Does a Double NAT setup Impact PING or Speeds?

[CaptainSTX]

Based on the tests I ran using two N66 routers the answer is no.

The data and the statisical analysis are attached.

 

[ApexRon]

In your test case, using the same hardware with different OS, the results are no surprise. Increases in speed using double NAT could be accounted for by using different OS and their differences in handling data.

 

[CaptainSTX]

In your test case, using the same hardware with different OS, the results are no surprise. Increases in speed using double NAT could be accounted for by using different OS and their differences in handling data.

The first router had Merlin firmware. The first test was running single NATed using this router. The second router was then double NATed behind the router using Merlin and was using using Tomato.

Why do you say the results weren't surprising? Do you have any data to back up position that using different firmware on the two routers in this test favorably impacted the results?

FIRST TEST

WWW----N66 Merlin --- PC

SECOND TEST

WWW----N66 Merlin -----N66 Tomato ----PC

 

[ApexRon]

The first router had Merlin firmware. The first test was running single NATed using this router. The second router was then double NATed behind the router using Merlin and was using using Tomato.

Why do you say the results weren't surprising? Do you have any data to back up position that using different firmware on the two routers in this test favorably impacted the results?

FIRST TEST

WWW----N66 Merlin --- PC

SECOND TEST

WWW----N66 Merlin -----N66 Tomato ----PC

With the second router test you will get a millisecond or so increase in ping time due to the additional propagation delay injected by the router and the connection. A better test would have been apples to apples, meaning the use of the same firmware in each router. Then you can run subsequent tests:
WWW----N66 Merlin -----N66 Tomato ----PC
and
WWW----N66 Tomato -----N66 Merlin ----PC
Assuming your PC supports it, you could also use the ping -r option to compare.

Another test would be to compare double NAT with only using NAT on the WWW connection router and another 192 network at the PC end.

I ran a double NAT network for years using an AT&T Pace 5268ac Gateway Internet Wireless Modem Router and an Apple AirPort Extreme with no appreciable difference in ping or speed no matter which WiFi I used. So unless there is something really wrong with a manufacturer's implementation of NAT, double NAT should make an unmeasurable difference.

 

[CaptainSTX]

In one nano second an electron will travel approximately 7". There are one million nano seconds in a millisecond so in a millisecond an electron can travel 583,333 feet.

I don't believe that a 18" jumper and a second router is going to add more than a few nano seconds to your latency using recent routers with gig ports and WAN speeds of less than 400 Mbps.

If you overload both the routers on the WAN and LAN you will increase latency but the purpose of my test was show that double NATing alone doesn't increase latency by an amount you can quantify without very specialized measuring devices.

Switching the order of the devices probably wouldn't make much of a difference as the hardware is the same. Both Merlin and Tomato are good firmware and LAN - WAN routing has been optimized at the hardware level by ASUS.

Sent from my 9024W using Tapatalk

 

[ApexRon]

In one nano second an electron will travel approximately 7". There are one million nano seconds in a millisecond so in a millisecond an electron can travel 583,333 feet.

I don't believe that a 18" jumper and a second router is going to add more than a few nano seconds to your latency using recent routers with gig ports and WAN speeds of less than 400 Mbps.

If you overload both the routers on the WAN and LAN you will increase latency but the purpose of my test was show that double NATing alone doesn't increase latency by an amount you can quantify without very specialized measuring devices.

Switching the order of the devices probably wouldn't make much of a difference as the hardware is the same. Both Merlin and Tomato are good firmware and LAN - WAN routing has been optimized at the hardware level by ASUS.

Sent from my 9024W using Tapatalk

I concur regarding negligent latency.

I am not saying that there are issues with the two firmware. I just felt that since different firmware was used for each router it would have been nice to see if the test results between A to B and B to A varied.

You definitely achieved proving that there was negligible difference between single and double NAT using the same hardware with different firmware.

 

[CaptainSTX]

I concur regarding negligent latency.

I am not saying that there are issues with the two firmware. I just felt that since different firmware was used for each router it would have been nice to see if the test results between A to B and B to A varied.

You definitely achieved proving that there was negligible difference between single and double NAT using the same hardware with different firmware.

Next time I have my retired N 66s on the bench I will test A - B then B - A. If there are differences I'm not sure it will prove that Merlin is faster than Tomato or the other way around. It could be just a case of one of the five year old N66s being more worn out than the other one.

I'm not going to flash them both with the same firmware as I keep the N66s ready as configured spares in case one or both of my production routers go down. With the lightning storms we have have been having here recently this is not an unlikely occurence based on my neighbors' misfortune.

 

[ApexRon]

Next time I have my retired N 66s on the bench I will test A - B then B - A. If there are differences I'm not sure it will prove that Merlin is faster than Tomato or the other way around. It could be just a case of one of the five year old N66s being more worn out than the other one.

I'm not going to flash them both with the same firmware as I keep the N66s ready as configured spares in case one or both of my production routers go down. With the lightning storms we have have been having here recently this is not an unlikely occurence based on my neighbors' misfortune.

No worries. My background, in part, was to do product testing prior to announcement as well as serviceability reviews. So my comments were a reflection of prior work experience.

Remember, when there's lighting you cannot use your irons. Woods only.

 

[CaptainSTX]

No worries. My background, in part, was to do product testing prior to announcement as well as serviceability reviews. So my comments were a reflection of prior work experience.

Remember, when there's lighting you cannot use your irons. Woods only.

I did the tests so as to have some hard results to present to people who repeat what they have heard, that you should not double NAT because it slows your connection down and increases latency.

Double NATing is a viable networking option but like all solutions to networking problems there are pros and cons to double NATing but speed isn't and shouldn't be the deciding factor on whether you double NAT or not.

 

[coxhaus]

One last question is what if NAT is offloaded using something like QoS and more than one client? Is double NAT still that not noticeable?

 

[ApexRon]

One last question is what if NAT is offloaded using something like QoS and more than one client? Is double NAT still that not noticeable?

I believe NAT can be equated to table lookup in terms of speed. With today's routers having fast CPUs and sufficient memory, speed and size, a non-issue. QoS performance implications is dependent on which type of QoS as well as how a manufacturer has implemented. I look at QoS as a science of network design but not so much with ASUS products.

The best analogy for QoS is to look upon it as a rail yard. Many tracks coming into many more sidings but there is only one train track leaving. So the goal is to get high priority trains out as quickly as possible without ignoring the less important trains. Additionally, you can't assemble a train of lesser importance with too many cars as it could prevent a high priority train from leaving in a timely manner. In the real world of QoS, a train of lower priority will be discarded if it can't be put on the outbound track in a timely fashion and a request will go to originator to send again.

 

[CaptainSTX]

I believe NAT can be equated to table lookup in terms of speed. With today's routers having fast CPUs and sufficient memory, speed and size, a non-issue. QoS performance implications is dependent on which type of QoS as well as how a manufacturer has implemented. I look at QoS as a science of network design but not so much with ASUS products.

The CPU certainly has an impact, but I don't know if it even has to be that fast. When I ran my test I was using two N66 with just 600 Mhz processors. After a certain level or processor speed having gigabit ports probably helps as much as a faster processor. If I ran the same tests using two Linksys 54G with a 200 Mhz CPU but 100 Mbps ports I probably would see some impact.

 

[ApexRon]

Again, NAT is table lookup, not a big deal. My first encounter with NAT was with a Cisco 2501 in the 90’s with blinding line speeds of 2400bps. You could actually measure the the additional CPU utilization.

Double NAT should have a negligible impact on propagation delay so minute it’s not worth discussing. However, there are some applications that just won’t work properly.

 

[coxhaus]

I remember Cisco 25xx routers. We used 30 or so for our 56K lines in the old days when you could run a whole campus off 56K and a Novell server.

I guess CPUs are so fast now days that NAT has no impact.

 

[ApexRon]

I remember Cisco 25xx routers. We used 30 or so for our 56K lines in the old days when you could run a whole campus off 56K and a Novell server.

I guess CPUs are so fast now days that NAT has no impact.

Haven’t thought about Novell in years.

 

[umarmung]

"double NAT" or "cascaded NAT" doubles at minimum two resources: connection tracking and stateful firewall.

• NAT is stateful. So, introduced another point of failure
• stateful also means increased load on another device
• complicates many applications that require holes are poked in firewalls, some in peculiar or propietary ways, e.g. FTP, SIP/VoIP, console gaming, VPN, dual WAN, etc.
• breaks discovery and firewall protocols like UPnP
• complicates diagnostics and monitoring, e.g. trying to find what is spamming or infecting a network
• affects connection scaling, which is unhelpful when these days even common applications scale up the number of connections they use, e.g. AJAX-based web applications like Google Maps or P2P applications
• can create unusual failure conditions due to the different behavior of two separate connection tracking tables and their parameters, e.g. the maximum sizes of connection tables, or different connection timeouts, or different behavior per application session or source. These become much harder to diagnose
• same as above but with the different stateful firewalls.

For many non-technical consumers, their first taste of double NAT is as mundane as ending up with two routers, they connect them in series and no Internet works because the two devices invariably share the same IP subnet addresses ...

So, even if you got it "working" and could measure the performance impact just by doing basic tests, that's the least of your potential problems.

Double NAT is one of those practices that works until it doesn't. Then you'll inevitably spend time diagnosing and fixing it, and consequently wonder why you ever had it in the first place.

 

[ApexRon]

"double NAT" or "cascaded NAT" doubles at minimum two resources: connection tracking and stateful firewall.

• NAT is stateful. So, introduced another point of failure
• stateful also means increased load on another device
• complicates many applications that require holes are poked in firewalls, some in peculiar or propietary ways, e.g. FTP, SIP/VoIP, console gaming, VPN, dual WAN, etc.
• breaks discovery and firewall protocols like UPnP
• complicates diagnostics and monitoring, e.g. trying to find what is spamming or infecting a network
• affects connection scaling, which is unhelpful when these days even common applications scale up the number of connections they use, e.g. AJAX-based web applications like Google Maps or P2P applications
• can create unusual failure conditions due to the different behavior of two separate connection tracking tables and their parameters, e.g. the maximum sizes of connection tables, or different connection timeouts, or different behavior per application session or source. These become much harder to diagnose
• same as above but with the different stateful firewalls.

For many non-technical consumers, their first taste of double NAT is as mundane as ending up with two routers, they connect them in series and no Internet works because the two devices invariably share the same IP subnet addresses ...

So, even if you got it "working" and could measure the performance impact just by doing basic tests, that's the least of your potential problems.

Double NAT is one of those practices that works until it doesn't. Then you'll inevitably spend time diagnosing and fixing it, and consequently wonder why you ever had it in the first place.

While you raise valid points the original query was “Does a Double NAT setup Impact PING or Speeds?”. I had a double NAT network, using routers from different manufacturers, for five years and never had an issue. Granted my network is not sophisticated except for Apple protocols which the AT&T provided router didn’t tolerate on WiFi so I double NAT. I agree that consumers tend to believe product advertising about how easy installation is and then get over their head by trying to mix products in a network without understanding interoperability and more.

 

[sfx2000]

For all practical purposes - NAT has little to no impact on performance...

There are usability issues with NAT/Double NAT, mostly for consoles and VOIP applications...