What's new

Broadcom's hardware acceleration

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Any traffic analyzing, QOS, AiProtection and STP stuff will knock it out... possibly more stuff but thats the ones i know.

Also always manually reboot it completely just to make sure

Here you can find some more info... though its not complete: [link removed as it now points to a cybersquatter. -rm]
 
Last edited by a moderator:
I just recently got a RT-AC68U and noticed slow wired-wired transfer speeds... about 70-80 Mbps. I disabled NAT Acceleration (was on "Auto") and speeds dramatically improved to 300-350 Mbps. My network is all 1Gb equipment and all cabling is Cat6. I am using stock ASUS firmware v3.0.0.4.380_1031. My internet speed is 90 down 12 up. What gives? I've read this thread a few others and don't see why it'd actually slow speeds down. It's mentioned earlier in this thread that it is not supported on the AC68U, but then why was it on by default?

Also I found this page with more info on Hardware/NAT Acceleration: http://routerguide.net/nat-acceleration-on-or-off/
 
Last edited:
Are there any affordable routers which can offer the full gigabit throughput with QOS enabled, or are we stuck building a pfsense box and doing some overclocking?
 
To my knowledge the highend consumer grade routers cannot even do that on traditional QOS
Some asus routers come with adaptive QOS which supports some hardware acceleration so that helps. The AC87U can do this but i don't know whether there are any "affordable" routers which have this functionality

Though i'd say at gigabit speeds QOS is useless anyway
 
Last edited:
Hi all and I am a newbie and came across this forum and I have a serious question as I need clarification on using OPENVPN client and on the ASUS routers.

I have a DSL-AC56U router which is a combo of VDSL and Wireless router connected as Wireless router with Fibre. The issue is that I know Merlin doesn't support and DSL-XXX models and OPENVPN client (connecting to TigerVPN) is really slow comparing using OPENVPN on my Linux desktop (I can't even get 10% of my 100Mbps on the Asus OPENVPN). Now I am thinking about getting a new wireless router - RT-AC68U and I want to flash it with Merlin firmware. The concern and uncertainty I have is that how much of the improvement will Merlin firmware make and also will it be able to utilize more than one CPU seeing AC68U is dual core? I had thoroughly went through all the discussions but nothing has been confirmed. otherwise the next best option would be getting a Linksys with hardware crypo (acceleration) if AC68U doesnt support it regardless of the firmware? I hope this is a valid question and thank you for providing such great software and forum for all people like us.

Thanks,

cheffie
 
Hi all and I am a newbie and came across this forum and I have a serious question as I need clarification on using OPENVPN client and on the ASUS routers.

I have a DSL-AC56U router which is a combo of VDSL and Wireless router connected as Wireless router with Fibre. The issue is that I know Merlin doesn't support and DSL-XXX models and OPENVPN client (connecting to TigerVPN) is really slow comparing using OPENVPN on my Linux desktop (I can't even get 10% of my 100Mbps on the Asus OPENVPN). Now I am thinking about getting a new wireless router - RT-AC68U and I want to flash it with Merlin firmware. The concern and uncertainty I have is that how much of the improvement will Merlin firmware make and also will it be able to utilize more than one CPU seeing AC68U is dual core? I had thoroughly went through all the discussions but nothing has been confirmed. otherwise the next best option would be getting a Linksys with hardware crypo (acceleration) if AC68U doesnt support it regardless of the firmware? I hope this is a valid question and thank you for providing such great software and forum for all people like us.

Thanks,

cheffie


Just drop the firewall or port forward 1194 or whatever you want thru this gateway router to your OpenVPN Server router operating behind the gateway router...issue resolved!:D

You would then be able to obtain up to the bandwidth limitations of the whatever the router type you choose for your OpenVPN Server router as is the case for my AC86U OpenVPN router detailed at the following: https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-9#post-416312
 
Just drop the firewall or port forward 1194 or whatever you want thru this gateway router to your OpenVPN Server router operating behind the gateway router...issue resolved!:D

You would then be able to obtain up to the bandwidth limitations of the whatever the router type you choose for your OpenVPN Server router as is the case for my AC86U OpenVPN router detailed at the following: https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-9#post-416312

Hi Somms,

I think we misundetstood each other (or I am just confused as always... LOL). I am currently using ASUS DSL-AC56U (a combo router which merlin doesnt support). So I am connecting to the TigerVPN UK server under then OPENVPN CLIENT option on STOCK firmware. I managed to make it work but the connection speed is only like 10%... But if I use my linux PC to do the openvpn client, I can get up to 60Mbps from my 100Mbps line. So I want to try to buy a new ASUS router such as AC68U which I can install Merlin Firmware. My question is... will it really help with my OPENVPN connecting via TigerVPN UK server or if it will remain slow connection around 10Mbps?
 
Hi,
does disabling hardware acceleration affect the LAN<->LAN throughput too, or only WAN->LAN?
thanks
 
will it really help with my OPENVPN connecting via TigerVPN UK server or if it will remain slow connection around 10Mbps?
Depending on the processor's speed in the AC 68 you should be able to get download speeds of 40 - 60 Mbps assuming you are not actually thousand of miles away from their server and TigerVPN actually has some bandwidth for their backbone.

If you want almost full line speed when connecting to a VPN server using a client on your router then you need a router that has a chip set that supports AES-NI. Just the ever popular AC86 and the AX88 have a suitable processor and are also supported by Merlin.

If you want to stay with the AC68 line get one such as the AC1900P which has the fastest processor in this line. There are others AC68 models that have faster processors but you will need to research that.
 
Hi,
does disabling hardware acceleration affect the LAN<->LAN throughput too, or only WAN->LAN?
thanks

LAN <-> LAN is switched, not routed, so it's not affected. CTF only works on routing
 
First, I noticed that a newer generation of Broadcom router SoCs have a flow cache and a Runner network packet processor according to several posts on the SmallNetBuilder forums. While the Runner network packet processor is obviously a hardware packet processor, what does the flow cache do? Does it just cache the results of previously routed packet flows so that if matching packets show up, does it use the results to speed up routing? This obviously means that Broadcom has made two generations of hardware accelerators, with cut-through forwarding and Broadcom Flow Accelerator being in the first generation, and the flow cache and the Runner network packet processor being in the second generation.

Second, does enabling IPv6 disable any of the acceleration technologies that Broadcom has sold into home routers? The reason that I suspect that IPv6 could be a possible incompatible feature on older hardware accelerators is if the hardware accelerators were designed to expect only IPv4 packets so that any non-IPv4 packets could cause the hardware accelerators to fail, forcing the router to use software routing if it is expecting to route non-IPv4 packets. If the hardware is properly designed to sort traffic so that IPv4 traffic is sent to the hardware accelerators and non-IPv4 traffic is sent to the CPU, or if the hardware accelerators can handle both IPv4 and IPv6, then this question is not quite as critical. The reason that I suspect that IPv6 could be a possible incompatible feature is if the hardware was designed to expect only IPv4 packets so that any non-IPv4 packets could cause the hardware acceleration engines to fail, forcing the router to use software routing if it is expecting to route non-IPv4 packets.

Third, the initial post mentioned that port forwarding works by disabling acceleration for affected traffic while leaving the rest of the traffic to be accelerated in hardware, at least for the first generation of Broadcom hardware accelerators. Since UPnP is basically a method of automated port forwarding, is traffic that is enabled by UPnP routed by the CPU with both generations of accelerators?

Fourth, which features entirely disable the flow cache and/or the Runner network packet processor so we know to avoid those features when using a router with these features?

I suspect that I have previously used a rented Verizon Fios Quantum Router model G1100 which has a Cortina Access SoC with its own hardware acceleration that I suspect could possibly be disabled by enabling either IPv6 or UPnP. I have since returned that router when I bought a Verizon Home Router model G3100 with a Broadcom SoC in it, so I cannot test it to determine if either feature is responsible for the poor performance that I had when I had both features turned on. Either the old router or the new router is required for enabling a Fios DVR to connect to the IP network through MoCA. I do not know which hardware acceleration features that it has since Broadcom appears to have at least two generations of actual hardware accelerated routing (generation 1 would be Flow Acceleration, and generation 2 would be the Runner Network Packet Processor), and Broadcom is usually secretive on what hardware acceleration features each SoC has.

Disclaimer: I currently work for Verizon Business as a computer security analyst for a part of Verizon that is not involved with Fios. The views expressed here are my own and are not the opinion of Verizon nor its subsidiaries.
 
I remember when CTF came out for switches. We were still using 10 meg hubs. It was not used in small routers for long after it came out for switches.

I think your are right that with hardware acceleration they are skipping layer 3 and working at layer 2 which is why none of the layer 3 stuff like QoS, etc. works which is layer 3.
 
Some do it in HW as layer two - others do this in SW... it's mostly layer 2...

From Linux Kernel's view...

@thiggins - obviously code doesn't work at the moment with the new zenforo templates...



userspace process
^ |
| |
_____|____ ____\/___
/ \ / \
| input | | output |
\__________/ \_________/
^ |
| |
_________ __________ --------- _____\/_____
/ \ / \ |Routing | / \
--> ingress ---> prerouting ---> |decision| | postrouting |--> neigh_xmit
\_________/ \__________/ ---------- \____________/ ^
| ^ | ^ |
flowtable | ____\/___ | |
| | / \ | |
__\/___ | | forward |------------ |
|-----| | \_________/ |
|-----| | 'flow offload' rule |
|-----| | adds entry to |
|_____| | flowtable |
| | |
/ \ | |
/hit\_no_| |
\ ? / |
\ / |
|__yes_________________fastpath bypass ____________________________|
 

Attachments

  • Screen Shot 2020-07-26 at 6.17.58 PM.png
    Screen Shot 2020-07-26 at 6.17.58 PM.png
    365.2 KB · Views: 248
Last edited:
I think your are right that with hardware acceleration they are skipping layer 3 and working at layer 2 which is why none of the layer 3 stuff like QoS, etc. works which is layer 3.

And IPv6 changes things here as it's in the middle...
 
@thiggins - obviously code doesn't work at the moment with the new zenforo templates...

Code:
10 print "It sure does"
20 goto 10
 
Flow cache seems to handle both L2 and L3 (I initially thought it was only L3), and also handles IPv6.

Code:
admin@stargate88ax:/tmp/home/root# fc status
    Flow Timer Interval = 10000 millisecs
    Pkt-HW Activate Deferral rate = 1
    Pkt-HW Idle Deactivate = 0
    Pkt-SW Activate Deferral count = 0
    Acceleration Mode: <L2 & L3>
    MCast Learning <Disabled>
    MCast Acceleration IPv4<Enabled> IPv6<Enabled>
    IPv6 Learning <Enabled>
    GRE Learning <Enabled> Mode<Tunnel>
    TCP Ack Prioritization <Enabled> 
    HW Acceleration <Disabled> 
    Flow Learning Enabled : Max<16384>, Active<135>, Cummulative [ 4759 - 4624 ]
 
Similar threads
Thread starter Title Forum Replies Date
T Hardware hacking TP-Link Archer AX53 - Login General Wi-Fi Discussion 6

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top