ASUS AC3100 won't handle new high speed internet, need advice...

[JUSTIN BARRETT]

Just got new 500MB/s broadband and unfortunately my ASUS won't handle it. I should say, it handles it until I turn NAT acceleration off, which is a must for parental time controls in this house.

So I've tried the Amplify HD...bummer interface. Netgear Nighthawk X10...lacking parental controls compared to the ASUS. Linksys 9300, currently using...it's interface is blah compared to the ASUS.

ASUS spoiled me with their interface! Moderate size home (2200sq ft up and basement), 3 kids with desktops and tablets, wife that likes to twitch her gaming.

Any suggestions? Should I wait for the new ASUS AX line that should be out soon?

Thanks!!

 

[Trip]

Hi Justin,

Unfortunately, as your experience has confirmed, no ARM-based consumer boxes are going to get you 500+Mb/s of CPU-routed throughput at the current time...

You'll need to look at an x86 box, running on at least a Pentium chip or better. For something as plug-and-play as possible, I would suggest a pre-built firewall appliance running pfSense or Untangle, or a private firewall brand such as Sophos. Brand new, they'll be pricey, $500-900 for the speed you're looking for. You might be able to lower the cost by sourcing your own hardware, buying on eBay, and/or running free/community firewall versions. The main challenge, though, is the lack of the all-in-one "parental controls" feature found in the Asus firmware. The same functionality is achievable with the commercial-grade stuff (filtered DNS enforcement, application/content control, time-limiting, etc.) but you'll have to get your hands dirtier in setting it all up, or having it setup for you. If you're not willing to go there for whatever reason, and I completely respect that decision, then it's most likely back to the way-and-try game with the next round of consumer stuff...

If you're willing to consider an x86 firewall, then I would start by taking the best-performing wifi product you already own and turn off all services, effectively turning it into an access point only (on some mesh products this may be called "bridge mode"). Wireless clients will then get passed to the router-firewall for DHCP, DNS, etc. In your case, I'd would choose something like a Nexgen NG-100D running Untangle. Follow the wizards and docs on how to setup what you need, and you should be good to go. It's going to cost you and it will take some time, but in the end you *will* get the control you want at the desired speed.

I would love to give you a cheaper or easier answer, but for something that has the capability at the speed you're looking for, that's the best I can come up with... And I'm pretty sure it's more or less what others will end up saying as well.

 

[CaptainSTX]

Just got new 500MB/s broadband and unfortunately my ASUS won't handle it. I should say, it handles it until I turn NAT acceleration off, which is a must for parental time controls in this house.

So I've tried the Amplify HD...bummer interface. Netgear Nighthawk X10...lacking parental controls compared to the ASUS. Linksys 9300, currently using...it's interface is blah compared to the ASUS.

ASUS spoiled me with their interface! Moderate size home (2200sq ft up and basement), 3 kids with desktops and tablets, wife that likes to twitch her gaming.

Any suggestions? Should I wait for the new ASUS AX line that should be out soon?

Thanks!!

In what part of the world do you live and who is your ISP that give you a 4,000 Mbps connection and is it symetrical?

 

[Trip]

In what part of the world do you live and who is your ISP that give you a 4,000 Mbps connection and is it symetrical?

I'm sure he meant 500 Mb/s, not MB/s.

 

[CaptainSTX]

I'm sure he meant 500 Mb/s, not MB/s.

Maybe, but the OP's 4 Gbps connection is not nearly as fast as the poster talking about the joys, trials and tribulations of his new 10 Gbps connection. If the OP comes back and clarifies his speed then perhaps someone on the forum can give him better advice on how to utilize the higher speed connection without spending $500 - $900. I know my AC1900P did OK when I had a 1 Gbps connection.

 

[Trip]

Can and will certainly amend, but just to note, the only reason an AC1900P would do fine on a 1Gig connection is with NAT acceleration enabled. The OP stated that it needed to be disabled in order for parental control timing to work adequately (as is suggested by Asus). When that happens, I would suspect the 1.4Ghz ARM chip would max out at 350-400Mb/s - perhaps I'm wrong and it's a slightly higher. As I said, if he really wants those features at full speed and can't find them on a platform where NAT acceleration can stay enabled, then it'll only a sure bet if he goes x86. And if he says it's a 4Gb/s connection (which I highly doubt), that would even reinforce the move away from SOHO stuff, but with the addition of even more expensive NIC hardware and/or underlying architecture. Again, would love to agree otherwise, but just not happening with the SOHO stuff right now - most likely.

 

[Easy Rhino]

So specifically among the ASUS sandbox - if you're hooked on the interface - the RT-86U or GT-5300 are probably going to have better CPU performance.

How much speed do you get now? If you can get 350 or 400mbps, then that may be "good enough" depending on how the cost or effort of an upgraded version looks to you.

 

[Trip]

Yeah, now considering how far out of his way he's have to go according to my earlier suggestions, perhaps "good enough" would suffice. He'd only be giving up 100Mb or so at the most. Not that biggest concession versus saving $500+.

 

[JUSTIN BARRETT]

Wow, thanks for all the responses. I'm sorry if 'B' and 'b' are two different things It's definitely 500 megabits per second...not 5000.

Trip, you're dead on. From what I found on these forums with the ASUS routers the parental controls/NAT issue is exactly what I'm dealing with. Tested. NAT turned on and I can cap that 500 and up into the 600/700's on upload. Linksys 9300 has a faster processor than their flagship 9500, so that's why I went that way. It capped the 500 out of the box, but dropped close to that number you tagged, 330's actually, when parental controls were turned on.

That interface did spoil me. I love it. Asus' new AX line and the current RT 5300 have quad core 1.8Ghz processors...I just don't know what NAT disabled will do.

 

[Trip]

Thanks for the confirmation and throughput numbers, Justin.

If I may add some more insight re- whether or not any of the newer consumer stuff might fill the void, or more specifically, might not. First off, *number* of cores is generally much less relevant than individual core clock speed, due to a myriad of things, but generally lack of multi-core capitalization by the firmware/distro networking stack. Additionally, the types of math that ARM is good at are often not as optimal for CPU-based throughput as, say, MIPS, which in-turn isn't as optimal as x86. So, clock for clock, a 1.8Ghz Pentium will generally smoke the pants off a 1.8 Ghz ARM chip; thus the reason why many SMB firewalls climb from ARM/MIPS to x86 through their model verticals (for x86, the power order is typically older Atom, Celeron, newer Atom (at least some), Pentium, i-Series, Xeon). Your going to want to be in the Celeron / newer Atom range or higher, I would think.

In terms of selecting the right distro, most can be demoed and you can browse the package and/or feature libraries in advance to confirm capabilities. Before throwing hundreds at anything, I would do plenty of that and continue to gather feedback by those in a similar situation, if not from here then from Reddit, ServeTheHome, etc. Hopefully you'll be much more confident and informed as to what to chose by then; or, who knows, maybe Asus and company may just blow us away with yet-to-be seen performance numbers from next-gen ARM stuff while you're in the process. Either way, you win for knowing better or by taking advantage if it actually does happen.

 

[doczenith1]

I just turned on QoS on my 86U (set to 1000 Mbps) and verified that Runner and Flow Cache were both disabled. I ran a few speedtests and they were all similar to the image below. Core 1 was at 100% during the tests.