1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

WAN throughput slower without NAT

Discussion in 'ASUS AC Routers & Adapters' started by ToMe, Dec 28, 2019.

  1. ToMe

    ToMe New Around Here

    Joined:
    Dec 28, 2019
    Messages:
    6
    I recently added an RT-AC68U to my home network to create a subnetwork. However, after disabling NAT my WAN throughput dropped to 400Mbit (CPU1 100% and CPU2 60% load) from the recent 930Mbit (CPU1+2 at 100% load).
    Is this expected behaviour? Shouldn't disabling features increase speed rather than slowing it down? Of course with NAT disabled I also loose the NAT acceleration feature.
    For tests everything was disabled (Firewall, QoS, ...) and I tried with different versions of Merlin and Asus stock firmware. I used iperf3 with computers directly connected to WAN and LAN.

    Maybe I just chose the wrong device for my application and somebody can recommend something better in that price range (RT-AC86U seems much faster, but would cost me 65€ more).
    I simply want to create a subnetwork within my home network that has its own WiFi (which is only used for Smartphones, so no gaming) and DHCP. This way both networks can be managed independently and it is still easy to access servers.
    Currently I activated NAT again and added some Port forwarding but there are multiple devices having Port 80 open which makes it a hassle again.
     
    Vexira likes this.
  2. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,334
    Location:
    texas
    This is why VLANs are used. VLANs give you structure in a network.
     
  3. ToMe

    ToMe New Around Here

    Joined:
    Dec 28, 2019
    Messages:
    6
    coxhaus, thank you for your quick answer.
    I have never worked with VLANs before, guess I will have to dig deeper then. Hope this is something consumer grade hardware supports.
    Currently my main router is a DSL-AC68U and my new one is a RT-AC68U.
    From my first impression of VLANs I don't need the second router anymore, I could simply setup my main router to use ETH1-2 for VLAN1 and ETH3-4 for VLAN2 (if the router supports such a feature). However, a Gigabit switch with VLAN+QoS is also kinda cheap... do you have any recommendation considering the hardware I already own.
    Like I said my current home network is kinda simple:
    ISP -> Asus DSL-AC68U -> local network -> RT-AC68U -> subnetwork
     
  4. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,334
    Location:
    texas
    I think you will need to look at small business routers.
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,603
    Location:
    UK
    The DSL-AC68U doesn't have VLAN support (other than for IPTV).
     
    Vexira likes this.
  6. ToMe

    ToMe New Around Here

    Joined:
    Dec 28, 2019
    Messages:
    6
    Just a wild guess, would it be possible to somehow use a separate managed switch to create two VLANs as they are fairly cheap?
    I could then setup one router in each VLAN and use routing tables to route traffic across. The routers then provide DHCP for each VLAN.

    Something like that:
    ISP -> DSL-AC68U -> VLAN1 -> Managed Switch -> VLAN2 <- RT-AC68U
     
  7. ToMe

    ToMe New Around Here

    Joined:
    Dec 28, 2019
    Messages:
    6
    OK, according to this (https://www.practicalnetworking.net/stand-alone/routing-between-vlans/) there is no routing between VLANs using a switch, I thought you might be able to configure some sort of routing table on these things.

    Still, is there a logical explaination why disabling NAT would slow down WAN throughput? I just tried on an old/cheap Linksys and it dropped from 100Mbit to 10Mbit. Seems this is not a firmware issue related to Asus but rather an expected behavior.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,603
    Location:
    UK
    I think you answered that yourself in your opening paragraph.
    So without the hardware NAT acceleration active all the routing has to be performed by the router's CPU. That will limit your throughput dramatically.
     
  9. ToMe

    ToMe New Around Here

    Joined:
    Dec 28, 2019
    Messages:
    6
    oO so NAT acceleration is in hardware, didn't know that.
    Thanks for your answers coxhaus and ColinTaylor.
     
  10. ToMe

    ToMe New Around Here

    Joined:
    Dec 28, 2019
    Messages:
    6
    In case anybody runs into the same problem as I did:
    Just swapped the router with the newer and more powerful RT-AC86U, it manages Gigabit WAN even with NAT disabled. (i.e. make sure you have a fast CPU)
     
    L&LD likes this.