What's new

Subnetting w/AXE16000 and MoCA

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zim

Regular Contributor
I recently read about how subnetting can reduce broadcast traffic in busy networks and improve performance, which is particularly of interest since I have nearly 200 devices. I've noticed that my IoT devices can be slow to respond, possibly due to high latency.

Not knowing much about subnetting, I spent several hours learning and started tinkering with my setup. Below is a diagram of what I’m trying to achieve, including details on IPs and subnets. I also followed this link to set up Static Routes on the main router so that computers can access the file server.

Hardware:​

  • All Asus AXE16000 routers (running Merlin firmware 3004.388.8_2) connected to the main router via MoCA adapters.

Objective:​

  • Create separate subnets for load balancing and to reduce broadcast traffic, thus improving network performance.
  • Ensure all subnets can access (read/write to) the file server connected to the main router.

Achievements:​

  • Successfully created subnets.
  • Subnet routers are configured as routers, and devices connected to them (both Ethernet and WiFi) can access the internet.
  • Devices connected to subnet routers can ping each other and access each other’s configuration pages.

Problems:​

  1. Devices connected to the subnet routers cannot access files on the file server, although they can ping it and tracert works fine (less than 4 ms).
  2. Devices connected directly to the main router via MoCA adapters experience extremely slow connectivity (tracert shows over 3000ms response time). They can see the directory listing on the file server, but opening files takes a long time, and internet access is also very slow. This issue did not exist in AiMesh mode.

Questions:​

  1. Should the subnet routers have NAT and DHCP enabled?
  2. If I’m running AdGuard and Unbound on the main router, will all traffic be filtered through those? I want all traffic to benefit from AdGuard. Do I need to configure anything differently for this to work?
  3. Should static routes be set only on the main router or all routers?

Thank you for your help!

Network.png
 
I suggest you don't use 174.50.x.y addresses as they are public addresses owned by Comcast and not intended for private use. Use something from the reserved ranges: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses


Should the subnet routers have NAT and DHCP enabled?
DHCP - Yes. NAT, that depends on the use case.

If I’m running AdGuard and Unbound on the main router, will all traffic be filtered through those?
If the subnet routers are using their default DNS configuration.

Should static routes be set only on the main router or all routers?
Main only. Although strictly speaking if you don't disable NAT on the subnet routers and only want them to talk to the main network then you don't need any static routes at all.
 
Last edited:
  • Like
Reactions: Zim
Thanks for getting back @ColinTaylor

Use something from the reserved ranges:
Thanks. Changed the IP address to something private. Did a bit more reading up on this!

DHCP - Yes. NAT, that depends on the use case.
In what use case use should the NAT be turned on/off. Can you please give examples? I thought by having NAT enable on the subnet router, you are double natting, thus possibly impeding the traffic - however minor.
My use case is all the computers should be able to talk to the main router to access the file server, but not necessarily to one another.

If I’m running AdGuard and Unbound on the main router, will all traffic be filtered through those?
If the subnet routers are using their default DNS configuration.
When I set up the subnet router, it asked for DNS entries. I put in Google DNS just to get going (couldn't leave the field blank). If I have Unbound running should I add 127.0.0.1 as DNS.

Main only. Although strictly speaking if you don't disable NAT on the subnet routers and only want them to talk to the main network then you don't need any static routes at all.
Got it! NAT was on by default, but I think I would like to turn it off - want to squeeze out any bit of performance from the network.



BTW, the two problems I was having have been solved.
1. Devices connected to the subnet routers cannot access files on the file server, although they can ping it and tracert works fine (less than 4 ms).
The server cannot be accessed via namespace, it needs to be accessed via its IP address.

2. Devices connected directly to the main router via MoCA adapters experience extremely slow connectivity (tracert shows over 3000ms response time). They can see the directory listing on the file server, but opening files takes a long time, and internet access is also very slow. This issue did not exist in AiMesh mode.
Power cycling the MoCA adapter fixed the issue.



Thanks.
 
Last edited:
Thanks. Changed the IP address to something private. Did a bit more reading up on this!
Before we go any further what IP subnets are you now using? An updated picture would be helpful. Without knowing that it will make all the following explanations tediously long-winded.
 
WOW - it's a thoughtful hot mess...

MOCA makes things interesting... they're layer 2 devices, so they run under the IP layer - and while they have scheduled MAC's, they are also isocentric in the time domain - so more devices on the MOCA network, the more time slot contention there will be...

And MOCA has their own QoS scheme for traffic management at layer 2.

Subnetting is half of the solution - might want to consider VLAN's as well..

Subnet's for Zone's and VLAN's for Tasks.
 
I recently read about how subnetting can reduce broadcast traffic in busy networks and improve performance, which is particularly of interest since I have nearly 200 devices. I've noticed that my IoT devices can be slow to respond, possibly due to high latency.

It's likely due to congestion, not latency...
 
  • Like
Reactions: Zim
Before we go any further what IP subnets are you now using? An updated picture would be helpful. Without knowing that it will make all the following explanations tediously long-winded.
I'm going with the 10.99.xx.xx IP addresses and still using the subnet mask of 255.255.254.0.

Based on my understanding, this is a classless network - Class A IP address and Class B subnet.

Open to suggestions to improve this further.
 
Last edited:
WOW - it's a thoughtful hot mess...

MOCA makes things interesting... they're layer 2 devices, so they run under the IP layer - and while they have scheduled MAC's, they are also isocentric in the time domain - so more devices on the MOCA network, the more time slot contention there will be...

And MOCA has their own QoS scheme for traffic management at layer 2.

Subnetting is half of the solution - might want to consider VLAN's as well..

Subnet's for Zone's and VLAN's for Tasks.
hahah....I have the HW so figured might as well put it to good use. I'll learn something in the process.

At one point I had 10 MoCA devices, but doing more research into this, I think I'll be cutting it down to about 4 or 5 MoCA devices.

I seriously looked into VLAN, but with my limited knowledge it is not something I can do. The AXE16000 current firmware doesn't have VLAN in the GUI. The VLAN support is in beta stage (for over a year :rolleyes:) and no Merlin firmware is available for betas, which is a MUST have.


It's likely due to congestion, not latency...
In terms of network congestion, hoping the subnet method will improve things. Are there any other ways to improve the network with so many devices?
 
Are there any other ways to improve the network with so many devices?

Yes, but you already put big money on consumer routers. You could have business class high-density VLAN capable access points for less. 🤷‍♂️
 
Yes, but you already put big money on consumer routers. You could have business class high-density VLAN capable access points for less. 🤷‍♂️
I got a good deal on them, hence the bulk purchase. I was exploring enterprise class APs, but PoE and placement was a bit of an issue.

Maybe when WiFi 8 rolls around, I'll consider the enterprise grade equipment.
 
Since I'm going down this rabbit hole, how can I route traffic from a different subnet via VPN running on the router? Is it a different setup for OpenVPN and Wireguard?

For example, I have 5 computers in a different subnet, I want only one of the computer's traffic (10.99.80.38) to go through the VPN running on the router (10.99.20.1).

When everything is in one subnet, from VPN Director, it's quite straight forward to just select the device or IP.
 
Maybe when WiFi 8 rolls around, I'll consider the enterprise grade equipment.

How many of your 200 devices are IoT using up to Wi-Fi 4 on 2.4GHz band?
 
How many of your 200 devices are IoT using up to Wi-Fi 4 on 2.4GHz band?
- 60% are WiFi N devices (IoT + Cameras) on 2.4GHz
- 5% are WiFi G devices on 2.4GHz
- not sure how to handle these old devices (printers)​
a. have tried keeping them on the same 2.4GHz as the IoT devices​
b. have also tried setting up a separate WiFi G only network on a separate router for these devices​
- other than not using them, what is best - option A or option B?​
- 5% are WiFi N IoT devices on 5GHz-1
- 20% is everything else on 5GHz-2 and 6GHz
- 10% are wired devices
 
And from ~40 wireless devices on 5/6GHz how many are tablets/phones?
 
So you basically have 10 eventually high speed demanding wireless devices on your network. And you have ordered 6x GT-AXE16000 four-band routers for this??? Crazy, but made Asus happy at least.

What area you need to cover in m2 or sqft? Your network performance is perhaps suffering from too much Wi-Fi.
 
Last edited:
- 60% are WiFi N devices (IoT + Cameras) on 2.4GHz
- 5% are WiFi G devices on 2.4GHz
- not sure how to handle these old devices (printers)​
a. have tried keeping them on the same 2.4GHz as the IoT devices​
b. have also tried setting up a separate WiFi G only network on a separate router for these devices​
- other than not using them, what is best - option A or option B?​
- 5% are WiFi N IoT devices on 5GHz-1
- 20% is everything else on 5GHz-2 and 6GHz
- 10% are wired devices

In the 2.4Ghz, try and see if you can disable 11b legacy support - this is actually huge as the ups the basic rate for management frames to 6 mbit/sec vs 1 mbit/sec, and removes the ERP compat restrictions needed for 11b - This improves capacity and reduces latency. More importantly, this allows the radio to remain in OFDM modes without having to support the 11b DSSS modulations

For Wireless Encryption - WPA2 or WPA2/3 mixed if this doesn't cause interop issues with some of the older devices - 11g devices support WPA2, and for 11n, WPA2 (or better) is required - WPA2 or better allows for frame aggregation, reducing the number of management frames needed

Another thing - consider the load on the network on an SSID and Radio basis - 25 to 32 clients per radio is generally the max you can do before hitting protocol limits for 11g/n - some radios/AP's can support up to 50, but I think this depending on optimal loading for the radio, and that all clients are at the same/best MCS rates, which doesn't happen often in the real world.
 
In the 2.4Ghz, try and see if you can disable 11b legacy support - this is actually huge as the ups the basic rate for management frames to 6 mbit/sec vs 1 mbit/sec, and removes the ERP compat restrictions needed for 11b - This improves capacity and reduces latency. More importantly, this allows the radio to remain in OFDM modes without having to support the 11b DSSS modulations

For Wireless Encryption - WPA2 or WPA2/3 mixed if this doesn't cause interop issues with some of the older devices - 11g devices support WPA2, and for 11n, WPA2 (or better) is required - WPA2 or better allows for frame aggregation, reducing the number of management frames needed

Another thing - consider the load on the network on an SSID and Radio basis - 25 to 32 clients per radio is generally the max you can do before hitting protocol limits for 11g/n - some radios/AP's can support up to 50, but I think this depending on optimal loading for the radio, and that all clients are at the same/best MCS rates, which doesn't happen often in the real world.
Thanks @sfx2000

Yes, I have the 11b turned off. Prefer to keep encryption WPA2 not mixed on 2.4GHz (mixed doesn't play nice with some devices). Too many clients per radio along with too much WiFI overlap is likely the issue. I do have the power turned way down for the 2.4GHz and have some routers' 2.4GHz band turned off.

Overall, subnetting method seems to be working well so far. Learned a lot in the process!
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top