occurs with the stock firmware as well).
My problem is that I have poor throughput when accessing a service via port forwarding, and the router CPU goes to 100%. I have a gigabit internet connection and can easily achieve 800mbit up and down on a speedtest, but if I host a speedtest myself (librespeed) and try to access it externally, through port forwarding, I'm maxing out around 100-120mbit.

I have tried internally on my LAN as well. If I access the local speed test via a private IP (192.168.1.x) I get full gigabit speeds. If I access via my external IP, which still only goes to the router but then I presume goes through iptables rules and redirects internally according to port forwarding rules, I'm again limited to 100-120mbit and CPU usage is maxed out on the router.

Is this a limitation of how port forwarding works on this router? Potentially an impact of some Merlin feature? I will try to do a hardware reset, and try flashing with stock firmware and retesting when time and work permits.

Thanks in advance

 

[ColinTaylor]

It is a limitation of you using NAT loopback rather than port forwarding as such. When using NAT lookup the router can't exploit its hardware acceleration and has to use the CPU for routing. As the CPU in the AC66U is very weak the most throughput you can get out of it is ~120Mbps.

 

[dannytrigo]

Thank you for the reply, much appreciated. I will look into upgrading my router or perhaps a workaround opening an outbound ssh tunnel to a remote server with reverse port forwarding, which to the router will be an outbound connection and should hopefully use the hardware acceleration and get better speeds.

 

[L&LD]

That poor, single 600MHz processor is doing pretty well with a 1Gbps ISP connection.

Maybe time to upgrade it to match the ISP service better?

But using the method you've described and the input from @ColinTaylor, even the RT-AC86U, or RT-AX88U/RT-AX86U won't be able to show full speeds either.

 

[dannytrigo]

I guess I just assumed a router with gigabit ports should support gigabit speeds but its not that simple

I'll shop around, but are there any recommendations for consumer level routers that would support anywhere near gigabit for inbound connections? Ideally with support for enhanced firmwares/features like Merlin/DDWrt?

 

[L&LD]

Consumer-level? No.

If you have a spare i5-xxxx with 8GB of RAM or more and can get a stable pfSense install working as you need, you'll have a better chance to approach what you're asking for.

 

[dannytrigo]

Thanks for the replies, appreciate it.