[Maylyn's Review] ASUS RT-AC87U

[pengful]

Is it common to experience a drop in wired connection speed when you turn on QoS? Without QoS, I can get about 800 Mbps download but with QoS turned on, I get about 500+ Mbps.

 

[maylyn]

Is it common to experience a drop in wired connection speed when you turn on QoS? Without QoS, I can get about 800 Mbps download but with QoS turned on, I get about 500+ Mbps.

Yes, it's a known fact.

Enabling QoS will disabled CTF (Cut Through Forwarding) aka NAT acceleration.

Our local SG 500Mbps/1Gbps Fiber environment doesn't need to utilise QoS.

Since this is a frequently discussed topic, I thought I'd put what I know about this in a new thread.

CTF is Broadcom's closed-source, proprietary "secret sauce" that allows routers based on their hardware to achieve near gigabit performance. It does so through various methods which are not publicly known (even manufacturers don't get access to the ctf.ko source code AFAIK). One of it involves bypassing parts of Linux's Netfilter (the FORWARD chain is the most known one).

So as you can already see, "hardware acceleration" isn't an entirely accurate name. At least one portion of that acceleration is really a software trick (bypassing part of Linux's stack).

Due to these bypass, it prevents various firmware-level features from working. Anything that relies on the FORWARD chain for instance. The solution used by router manufacturers usually work on two different levels:

1) Some manufacturers like Asus and Netgear (if I remember correctly) will allow port-forwarding to work by modifying the Linux kernel so that any packet that gets marked will be flagged to bypass the CTF code. At the iptables level, any port-forwarded packet gets marked with a value. This way, you can have HW acceleration enabled and still use port forwards. The obvious consequence of this is that any traffic going through a port forward will not be "hardware-accelerated". So if you were to push a lot of traffic over a forwarded port, that traffic would probably not be able to reach near gigabit performance.

(caveat: I never actually tested this. I assume that CTF bypass is applied to every single packets that gets marked, not just on part of it)

2) When certain incompatible features are enabled, then the router is rebooted with CTF disabled. In this mode, the processing is then entirely done by Linux. It allows you to do anything you'd want (as a firmware developer), but performance is seriously impacted. A typical 600 MHz MIPS device (such as the RT-N66U) will reach a WAN to LAN limit of around 150-200 Mbps (less if you start heavily processing traffic through QoS, parental control, custom firewall rules, etc...). Unfortunately, it's not always clear to the end user when HW acceleration is automatically disabled by such a thing. If your router has telnet access, you could see if the ctf.ko kernel module is loaded or not, using the "lsmod" command.

CTF is what explains why most third party firmwares (such as DD-WRT) tend to have lower throughput than manufacturer stock firmwares. For people with average (North American levels there) WAN rates of 10-100 Mbps, this is not an issue. Any additional feature will come at no real cost on maximum throughput. But for our more fortunate oversea friends who get 100-1000 Mbits link speeds, CTF is virtually essential.

Due to the nature of its closed-sourceness, and also the fact that many advanced features do not work with CTF enabled, this is why most third party firmwares such as DD-WRT or OpenWRT don't support CTF.


Now, another recent topic: the different levels of hardware acceleration. Recent Broadcom chips support a new technology they call "Flow Acceleration", or "FA" for short. Broadcom's demonstration can be seen in this video:

https://www.youtube.com/watch?v=vwRmQkkZ71E

In home routers that have hardware supporting this, it gets handled by the same ctf.ko module, in addition to support being implemented at the Ethernet driver level. Unfortunately I don't know which specific Broadcom chips support this, or which specific routers support it. I know that neither the RT-AC56U or RT-AC68U (as of this date) support this at the hardware level. No idea about Netgear or Linksys's recent products.

In Asus's particular case (since it's the one I'm most familiar with - someone else could fill us up on the other manufacturers), they are handling this as a "Hardware acceleration level". Level 1 is just traditional CTF. Level 2 is traditional CTF + FA. One coming product that does support both levels will have to downgrade from Level 2 to Level 1 when one of the new features they are adding will be enabled.

One thing I do not know however is what kind of performance impact FA has on a router. Traditional CTF was already able to push things fairly close to gigabit speed with a minimal CPU impact.


(disclaimer: most of this is based on my own experience over the years. Due to the blackbox nature of CTF, I might not be 100% correct on all of this, so if anyone has any additional detail or corrections, feel free to share)

 

[AnTiLooP]

I notice that many times after an update of firmware the router will dc every few minutes. Checking logs it states failure to get dhcp....

I have to reboot the opennet fiber box to resolve it. Any idea why this is happening ?

update: I'm also getting these errors.. Dual WAN has been disabled.

May 15 17:53:17 miniupnpd[853]: Failed to get IP for interface vlan2
May 15 17:53:17 miniupnpd[853]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping

Sent from Samsung SM-G935F using GAGT

 

[hawthorne]

I notice that many times after an update of firmware the router will dc every few minutes. Checking logs it states failure to get dhcp....

I have to reboot the opennet fiber box to resolve it. Any idea why this is happening ?

update: I'm also getting these errors.. Dual WAN has been disabled.

May 15 17:53:17 miniupnpd[853]: Failed to get IP for interface vlan2
May 15 17:53:17 miniupnpd[853]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping

Sent from Samsung SM-G935F using GAGT

Probably due to the ONT and not the router. I remembered I already have this issue when I using a non asus router

 

[AnTiLooP]

Vlan2 failed to get IP...

anyone knows despite running DUALWAN = Off why the AC87u still attempts to get an IP lease from Vlan2 which I assume is the WAN port2?

 

[VANT]

Yes, it's a known fact.

Enabling QoS will disabled CTF (Cut Through Forwarding) aka NAT acceleration.

Our local SG 500Mbps/1Gbps Fiber environment doesn't need to utilise QoS.

AdaptiveQOS not disable CTF

 

[hugosantos]

Asus Dm with QOS

Is there any way the Asus Download master application to be controlled by the QOS?

 

[Darshu]

RT-AC87U + RP-AC68U = Poor download speed.

Hi Guys,

Two days ago i purchased RT-AC87U router and RP-AC68U (repeater with 5 gigabit ports) but having some weird performance issue.
Currently having Singtel Unlimited 1GB Fiber plan, wired speedtest performance of 750+Mbps DL, 800+Mbps UL.
I wanted to connect afew non AC devices (ie desktop and NAS) via the RP-AC68U repeater and replace my old router with RT-AC87U.
When i do a internet speed test, im having "low" (not what to expect actually) or half the speed compared to upload speed.

Test using:
i. Using Singtel speedtest [speedtest.singnet.com.sg]
ii. Transfer 1GB of file Comp A (cable wired to RT-AC87U router) to Comp B (cable wired to RP-AC68U) using wireless 5Ghz. All cables are CAT 5e and above.

Here is the result i got:

Scenario 1: Placing Router and Repeater at distance of 15 meters apart.
i. Download speed 180~220Mbps, Upload speed 380~440Mbps.
ii. Down speed up to 35Mbytes/s , Up speed 55MBytes/s
(Note: Link rate as show in RP-AC68U for 5Ghz is 872~1053Mbps)


Scenario 2: Placing Router and Repeater next to each another.
i. Download speed 220~240Mbps, Upload speed 483~540Mbps.
ii. Down speed up to 60Mbytes/s, Up speed 65Mbytes/s
(Note: Link rate as show in RP-AC68U for 5Ghz is 1037~1103Mbps)



The result in scenario 2 is weird cause at side by side, the download speed is still at half of upload.
Where else the file transfer seems to be doing fine and consistance.

Tried using latest Merlin and Asus firmware with similar results. Qos is disabled.

I'm more focused on the 5Ghz transfer speed as im using "Express Way 5Ghz" setup in RP-AC68U repeater.

5Ghz settings in RT-AC87U router as follows:
Wireless Mode: Auto
Channel bandwidth: 80Mhz
Control Channel: 157
Extension Channel: Auto
Protected Management Frames: Disabled
Roaming Assistant: Disabled
Enable IGMP snooping: Disabled
DTIM Interval: 3
Beacon Interval: 100
820.11ac beamforming: Enabled
Universal Beamforming: Enabled
Tx power adjustment: Performance

I've tried using inSSIDer to see if there is other 5Ghz interfering with my signal but seems like im the one
device around.
I'm not sure if this kind of performance we are suppose to get from an AC device but it does look depressing.
Anyone with the similar situation before can help?
Thanks

 

[xonix]

ISP to Router = DL/UL ?


Tested this at my office:

Repeater mode,
88U 5ghz connect to RP-AC68
RP-AC68 connected to laptop gigabit port

 

[Darshu]

RT-AC87U + RP-AC68U = Poor download speed. [YOUTUBE VIDEO]

I made a video to show weak performance
link: youtu.be/wd8rqI-l1lw

Hi Guys,

Two days ago i purchased RT-AC87U router and RP-AC68U (repeater with 5 gigabit ports) but having some weird performance issue.
Currently having Singtel Unlimited 1GB Fiber plan, wired speedtest performance of 750+Mbps DL, 800+Mbps UL.
I wanted to connect afew non AC devices (ie desktop and NAS) via the RP-AC68U repeater and replace my old router with RT-AC87U.
When i do a internet speed test, im having "low" (not what to expect actually) or half the speed compared to upload speed.

Test using:
i. Using Singtel speedtest [speedtest.singnet.com.sg]
ii. Transfer 1GB of file Comp A (cable wired to RT-AC87U router) to Comp B (cable wired to RP-AC68U) using wireless 5Ghz. All cables are CAT 5e and above.

Here is the result i got:

Scenario 1: Placing Router and Repeater at distance of 15 meters apart.
i. Download speed 180~220Mbps, Upload speed 380~440Mbps.
ii. Down speed up to 35Mbytes/s , Up speed 55MBytes/s
(Note: Link rate as show in RP-AC68U for 5Ghz is 872~1053Mbps)


Scenario 2: Placing Router and Repeater next to each another.
i. Download speed 220~240Mbps, Upload speed 483~540Mbps.
ii. Down speed up to 60Mbytes/s, Up speed 65Mbytes/s
(Note: Link rate as show in RP-AC68U for 5Ghz is 1037~1103Mbps)



The result in scenario 2 is weird cause at side by side, the download speed is still at half of upload.
Where else the file transfer seems to be doing fine and consistance.

Tried using latest Merlin and Asus firmware with similar results. Qos is disabled.

I'm more focused on the 5Ghz transfer speed as im using "Express Way 5Ghz" setup in RP-AC68U repeater.

5Ghz settings in RT-AC87U router as follows:
Wireless Mode: Auto
Channel bandwidth: 80Mhz
Control Channel: 157
Extension Channel: Auto
Protected Management Frames: Disabled
Roaming Assistant: Disabled
Enable IGMP snooping: Disabled
DTIM Interval: 3
Beacon Interval: 100
820.11ac beamforming: Enabled
Universal Beamforming: Enabled
Tx power adjustment: Performance

I've tried using inSSIDer to see if there is other 5Ghz interfering with my signal but seems like im the one
device around.
I'm not sure if this kind of performance we are suppose to get from an AC device but it does look depressing.
Anyone with the similar situation before can help?
Thanks

 

[Darshu]

ISP to Router = DL/UL ?

Tested this at my office:

Repeater mode,
88U 5ghz connect to RP-AC68
RP-AC68 connected to laptop gigabit port

From my room with RP-AC68U to the router at the living room. Less than 15 meters away.
212.69Mbps down, 489.77Mpbs up.
(cant post pictures yet, here is the link to the image)
speedtest.net/result/5337313411.png

 

[xonix]

From my room with RP-AC68U to the router at the living room. Less than 15 meters away.
212.69Mbps down, 489.77Mpbs up.
(cant post pictures yet, here is the link to the image)
speedtest.net/result/5337313411.png

ISP to Router = DL/UL ?
Router to other 5ghz device = DL/UL ?

 

[pengful]

AdaptiveQOS not disable CTF

Not true in reality. I turn on both adaptive and traditional and both show downgrade in speed. So, I decided to leave QoS off.

 

[Darshu]

ISP to Router = DL/UL ?
Router to other 5ghz device = DL/UL ?

Other devices will be my android phone and MacBook. I don't have other devices that are AC to test it out (which is the reason to purchase RP-AC68U). The max these device can go is ard 160Mbps DL/UP.

Also mention above for ISP to router:
"Currently having Singtel Unlimited 1GB Fiber plan, wired speedtest performance of 750+Mbps DL, 800+Mbps UL."

 

[DesertStrike]

Guys, is asus ddns down?

 

[Rashkae]

I made a video to show weak performance
link: youtu.be/wd8rqI-l1lw

I have the exact same problem with my 68U now. I'm on VQ.

 

[Darshu]

I have the exact same problem with my 68U now. I'm on VQ.

I've email Asus a afew days ago and they replied me. Was told to use their beta firmware and give more information about it. I will try to flash the firmware and will post any positive result if any.
You should contact them too to let them know that a lot of ppl are having this issue.

 

[AnTiLooP]

- turn off qos (impt)
- turn off spanning tree protocol under switch control. This is needed to achieve the next point
- enable CTF and FA under switch control (impt)
- do you need to run the Rp-ac68u in repeater mode ? If you don't need to don't.
- connect the rp-ac68u to ac87u as media bridge. Do this using the 5ghz band
- Make sure you are using cat5e or higher utp cables.

Qos prevents FA/ctf nat acceleration and the RP if set to repeater mode cuts bandwidth of what you have on the same ssid / band into half. If you don't need a roaming ssid no need repeater mode. Use bridge mode cause achieve the same thing, using the full bandwidth of the 5ghz bridge channel but at the lost of wireless roaming on the bridge. Your devices just connect them to the 2.4ghz band on ac87u.

I'm on starhub and can hit 850/850 on devices connected to my wireless bridge. All running cat6

 

[Darshu]

- turn off qos (impt)
- turn off spanning tree protocol under switch control. This is needed to achieve the next point
- enable CTF and FA under switch control (impt)
- do you need to run the Rp-ac68u in repeater mode ? If you don't need to don't.
- connect the rp-ac68u to ac87u as media bridge. Do this using the 5ghz band
- Make sure you are using cat5e or higher utp cables.

Qos prevents FA/ctf nat acceleration and the RP if set to repeater mode cuts bandwidth of what you have on the same ssid / band into half. If you don't need a roaming ssid no need repeater mode. Use bridge mode cause achieve the same thing, using the full bandwidth of the 5ghz bridge channel but at the lost of wireless roaming on the bridge. Your devices just connect them to the 2.4ghz band on ac87u.

I'm on starhub and can hit 850/850 on devices connected to my wireless bridge. All running cat6

Thanks for the advice. But it can't seems to help. When I setup as media bridge, it seems to prefer 2.4Ghz and therefore my speed is really slow (need to enter wrong password to make it "off"), which is why I set it up as Expressway 5Ghz. Either way the download speed is still the same.

 

[wolf888]

I did a 380.59 Merlin firmware update. After the update, the AC87 tend to reboot itself. Previously running 380.57 do not have this problem. 1st time encountering it. Refresh to back 380.57 Did not solve the rebooting problem. Any ideas to solve it?

Below is the system log.

May 23 19:32:26 rc_service: ntp 921:notify_rc restart_upnp
May 23 19:32:27 kernel: * Make sure sizeof(struct sw_struct)=160 is consistent
May 23 19:32:27 rc_service: ntp 921:notify_rc restart_diskmon
May 23 19:32:27 disk_monitor: Finish
May 23 19:32:27 kernel: sizeof forward param = 160
May 23 19:32:29 disk monitor: be idle
May 23 19:32:31 rc_service: udhcpc 788:notify_rc start_firewall
May 23 19:32:31 dhcp client: bound 116.15.16.210 via 116.15.23.254 during 7200 seconds.
May 23 19:32:32 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
May 23 19:32:48 qtn: bootcfg.tgz exists
May 23 19:32:48 hour monitor: daemon is starting
May 23 19:32:53 crond[667]: time disparity of 426932 minutes detected
May 23 19:33:00 dfs: start dfs scan
May 23 19:33:00 nodfs_scan: complete
May 23 19:33:00 scs: enable scs complete
May 23 19:37:32 rc_service: httpd 665:notify_rc restart_wireless
May 23 19:37:36 kernel: wl_module_init: passivemode set to 0x0
May 23 19:37:36 kernel: wl_module_init: igs set to 0x0
May 23 19:37:36 kernel: wl_module_init: txworkq set to 0x1
May 23 19:37:36 kernel: eth1: Broadcom BCM4360 802.11 Wireless Controller 6.37.14.105 (r485445)