What's new

WAN throughput slower without NAT

ToMe

New Around Here
I recently added an RT-AC68U to my home network to create a subnetwork. However, after disabling NAT my WAN throughput dropped to 400Mbit (CPU1 100% and CPU2 60% load) from the recent 930Mbit (CPU1+2 at 100% load).
Is this expected behaviour? Shouldn't disabling features increase speed rather than slowing it down? Of course with NAT disabled I also loose the NAT acceleration feature.
For tests everything was disabled (Firewall, QoS, ...) and I tried with different versions of Merlin and Asus stock firmware. I used iperf3 with computers directly connected to WAN and LAN.

Maybe I just chose the wrong device for my application and somebody can recommend something better in that price range (RT-AC86U seems much faster, but would cost me 65€ more).
I simply want to create a subnetwork within my home network that has its own WiFi (which is only used for Smartphones, so no gaming) and DHCP. This way both networks can be managed independently and it is still easy to access servers.
Currently I activated NAT again and added some Port forwarding but there are multiple devices having Port 80 open which makes it a hassle again.
 

ToMe

New Around Here
coxhaus, thank you for your quick answer.
I have never worked with VLANs before, guess I will have to dig deeper then. Hope this is something consumer grade hardware supports.
Currently my main router is a DSL-AC68U and my new one is a RT-AC68U.
From my first impression of VLANs I don't need the second router anymore, I could simply setup my main router to use ETH1-2 for VLAN1 and ETH3-4 for VLAN2 (if the router supports such a feature). However, a Gigabit switch with VLAN+QoS is also kinda cheap... do you have any recommendation considering the hardware I already own.
Like I said my current home network is kinda simple:
ISP -> Asus DSL-AC68U -> local network -> RT-AC68U -> subnetwork
 

ColinTaylor

Part of the Furniture
The DSL-AC68U doesn't have VLAN support (other than for IPTV).
 

ToMe

New Around Here
Just a wild guess, would it be possible to somehow use a separate managed switch to create two VLANs as they are fairly cheap?
I could then setup one router in each VLAN and use routing tables to route traffic across. The routers then provide DHCP for each VLAN.

Something like that:
ISP -> DSL-AC68U -> VLAN1 -> Managed Switch -> VLAN2 <- RT-AC68U
 

ToMe

New Around Here
OK, according to this (https://www.practicalnetworking.net/stand-alone/routing-between-vlans/) there is no routing between VLANs using a switch, I thought you might be able to configure some sort of routing table on these things.

Still, is there a logical explaination why disabling NAT would slow down WAN throughput? I just tried on an old/cheap Linksys and it dropped from 100Mbit to 10Mbit. Seems this is not a firmware issue related to Asus but rather an expected behavior.
 

ColinTaylor

Part of the Furniture
Still, is there a logical explaination why disabling NAT would slow down WAN throughput?
I think you answered that yourself in your opening paragraph.
Of course with NAT disabled I also loose the NAT acceleration feature.
So without the hardware NAT acceleration active all the routing has to be performed by the router's CPU. That will limit your throughput dramatically.
 

ToMe

New Around Here
oO so NAT acceleration is in hardware, didn't know that.
Thanks for your answers coxhaus and ColinTaylor.
 

ToMe

New Around Here
In case anybody runs into the same problem as I did:
Just swapped the router with the newer and more powerful RT-AC86U, it manages Gigabit WAN even with NAT disabled. (i.e. make sure you have a fast CPU)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top