Hi,

I've tried HyperWRT and DD-WRT, "didn't want to try Svea$oft", and have speed tested two routers bridged via WDS and they are both the same speed at 1.5MBytes/sec when transfering a 2GByte file.

Could anyone please tell me what WDS speeds they get when bridging two routers as I am looking for the fastest WDS firmware and being a Linux Newbie I'm intrigued by OpenWRT

Cheers,

JamesX2.....

(Last edited by JamesX2 on 26 May 2005, 10:16)

wds is slow, if you want fast stuff, then remove wds and break the Bridge, teach your wrt to how to route each packet. I know that if you remove wds then you'll have to set almost everything by your self. but !!! you want fast,

fine tune your iptables firewall rules
unload all unused modules
remove everything that you never use

don't install any service on the router
keep it very simple

now you can transfer your 2GB file in a second.
hah

I set up a network, that almost enterprise level, not a hummmm. Thank you OpenWrt

wj

Thanks Wirelessjoe,

This sounds like a great solution, I had considered routing before and even tested it on other WRT54G firmware but always got 1.5MBytes/sec.

I'm guessing that these firmwares all had briding enabled by default and so this explains the slow performance.

I have one concern though with routing and that is if I have a lot of clients connected and they are hammering the network with perhaps thousands of concurrent TCP/IP connections will the router get overwhelmed....

I'm not sure if the router keeps track of TCP/IP connections in a table or something as if this is the case the table will have a limited size and so the router could get knocked out I'm guessing !!!

I'm confident that with WDS this would not be a problem as WDS is a layer2 thing

Does this sound correct or am I being Dim

Cheers, JamesX2.....

JamesX2 You are correct, if you have more clients then you will need more routers

yes WDS won't work without a Bridge :- however this is fine if we have more APs

Client-A------[AP-A-WDS]_____[WRT-AA-[BR]-WDS].............[WRT-BB-[BR]-WDS]____[AP-B-WDS]-----Client-B

hi wirelessjoe!
your transfer speed sounds great!! i want that too!!! ;-)
can you explain your configuration a little bit (the steps to get a really fast config)?

what router are you using and which revision? is it really stable?

greetings,
treb

You cannot transfer a 2GB file in one second.

It's actually possible to use routing over WDS links with WPA, but you have to hack the kernel a little so it dosnt shut down the ports when spanning tree turns them off... I have something working but I want to work out all the bugs before I post it widely.

thanx for your explanation! the wds thing sounds quite complicated. i wait for an downloadable image ;-)

You cannot transfer a 2GB file in one second, sorry I was just kidding !

Transfer 5GB in 30-40 min is My True answer with WPA-PSK-AES-WDS ad_hoc mode

1GB/sec would be nice  =-0
well i know that's way to fast, but your postings sounds like you know how to performance tune a wrt router.

within the next few days i would like to create a - hopefully - stable configuration with 5 seperated vlans (internet, dmz1, dmz2, wireless, intranet) connected by the router and controlled by a firewall. any suggestions or hints are appreciated. after finishing this task i want to post my experiences on this forum - with a small howto.

greetings,
treb

Dear Trebiani:

Yes we can tune TCP Protocol stack

when we need Large and Fast the Cisco IOS software and Hardware is hard to beat :-

if you don't have a good hand on Linux don't break the bridge, stay with the bridge
if you need good security - easy setup (I mean WPA) then stick by Linksys Original Firmware like Hyperwrt - read this post http://forum.openwrt.org/viewtopic.php?id=1835 ,  you will need help, so please ask as you go

I used Unix/BSD/Linux IBM Mainframe for Last 10 years, C Programmer,  and Network Hardware Technician, but still have problems, still learning how to compile the kernel (I don't feel bad about it) we together build Linux Old Router,  I am still holding that mirror here is the link http://upnet.dyndns.org/lrp/ I don't know what happend to Charles Steinkuehler, I hope he is doing well and wish him ALL the Best

Linksys and Cisco came later but :-
I am so glad to see Openwrt and Linksys doing this.

whatever Linksys WRT54G do I can still do in my 486 PC ? and that is the power of GOD and Thanks to Linus's Linux and All of YOU !

No matter how much you know, how much you have don't over load your router, keep it nice and clean always !

more reading
http://www.hyperwrt.org/forum/viewtopic.php?id=274
http://www.hyperwrt.org/forum/viewtopic.php?id=300
http://www.hyperwrt.org/forum/viewtopic.php?id=227

if you have a large network then read Linux Load Blancing

(Last edited by wirelessjoe on 28 Jun 2005, 20:58)

Hello WirelessJoe!

i configured some linux firewalls and i love the solid-rock linux iptables firewalls. i bought a LInksys WRT54GS V1.1 to use it with openwrt. i want to break the birdge to seperate the wireless traffic from my intranet! the only problem left is howto create the vlans 2 to 4 and howto associate the vlan to a single port of the pridge.
setting the nvram parameters vlan1ports vlan1hwname ist not enough.

oh yes - i want good security. easy setup is not very important to me.

me too!

Thanx for all the tips and hints!
Treb

found it:

nvram set vlan2ports="2 5"
nvram set vlan2hwname=et0

nvram set dmz1_ifname=vlan2
nvram set dmz1_proto=static
nvram set dmz1_ipaddr=10.10.100.1
nvram set dmz1_netmask=255.255.255.0
nvram set dmz1_hwaddr=00:11:22:33:44:55

in the S40network startup script i added the line:
ifup dmz1

one question left:
do i need vlan2ports="2 5" or vlan2ports="2 5*"

greetings,
treb

yep you got it

here little more, if you have lot, lots of wan lan traffics, you might wanna try this

echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo "600 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts

if everyting work, then add it to one of your startup script in /etc/init.d/

wj

(Last edited by wirelessjoe on 28 Jun 2005, 23:02)

installed it (with a startup script) and it's working without any problems. i made some heavy load stresstests, transfered a lot of gig's and the router was running stable for one day.

what maximum lan-to-lan speed can you get out of this box. i've read some postings about the poor switch performance. it would be nice to have some comparison to know if there is some tuning work to do ;-)

once again: many thanx for helping me!

I've setup wds with my original asus wl500g deluxe firmware with a belkin f5d7231.
I had 3Mbytes/s lan to lan (maybe because afterburner is shut off in wds)

I don't understand why are you talking about tuning the tcp stack...
Isn't all wifi stuff made at the ethernet level?
There is also something which I don't understand. The wifi hardware seems to have its own ethernet device to the processor (eth1) and the lan has another device (eth0)
All ethernet communications between lan and wifi are bridged through the cpu?
Why aren't they directly connected? I've seen that some device have wifi and lan on the same ethernet device. This means that wifi to lan communication implies absolutely NO intervention from the cpu.
Also, isn't all crypting made at the hardware level?

I really don't know, but I suppose that crypting is made by the CPU, and also that switching between interfaces seems to put load on the CPU. Obviously bridging uses the CPU, too.  This may be a bad idea for performance, but it allows to breake the bridge and set up a routed path between lan and wan. Also, you can control trafic a lot better even by using bridging and ebtables.

I was not talking between lan and wan, but between wifi and lan.
ethernet bridging should be low cpu consuming compared to ip routing.

Well it seems that something in the hardware prevents the WRT from going over 22 Mbit/s in any case, even when only the switch is involved.

EDIT: This is plain WRONG. Switching only (in the same VLAN) does NOT affect performace, I get 70MB/sec if switching only.

(Last edited by Kurgan on 6 Jul 2005, 09:01)

do you mean that afterburner/speedbooster is complete bullshit?
I had a slightly better performance when I set AP versus client mode (ethernet bridging). I had peeks at 3.3Mbytes/s

afterburner doesn't work in wds mode (as stated in the asus web interface)

AFAIK, afterburner is the "funky" name for the now quite common technique of altering framing size on wirleless to get 108 Mbit instead of 54.
You already know that 54 Mbit actually means 20 or so, so I suppose that 108 should mean 43 or so. Which anyway is far more better than the 25 or so that I have obtained from some USR stuff that I was testing some times ago (totally unrelated to the WRTs), that promises 108 Mbit when using their own hardware for both the AP and the NICs.

Back to WRTs, my tests (run with two P4 2600 PCs with Linux and Windows, and 100 Mbit wired LAN, using an Atheros minipci G as the client and a WRT54GS v1.1 as the AP) show that:

- real wired ethernet SMB transfer speed without the WRT is 80 Mbit/s

- if the ethernet goes through the WRT, speed slows to 22 Mbit/s in both a routed (WAN to LAN) and simply switched (LAN to LAN) configuration. While routing surely eats up CPU, I really don't understand why simply switching packets should be limited to 22Mbit/s, when my cheap D-Link switch allows for 80 Mbit/s transfers.

- when routing between WAN and WLAN, or bridging between LAN and WLAN, using WPA-PSK with an old experimental (March 2005, if I recall correctly) I have got no more than 13 Mbit/s.

Your performance seems to be better than mine, anyway, since 3,3 Mbytes/sec is about  26 Mbit/s. I suppose anyway that my wireless performance could be enhanced by removing 802.11b compatibility, for example, and that maybe by using two WRTs instead of my Atheros mini-pci as a client could perform better. Anyway, if there really is a bottleneck in the wired switch, you will never go faster than that.

the 26MBit performance was without openwrt.
it was with original asus firmware between two asus wl500gd.

I had 24mbit/s between the asus and the belkin in wds.
samba file transfer, task manager measurement.

I have to try with a real afterburner client, (I don't have one yet), because afterburner is not supposed to work in wds. and I suspect that the asus client mode (ethernet bridging) does not activate afterburner correctly.

I will do some testing with openwrt as soon as I succeed in installing white russian. (I have experimental right now)

(Last edited by sophana on 2 Jul 2005, 09:30)

the router is still working fine but i can't see a higher performance. with scp i still transfer 2.6MBytes/s (no Firewall/NAT enabled)
my old linux firewall/router (AMD Athlon 700MHz, 512MB Ram) i had an everage transfer rate of 7.9MBytes/s (with Firewall and NAT)

has someone higher transfer rates?

btw: i switched to the "whiterussian" build.

This should *not* be the case, because the BCM5325 switch in the WRT54Gv2.2 has a non-blocking switching fabric, which basically means all the switch ports can go fully loaded to literally 100 megabits per second on each port and packets will not be dropped.  This is only for switching within the same VLAN of course.  I assume the ADMTek switch used in various other hardware versions is also nonblocking.  There's no reason it *wouldn't* be, because to do that speed is easy and cheap to do in the hardware these days.  100mb/s has been around for a *long* time.

If you're getting max 22mb/s even across the switch ports on the same VLAN, I suggest you check other things, such as whether the problem is on the computers you are using for testing.  Many applications find it hard to thrash a 100mb/s link - I suggest an FTP transfer of a large file (200MB+)  between two fast PCs.  This way you'll be probably maxing out your PC NIC card, and not losing anything due to TCP overheads since each packet will be the maximum MTU size.  I would realistically expect to see around 70mb/s of throughput - about 7 megabytes per second.

Kaldek

P.S.  Personally, I've had two laptop PCs running Windows XP on either side of a 100mb/s load balanced firewall cluster hit right on 10 megabytes per second, so FTP is plenty capable of the throughput.  This was with Cerberus FTP server BTW.

It's hard to say exactly why the throughput of the router seems fairly low, but there are definite differences between your old Linux firewall and the wireless router.  Specifically, the usage of VLANs.  Each packet that crosses from one routed interface to another must enter the O/S and have VLAN tags either added or stripped off the ethernet frame.  This may add enough overhead to the CPU on these things that it nerfs the bandwidth, considering that the O/S is *also* doing the usual IP routing tasks.  The old adage of  the "straw that broke the camel's back" is the statement that matches what I'm saying here.

Since the whole hardware design is based on a 5-port switch with VLAN support to enable the creation of the "WAN" interface, you're kinda stuck with it, if indeed that's the cause of the performancde limitation.

Bear in mind that you're also using "scp" as a means of testing throughput. SCP uses cryptography, and cryptography = CPU time.  An Athlon 700mhz is going to laugh at encrypting an scp data stream, especially considering its monstrous floating point performance.  As I can recall, these little Broadcom 4712 CPUs in these things don't even have a dedicated floating point unit and emulate one in software.  Ergo, fairly poor crypto performance.  Just last night I was copying files over from my WPA-secured wireless link into a wired PC and it was maxed out at 18mb/s (802.11g is capable of about 25mb/s best case).  Running "top" in OpenWRT showed my CPU right up there at 89% for the whole session.  In other words, pretty flat out.

Kaldek

(Last edited by kaldek on 6 Jul 2005, 03:33)

well, encryption and decryption takes place at the 2 workstations used for load testing. the router has to route between the 2 vlans - i'll check the routers cpu load but tagging and untagging ip packages should not be the problem for the 200MHz CPU (which is running at 216MHz cause of this "heavy-load-bug"). next i'll check the transfer speed within the same subnet (same vlan).

it is quite essential to get the maximum transfer out of this little box: i neeeeeed 100mbit between lan and dmz!