Asus RT-AC68U NAT Acceleration and CTF issues

[chinesestunna]

Hi all,

Big thanks to Merlin for putting out such as fantastic stock based firmware. I've been a DD-WRT user for the past 9 years and have recently made the switch after getting a RT-AC68U. My setup is as follows:

1. 200Mbps/20Mbps connection from TWC (confirmed with laptop directly to cable modem, TP-Link 7620)
2. RT-AC68U running latest 380.59 Merlin, factory reset before/after flashing
3. configuration mostly stock, jffs enabled with ddns script, 1 USB key to store traffic logs (per IP traffic is disabled), OptWare installed with only nano and htop added
4. Win8.1 VM running on ESXi box with physical dual gigabit lan going to router ports 3, 4

My issue is CTF functionality seems inconsistent, NAT acceleration is set to "enabled" and the WebUI does show CTF is enabled but the following is observed:

1. I can hit 230Mbps/22Mbps consistently to speedtest.net and other bandwidth test sites, however Core1 of the CPU would peg at 100% confirmed with both WebUI and htop, Core2 is idle.
2. Running sabnzbd (15 streams) will inconsistently hit between 60-160Mbps (capped at 160) but mostly in the 80-100 range. CPU usage on Core1 also peg at 100%
3. When I actually hit 120-160 Mbps on sabnzbd, CPU usage would be lower at <50%. These observations would lead me to believe that CTF is intermittently cutting in and out and that sub 100Mbps is due to CTF not actually bypassing the processor and 100% CPU load is the bottleneck.

I do have STP enabled (2 switches behind router to other parts of the house but no loopbacks) so Flow Accelerator is disabled, should I disable STP as well since I don't have any loopbacks?

Any advice/thoughts would be appreciated.

 

[chinesestunna]

Additional clarification (system won't let me edit first post)
With my previous router, an RT-N66U running DD-WRT and no acceleration I max out at about 100Mbps due to all no HW NAT acceleration at all but it would be consistently running at that speed, not bouncing all over the place.

 

[RMerlin]

Port-forwarded traffic is not accelerated. For a port forward to work, that traffic has to be marked to bypass CTF (as it needs to be handled by Netfilter, which CTF bypasses).

 

[chinesestunna]

Port-forwarded traffic is not accelerated. For a port forward to work, that traffic has to be marked to bypass CTF (as it needs to be handled by Netfilter, which CTF bypasses).

Thanks Merlin but I don't believe the nzb traffic is port forwarded. Sabnzbd is connecting directly to my provider over SSL port 563 to grab the articles. The only port forward as related to this is for administration of Sabnzbd to expose its interface and for remote API calls.

 

[RMerlin]

Well since CTF Is closed source, nobody knows for sure how it works except for Broadcom.

 

[chinesestunna]

Black Magic! Thank you for the insights, I'm doing more testing and it seems TWC may be doing some traffic shaping as well (perhaps due to all my testing) and report back.

 

[chinesestunna]

Just to follow up and close the thread - I did more testing and the CTF seems to cut in/out intermittently esp for NNTP. What's more curious is I did a few more tests and observed the following:

1. The router can route and sustain full ~230Mbps of my connection on speedtest and NNTP regardless of CTF enabled/disabled within 5 min of reboot.
2. After 5 min of reboot, CTF for NNTP became very spotty and it almost seems I need to "overload" the CPU with traffic, peaking at about 50Mbps on NNTP which causes CPU core0 to hit 100% then doing some other things on the router to kick in CTF. Even this was not guaranteed.

I have now done a full factory reset and added my various configurations one by one and somehow it seems the issue is fixed. Now even routing the full ~230Mbps across various protocols seems to not affect the CPU at all, <5% utilization and thus indicating CTF is kicked in full gear?

This is very strange as I've done a factory reset the other night and didn't seem to resolve anything.