Wireguard benchmark test on RT-BE96U

[RMerlin]

I took advantage of an Holidays discount to subscribe to a ProtonVPN account, to do better Wireguard testing than with my single core VPS. The results are interesting - better than I was expecting I'd say on my RT-BE96U:



I have a 1 Gbps symetric fiber connection.

 

[Tech9]

better than I was expecting

Isn't it as expected? This router has quad 2.6GHz B53 CPU. B for Broadcom version of this ARMv8 core. I've got around 470Mbps on my quad 1.5GHz A53 CPU gateway (A in Qualcomm version). I believe with further optimizations this faster CPU router can go higher.

 

[RMerlin]

Isn't it as expected? This router has quad 2.6GHz B53 CPU. B for Broadcom version of this ARMv8 core. I've got around 470Mbps on my quad 1.5GHz A53 CPU gateway (A in Qualcomm version). I believe with further optimizations this faster CPU router can go higher.

I was expecting closer to 500-550 Mbps considering the lack of NAT acceleration on top of the CPU usage from the cipher.

 

[Tech9]

lack of NAT acceleration

I expect this to change at some point on a hardware level. MediaTek Filogic 830 with quad ARMv8 2.0Ghz claims up to 900Mbps on WireGuard. I see online some folks got >700Mbps on this platform. Qualcomm IPQ5322 with quad ARMv8 1.5GHz does FQ-CoDel QoS at >800Mbps perhaps with the help of some hardware flow control. Software NAT acceleration is perhaps going away.

 

[RMerlin]

I expect this to change at some point on a hardware level. MediaTek Filogic 830 with quad ARMv8 2.0Ghz claims up to 900Mbps on WireGuard. I see online some folks got >700Mbps on this platform. Qualcomm IPQ5322 with quad ARMv8 1.5GHz does FQ-CoDel QoS at >800Mbps perhaps with the help of some hardware flow control. Software NAT acceleration is perhaps going away.

I don't see NAT acceleration going away as Internet connection speed is outgrowing the pace of home router SoC development. We have some countries that are now offering 10 Gbps home connections. Even Bell started to hint at 8 Gbps (until they started sulking because the CRTC wouldn't let them screw everyone over). However NAT acceleration and flow caching can be made more intelligent and capable of dealing with various protocols. I suspect that Broadcom' flow cache is probably just lagging behind Qualcomm and Mediatek in that area.

 

[Tech9]

Interesting how Bell made this work with PPPoE. Perhaps their Hub has some multi-threaded processing trick. Do you know what speed is expected if someone wants to bypass the Bell gateway and use their Asus BCM4916 router instead? This is good to know.

 

[ExtremeFiretop]

Even Bell started to hint at 8 Gbps (until they started sulking because the CRTC wouldn't let them screw everyone over).

Bell actually offered it in my area for some time, now they only offer a max of 3Gbps since the whole CRTC situation.

Do you know what speed is expected if someone wants to bypass the Bell gateway and use their Asus BCM4916 router instead? This is good to know.

I don't use the Bell Gigahub it's been completely bypassed using my own SFP module.
From there I only use the ASUS GT-BE98 Pro and a 2.5Gbps cheap Unmanaged switch (Model YS25-0402): https://www.amazon.ca/YuanLey-Port-PoE-IEEE802-3af-2500Mbps/dp/B0C64QJXW1?tag=smallncom-20
Speeds reach full ISP speed at the router:

The link speed to my WiFi 7 desktop is high as well:

Speedtest at my desktop (Although theres 2 plex streams happening at the same time)

 

[Tech9]

Seems like it works pretty well. I remember PPPoE was single threaded and NAT acceleration incompatible.

 

[ExtremeFiretop]

Seems like it works pretty well. I remember PPPoE was single threaded and NAT acceleration incompatible.

Works great, the only complication these days is getting the SFP module which can spoof the existing serial, mac, etc of the Bell Gigahub since the SFP module is no longer removable since the HomeHub 3000 IIRC

Once you get that done it's mostly plug and play and the service has been great, obviously if I wanted to go their 8Gbps plan I'd need to upgrade the switch, but I saw no practical need, and next thing you knew it wasn't being offered anymore.

 

[Tech9]

Our whole Internet situation in Canada is... single threaded with high cash flow prioritization.

 

[ExtremeFiretop]

Our whole Internet situation in Canada is... single threaded with high cash flow prioritization.

That's a concise way to put it. feels like a monopoly-driven setup where competition takes a backseat to profit margins. It’s frustrating when the focus is more on revenue than on improving accessibility and infrastructure.

An example of this is my parents, they live no more than... 35-40 minutes drive further out than me. But they would be thankful to get a solid 100mbps for the same price.

 

[Tech9]

Don’t we have “QoS” applied to everything? Energy, fuel, food… all devices connected to the same 3 switches available with interconnected uplinks.

 

[RMerlin]

Interesting how Bell made this work with PPPoE. Perhaps their Hub has some multi-threaded processing trick. Do you know what speed is expected if someone wants to bypass the Bell gateway and use their Asus BCM4916 router instead? This is good to know.

I don't know, but my router barely shows any CPU usage when pushing it to 1 Gbps - Flowcache works with PPPoE. It's probably NAT acceleration that helps the Gigahub handle that speed.

 

[RMerlin]

Here's the CPU usage while pushing a speedtest at 1 Gbps.

 

[sfx2000]

I took advantage of an Holidays discount to subscribe to a ProtonVPN account, to do better Wireguard testing than with my single core VPS. The results are interesting - better than I was expecting I'd say on my RT-BE96U:



I have a 1 Gbps symetric fiber connection.

I would expect better, I think the upload speed is limited by the provider...

The GLInet MT6000, just as a benchmark/reference - is a quad-core A53 @ 2 GHz - but the Filogic also has fast DDR, and internal accelerators - but with WG, it doesn't matter that much...

The current crop of Router/AP SoC's are pretty impressive - some of this is core performance, but it's also the internal switching fabric inside the chip...

Qualcomm IPQ's and Broadcom SoC's of this gen are pretty close - MediaTek just seems to be more accessible these days for the Filogic side - not just for SoC internals, but also wireless drivers...

I think with MediaTek these days - OpenWRT snapshot builds can hit this level of performance with FOSS drivers...

 

[sfx2000]

I don't know, but my router barely shows any CPU usage when pushing it to 1 Gbps - Flowcache works with PPPoE. It's probably NAT acceleration that helps the Gigahub handle that speed.

I think everyone is leaning on HW accelerators these days...

Can do gigabit NAT on Filogic with zero CPU load with HFO on 4 cores...

SQM-QoS over SW - the HW bypasses this - and there has been discussion around irqbalancing and receive packet steering - I'm on the fence at the moment, but generally I'm for not messing with things as upstream has optimized the heck out of things...

 

[kuchkovsky]

Here's the result on the RT-BE88U when connecting to my single-core high-frequency VPS via WireGuard. It’s using less than half of my ISP’s 2.5G bandwidth, but it’s still pretty impressive

 

[RMerlin]

I would expect better, I think the upload speed is limited by the provider...

Here's another test done from the router itself. I had to double check with "wg show wgc2" during the test to confirm that this traffic was really going through the VPN and not directly to my ISP. The traffic count was indeed going up throughout the test.

(ignore the mangled text strings, that's because I'm mounting a development version of the web page rather than the processed one from the firmware).

 

[Tech9]

This is more like expected performance.

 

[RMerlin]

My theory is that the tunnel endpoint is handled by flow cache, the Broadcom bypass code only affects the flows within the tunnel, that'd be why the tunnel is still able to reach almost the full link rate (my ISP can hit ~1080 Mbps natively).