Routing Performance?

[M.T.Field]

(yes, I've used the search function)

I've been wondering about the usefulness of the Routing Performance metric as it applies to my home network. Specifically, when I test my broadband connection, I see a peak of about ~70 Mbps, with a sustained average of ~50 Mbps for downloads (uploads are in the 3-5 Mbps range). So - here's my question: let's assume I am looking at a XyWall 110 VPN Firewall with the following tested specs:

Test Description ZyWALL 110
WAN - LAN 662
LAN - WAN 420
Total Simultaneous 629
Maximum Simultaneous Connections 33,652
Firmware Version V3.10(AAAA.2)

...but I see another product with a 20% higher WAN-LAN and LAN-WAN figure. Am I correct in assuming that, since these numbers are at least 10X higher than I experience, there will be no effect in a router with a higher number? Or, is the difference somehow proportionate, effecting all speeds even below the tested maximum?

What I'm really after is the XyWALL's VPN performance, but I'd like to understand how the routing performance numbers work. Thanks for any information you can provide.

 

[abailey]

Unfortunately most of these numbers posted by manufacturers are best case scenario, not real world. Meaning those are the number with the fewest firewall rules, etc. Also see many manufacturers post their VPN specs only to find out that spec is with encryption turned off or only one particular type encryption. In other words the numbers don't mean a lot as they are not apples to apples comparison when you are looking at different devices (especially from different manufacturers). Probably better to research the product reviews and manufacturer forum to see if people are having good luck with the product in a real world scenario.

 

[M.T.Field]

Thanks for the quick reply. To eliminate "manufacturer's bias", I was using the reviews on this site for my comparison:

http://www.smallnetbuilder.com/lanw...d?tmpl=component&print=1&layout=default&page=

http://www.smallnetbuilder.com/lanw...-dual-gigabit-wan-vpn-router-reviewed?start=2

So...if your source is capable of 70 peak download and 5 Mbps upload peak, does 662/420 Mbps (down/up) vs. 887/746 Mbps even matter in your firewall/router?

 

[abailey]

Thanks for the quick reply. To eliminate "manufacturer's bias", I was using the reviews on this site for my comparison:

http://www.smallnetbuilder.com/lanw...d?tmpl=component&print=1&layout=default&page=

http://www.smallnetbuilder.com/lanw...-dual-gigabit-wan-vpn-router-reviewed?start=2

So...if your source is capable of 70 peak download and 5 Mbps upload peak, does 662/420 Mbps (down/up) vs. 887/746 Mbps even matter in your firewall/router?

I would say no. Both those marks are so far above your line speed I think you would be safe with either. Just make sure your read the reviews good. I have a router at my house that can route at nearly 1Gbit/s. The VPN throughput is like 400Mbit/s unless I choose OPENVPN (as opposed to PPTP or L2TP), then my throughput drops to 15Mbit/s. It is a huge difference. Just make sure the router can do what you need at the speeds you need, and many times that takes a little research.

 

[azazel1024]

One other considering. The tests on the site here are only with WAN DHCP. None of the WAN connections that include significant overhead. For example WAN PPPoE has considerable overhead. A lot of routers that can test at over 700Mbps on WAN DHCP might manage 150Mbps on PPPoE or one of the other high overhead protocols. Lots of firewall rules also will slow things down.

That is the issue with some of the testing is it is hard to test anything other than WAN DHCP and it can make a huge difference. Some routers that might only do 400Mbps on WAN DHCP might also be able to do 380Mbps on WAN PPPoE, because they have effective hardware offload of PPPoE. Some have crappy hardware offload implementations or NONE, causing them to be very slow.

With a connection "as slow" as yours, I don't think it much matters so long as you are using a router less than 5 years old. It should be able to handle it. Once you get over about 100Mbps WAN connection though, the router can matter a whole lot, especially if you have any WAN connection that involves overhead.

PPPoE is Point-to-Point Protocol over Ethernet and involves adding PPP frames in to the ethernet packet. It can be a lot of overhead for a router without hardware offload because incoming packets to the router have to be disected into 1492 byte frames with the 8 byte PPPoE payload added in. So you have to do a lot of memory transactions from the router buffer as you accumulate ethernet frames, since each one ends up pulling 8 bytes of payload from each ethernet frame and sticking it in the next frame and then the next frame losses 8 bytes to PPPoE payload and the 8 bytes that the previous ethernet frame lost. Then the next frame has to take the 8 PPPoE payload frames AND the 16 bytes that the last frame lost because of the two previous frames and so on.

Its a lot more work than WAN DHCP which uses regular ethernet frames without having to cut them up.

 

[M.T.Field]

abailey & azazel1024,

Again, thanks for the really useful information. Given the fact that our networking DL speeds were recently increased from 20-50 to 50-70 Mbps and that our provider uses WAN DHCP, I think I'm good - at least in the Routing Performance area.

 

[stevech]

Is AT&T still using PPPoE, and even with Uck-Verse?

 

[azazel1024]

I believe so.

Most DSL and most fiber uses PPPoE. There are, I am sure, exceptions to this though. Verizon FIOS has two options, PPPoE and DHCP WAN. The later is pretty much only used on their older OLT/ONTs (BPON), AFAIK and all of their newer GPON stuff uses PPPoE. I think.