Advanced optimization setup and recommended packages

hi first of all i would like to state that i would like to avoid a raging debate and benchmarking. i use a fast copy paste setup of my desktop system and am mainly opening this topic for more knowledgeable people to give advice on how to improve a basic setup. ive tinkered in the past a lot with custom compilation and kernels in general and found that very significant performance improvements can be achieved. however i would like to skip that as well. am interested in building an optimal system for basic usage with custom packages using firmware-selector. there are too many packages to figure out. furthermore comparing same chip routers to stock x-wrt firmware reveals that they use quite some packages. am mainly interested in increasing performance with optimizations of settings, delegating functions to kernel modules and extra packages that could be used to achieve this. my setup is pretty basic at best adblock dnscrypt-proxy2 and pppoe passthrough. again im not posting this to share my setup or performance results, just to get advice. since my scripts and settings are a lazy copy paste of my desktop mainly and many if not most functions dont even function or arent optimized for router usage. i did find however that in my usage case it improved latency. i will include my rc.local, /etc/config/wireless and my package list and of x-wrt for comparison. am interested in improving my setup. thanks for understanding. at best im interested in some basic tips and extra packages i could use to optimize the stock setup and what packages could help in this comparing my near stock openwrt setup to x-wrt. im mainly concerned about latency, expanding hardware acceleration and optimized configuration without the need of compiling from scratch.

/etc/config/wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'VHT80'
        option country 'GR'
        option cell_density '0'
        option wmm '1'
        option greenfield '1'
        option frameburst '1'
        option bursting '1'
        option vendor_vht '1'
        option short_gi_80 '1'
        option short_gi_40 '1'
        option short_preamble '1'
        option ht_coex '1'
        option ff '1'
        option xr '1'
        option ar '1'
        option compression '1'
        option isolate '1'
        option distance '10'
        option frag '2346'
        option rts '2347'
        option noscan '1'
        option beacon_int '50'
        option channel 'auto'
        option txpower '22'

package list:

adblock
attendedsysupgrade-common
base-files
busybox
ca-bundle
dnscrypt-proxy2
dnsmasq
dropbear
firewall4
fstools
jansson
kernel
kmod-dnsresolver
kmod-gpio-button-hotplug
kmod-iosched-bfq
kmod-leds-gpio
kmod-lib80211
kmod-loop
kmod-mt76x2
kmod-nft-offload
kmod-ppp
kmod-pppoe
kmod-rt2800-soc
kmod-tcp-bbr
kmod-usb-ohci
kmod-usb2
kmod-wireguard
libc
libjson-c
liblua5.3
libuci2
libustream-wolfssl
logd
luci
luci-app-adblock
luci-app-attendedsysupgrade
luci-app-opkg
luci-app-uhttpd
luci-app-wireguard
luci-ssl
mtd
netifd
nftables-json
odhcp6c
odhcpd-ipv6only
opkg
ppp
ppp-mod-pppoe
procd
procd-seccomp
procd-ujail
swconfig
uci
uclient-fetch
uhttpd-mod-lua
urandom-seed
urngd
wpad-basic-wolfssl

rc.local:

#sysctl -w net.ipv6.conf.all.disable_ipv6=1
#sysctl -w net.ipv6.conf.default.disable_ipv6=1
#### add delay prior to application
#sleep 10
modprobe dns_resolver
modprobe tcp_bbr
#modprobe cake
modprobe bfq
modprobe nft_flow_offload
modprobe lib80211
modprobe lib80211_crypt_ccmp
modprobe loop
#systemctl start firewalld
#### extras
/etc/init.d/irqbalance start
echo fq_codel > /proc/sys/net/core/default_qdisc
#sysctl net.ipv4.tcp_fastopen=3
#sysctl net.core.busy_read=50
sysctl net.ipv4.tcp_slow_start_after_idle=0

echo "1" /proc/sys/fs/leases-enable
echo "0" > /proc/sys/fs/dir-notify-enable
echo "20" > /proc/sys/fs/lease-break-time
echo "0" > /proc/sys/vm/overcommit_memory

sudo echo always > /sys/kernel/mm/transparent_hugepage/enabled
sudo echo always > /sys/kernel/mm/transparent_hugepage/defrag

sysctl -w kernel.sched_scaling_enable=1
sysctl sched_scaling_enable=1
sysctl sched_tunable_scaling=2
sysctl /proc/sys/kernel/sched_child_runs_first=1
#sysctl /proc/sys/kernel/sched_min_granularity_ns=1000000
#sysctl /proc/sys/kernel/sched_wakeup_granularity_ns=2000000
sysctl /proc/sys/kernel/sched_latency_ns=40000

sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*
systemctl enable --now apparmor.service

###### CONFIGURE SCHEDULER
################################
### currently [none], [kyber], [bfq], [mq-deadline]
#$(sudo fdisk -l | grep '^/dev/[a-z]*[0-9]' | awk '$2 == "*"' | cut -d" " -f1 | cut -c1-8)
for i in $(find /sys/block -type l); do
  echo "bfq" > $i/queue/scheduler;
  echo "0" > $i/queue/add_random;
  echo "0" > $i/queue/iostats;
  echo "0" > $i/queue/io_poll
  echo "2" > $i/queue/nomerges
  echo "512" > $i/queue/nr_requests
  echo "4096" > $i/queue/read_ahead_kb
  echo "0" > $i/queue/rotational
  echo "2" > $i/queue/rq_affinity
  echo "write through" > $i/queue/write_cache
  echo "4" > $i/queue/iosched/quantum
  echo "80" > $i/queue/iosched/fifo_expire_sync
  echo "330" > $i/queue/iosched/fifo_expire_async
  echo "12582912" > $i/queue/iosched/back_seek_max
  echo "1" > $i/queue/iosched/back_seek_penalty
  echo "60" > $i/queue/iosched/slice_sync
  echo "50" > $i/queue/iosched/slice_async
  echo "2" > $i/queue/iosched/slice_async_rq
  echo "0" > $i/queue/iosched/slice_idle
  echo "0" > $i/queue/iosched/group_idle
  echo "1" > $i/queue/iosched/low_latency
  echo "100" > $i/queue/iosched/target_latency
done;

echo "write through" | sudo tee /sys/block/*/queue/write_cache

###### FILESYSTEM
################################
echo "0" > /proc/sys/fs/dir-notify-enable
echo "20" > /proc/sys/fs/lease-break-time
echo "1" > /proc/sys/vm/compact_unevictable_allowed
echo "5" > /proc/sys/vm/dirty_background_ratio
echo "12000" > /proc/sys/vm/dirty_expire_centisecs
echo "80" > /proc/sys/vm/dirty_ratio
echo "3000" > /proc/sys/vm/dirty_writeback_centisecs
echo "1" > /proc/sys/vm/oom_dump_tasks
echo "1" > /proc/sys/vm/oom_kill_allocating_task
echo "1200" > /proc/sys/vm/stat_interval
echo "10" > /proc/sys/vm/vfs_cache_pressure
echo "0" > /proc/sys/vm/swappiness

### IMPROVE SYSTEM MEMORY MANAGEMENT ###
# Increase size of file handles and inode cache
sysctl fs.file-max=2097152
### GENERAL NETWORK SECURITY OPTIONS ###
# Number of times SYNACKs for passive TCP connection.
#sysctl net.ipv4.tcp_synack_retries=2
# Allowed local port range
sysctl net.ipv4.ip_local_port_range=2000 65535
# Protect Against TCP Time-Wait
#sysctl net.ipv4.tcp_rfc1337=1
# Decrease the time default value for tcp_fin_timeout connection
sysctl net.ipv4.tcp_fin_timeout=15
# Decrease the time default value for connections to keep alive
sysctl net.ipv4.tcp_keepalive_time=300
sysctl net.ipv4.tcp_keepalive_probes=5
sysctl net.ipv4.tcp_keepalive_intvl=15
### TUNING NETWORK PERFORMANCE ###
# Default Socket Receive Buffer
#sysctl net.core.rmem_default=31457280
# Maximum Socket Receive Buffer
#sysctl net.core.rmem_max=12582912
# Default Socket Send Buffer
#sysctl net.core.wmem_default=31457280
# Maximum Socket Send Buffer
#sysctl net.core.wmem_max=12582912
# Increase number of incoming connections
#sysctl net.core.somaxconn=4096
# Increase number of incoming connections backlog
#sysctl net.core.netdev_max_backlog=65536
# Increase the maximum amount of option memory buffers
#sysctl net.core.optmem_max=25165824
# Increase the maximum total buffer-space allocatable
# This is measured in units of pages (4096 bytes)
#sysctl net.ipv4.tcp_mem=65536 131072 262144
#sysctl net.ipv4.udp_mem=65536 131072 262144
# Increase the read-buffer space allocatable
#sysctl net.ipv4.tcp_rmem=8192 87380 16777216
#sysctl net.ipv4.udp_rmem_min=16384
# Increase the write-buffer-space allocatable
#sysctl net.ipv4.tcp_wmem=8192 65536 16777216
#sysctl net.ipv4.udp_wmem_min=16384
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
#sysctl net.ipv4.tcp_max_tw_buckets=1440000
#sysctl net.ipv4.tcp_tw_recycle=1
#sysctl net.ipv4.tcp_tw_reuse=1

sysctl fs.xfs.xfssyncd_centisecs=10000

###### CPU
################################
### governor
function setgov ()
{
    echo "performance" | sudo tee /sys/devices/system/cpu/cpufreq/policy*/scaling_governor
}
### workqueues
chmod 666 /sys/module/workqueue/parameters/power_efficient
chown root /sys/module/workqueue/parameters/power_efficient
bash -c 'echo "N"  > /sys/module/workqueue/parameters/power_efficient'

###### EXTRAS
################################
### kernel panic
sysctl -e -w kernel.panic_on_oops=0
sysctl -e -w kernel.panic=0
### rcu
echo "0" > /sys/kernel/rcu_expedited
echo "1" > /sys/kernel/rcu_normal
### entropy
echo "96" > /proc/sys/kernel/random/urandom_min_reseed_secs
echo "1024" > /proc/sys/kernel/random/write_wakeup_threshold
### hibernation
#echo "deep" > /sys/power/mem_sleep
### extras
echo "Y" > /sys/module/cryptomgr/parameters/notests
echo "1" > /sys/module/hid/parameters/ignore_special_drivers
echo "N" > /sys/module/drm_kms_helper/parameters/poll
echo "N" > /sys/module/printk/parameters/always_kmsg_dump

###### TCP SETTINGS
################################
echo "128" > /proc/sys/net/core/netdev_max_backlog
echo "0" > /proc/sys/net/core/netdev_tstamp_prequeue
echo "0" > /proc/sys/net/ipv4/cipso_cache_bucket_size
echo "0" > /proc/sys/net/ipv4/cipso_cache_enable
echo "0" > /proc/sys/net/ipv4/cipso_rbm_strictvalid
echo "0" > /proc/sys/net/ipv4/igmp_link_local_mcast_reports
echo "24" > /proc/sys/net/ipv4/ipfrag_time
echo "bbr" > /proc/sys/net/ipv4/tcp_congestion_control
echo "1" > /proc/sys/net/ipv4/tcp_ecn
echo "0" > /proc/sys/net/ipv4/tcp_fwmark_accept
echo "320" > /proc/sys/net/ipv4/tcp_keepalive_intvl
echo "21600" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "1800" > /proc/sys/net/ipv4/tcp_probe_interval
echo "1" > /proc/sys/net/ipv4/tcp_no_metrics_save
echo "0" > /proc/sys/net/ipv4/tcp_slow_start_after_idle
echo "0" > /proc/sys/net/ipv6/calipso_cache_bucket_size
echo "0" > /proc/sys/net/ipv6/calipso_cache_enable
echo "48" > /proc/sys/net/ipv6/ip6frag_time

echo "1" > /proc/sys/net/ipv4/net.ipv4.tcp_rfc1337
echo "1" > /proc/sys/net/ipv4/net.ipv4.tcp_window_scaling
echo "1" > /proc/sys/net/ipv4/net.ipv4.tcp_workaround_signed_windows
echo "1" > /proc/sys/net/ipv4/net.ipv4.tcp_sack
echo "1" > /proc/sys/net/ipv4/net.ipv4.tcp_fack
echo "1" > /proc/sys/net/ipv4/net.ipv4.tcp_low_latency
echo "0" > /proc/sys/net/ipv4/net.ipv4.ip_no_pmtu_disc
echo "1" > /proc/sys/net/ipv4/net.ipv4.tcp_mtu_probing
echo "2" > /proc/sys/net/ipv4/net.ipv4.tcp_frto
echo "2" > /proc/sys/net/ipv4/net.ipv4.tcp_frto_response

sysctl net.core.somaxconn=1000
sysctl net.core.netdev_max_backlog=5000
sysctl net.core.rmem_max=16777216
sysctl net.core.wmem_max=16777216
sysctl net.ipv4.tcp_wmem=4096 12582912 16777216
sysctl net.ipv4.tcp_rmem=4096 12582912 16777216
sysctl net.ipv4.tcp_max_syn_backlog=8096
sysctl net.ipv4.tcp_slow_start_after_idle=0
sysctl net.ipv4.tcp_tw_reuse=1
sysctl net.ipv4.ip_local_port_range=10240 65535

for i in $(find /sys/class/net -type l); do
  echo "128" > $i/tx_queue_len;
done;

###### OMIT DEBUGGING
################################
echo "0" > /proc/sys/debug/exception-trace
echo "0 0 0 0" > /proc/sys/kernel/printk

echo "Y" > /sys/module/printk/parameters/console_suspend

for i in $(find /sys/ -name debug_mask); do
echo "0" > $i;
done
for i in $(find /sys/ -name debug_level); do
echo "0" > $i;
done
for i in $(find /sys/ -name edac_mc_log_ce); do
echo "0" > $i;
done
for i in $(find /sys/ -name edac_mc_log_ue); do
echo "0" > $i;
done
for i in $(find /sys/ -name enable_event_log); do
echo "0" > $i;
done
for i in $(find /sys/ -name log_ecn_error); do
echo "0" > $i;
done
for i in $(find /sys/ -name snapshot_crashdumper); do
echo "0" > $i;
done
if [ -e /sys/module/logger/parameters/log_mode ]; then
 echo "2" > /sys/module/logger/parameters/log_mode
fi;

wl -i eth0 interference 3
wl -i eth1 interference 3
wl -i eth2 interference 3
ifconfig eth0 txqueuelen 2
ifconfig eth1 txqueuelen 2
ifconfig eth2 txqueuelen 2
echo 262144 > /proc/sys/net/core/rmem_max
echo 262144 > /proc/sys/net/core/wmem_max
echo "4096 16384 262144" > /proc/sys/net/ipv4/tcp_wmem
echo "4096 87380 262144" > /proc/sys/net/ipv4/tcp_rmem
echo 1000 > /proc/sys/net/core/netdev_max_backlog
echo 16384 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 16384 > /sys/module/nf_conntrack/parameters/hashsize

#systemctl start fstrim.timer

echo 2 > /proc/irq/49/smp_affinity
echo 2 > /proc/irq/50/smp_affinity

###### END

exit 0

x-wrt stock packagelist:

base-config-setting
base-files
block-mount
blockd
bridge
busybox
ca-bundle
cgi-io
chat
comgt
comgt-ncm
dawn
ddns-scripts
ddns-scripts-services
ddns-scripts_aliyun
dnsmasq-full
dropbear
ds-lite
ethtool
firewall4
fstools
fwtool
getrandom
hmac-sha1-util
hostapd-common
iftop
ip-full
ip6tables-nft
iperf3
ipset
iptables-mod-conntrack-extra
iptables-mod-ipopt
iptables-nft
iw
iwinfo
jansson4
jshn
jsonfilter
kernel
kmod-asn1-decoder
kmod-br-netfilter
kmod-cfg80211
kmod-crypto-acompress
kmod-crypto-aead
kmod-crypto-arc4
kmod-crypto-cbc
kmod-crypto-ccm
kmod-crypto-cmac
kmod-crypto-crc32c
kmod-crypto-ctr
kmod-crypto-cts
kmod-crypto-des
kmod-crypto-ecb
kmod-crypto-gcm
kmod-crypto-gf128
kmod-crypto-ghash
kmod-crypto-hash
kmod-crypto-hmac
kmod-crypto-kpp
kmod-crypto-lib-chacha20
kmod-crypto-lib-chacha20poly1305
kmod-crypto-lib-curve25519
kmod-crypto-lib-poly1305
kmod-crypto-manager
kmod-crypto-md4
kmod-crypto-md5
kmod-crypto-null
kmod-crypto-rng
kmod-crypto-seqiv
kmod-crypto-sha1
kmod-crypto-sha256
kmod-crypto-sha512
kmod-dnsresolver
kmod-exfat-linux
kmod-fs-autofs4
kmod-fs-ext4
kmod-fs-ksmbd
kmod-fs-msdos
kmod-fs-nfs
kmod-fs-nfs-common
kmod-fs-nfs-common-rpcsec
kmod-fs-nfs-v4
kmod-fs-ntfs3
kmod-fs-vfat
kmod-gpio-button-hotplug
kmod-gre
kmod-gre6
kmod-ifb
kmod-ip6-tunnel
kmod-ip6tables
kmod-ipt-conntrack
kmod-ipt-conntrack-extra
kmod-ipt-core
kmod-ipt-ipopt
kmod-ipt-ipset
kmod-ipt-nat
kmod-ipt-raw
kmod-iptunnel
kmod-iptunnel4
kmod-iptunnel6
kmod-ipvlan
kmod-leds-gpio
kmod-lib-crc-ccitt
kmod-lib-crc16
kmod-lib-crc32c
kmod-lib-lzo
kmod-lib-textsearch
kmod-mac80211
kmod-macvlan
kmod-mii
kmod-mppe
kmod-mt76-core
kmod-mt76x02-common
kmod-mt76x2
kmod-mt76x2-common
kmod-natcap
kmod-natflow
kmod-nf-conntrack
kmod-nf-conntrack6
kmod-nf-flow
kmod-nf-ipt
kmod-nf-ipt6
kmod-nf-log
kmod-nf-log6
kmod-nf-nat
kmod-nf-nat6
kmod-nf-nathelper
kmod-nf-nathelper-extra
kmod-nf-reject
kmod-nf-reject6
kmod-nf-socket
kmod-nf-tproxy
kmod-nfnetlink
kmod-nfnetlink-queue
kmod-nft-arp
kmod-nft-bridge
kmod-nft-compat
kmod-nft-core
kmod-nft-fib
kmod-nft-nat
kmod-nft-netdev
kmod-nft-offload
kmod-nft-queue
kmod-nft-socket
kmod-nft-tproxy
kmod-nls-base
kmod-nls-cp437
kmod-nls-iso8859-1
kmod-nls-utf8
kmod-oid-registry
kmod-ppp
kmod-pppoe
kmod-pppox
kmod-pptp
kmod-rt2800-lib
kmod-rt2800-mmio
kmod-rt2800-soc
kmod-rt2x00-lib
kmod-rt2x00-mmio
kmod-sched-cake
kmod-sched-core
kmod-scsi-core
kmod-sit
kmod-slhc
kmod-tcp-bbr
kmod-tcp-scalable
kmod-tun
kmod-udptunnel4
kmod-udptunnel6
kmod-usb-core
kmod-usb-ehci
kmod-usb-net
kmod-usb-net-cdc-ether
kmod-usb-net-cdc-mbim
kmod-usb-net-cdc-ncm
kmod-usb-net-huawei-cdc-ncm
kmod-usb-net-ipheth
kmod-usb-net-qmi-wwan
kmod-usb-net-rndis
kmod-usb-net-rtl8152
kmod-usb-net-sierrawireless
kmod-usb-ohci
kmod-usb-printer
kmod-usb-serial
kmod-usb-serial-option
kmod-usb-serial-qualcomm
kmod-usb-serial-sierrawireless
kmod-usb-serial-wwan
kmod-usb-storage
kmod-usb-storage-extras
kmod-usb-storage-uas
kmod-usb-wdm
kmod-usb2
kmod-wireguard
ksmbd-server
ksmbd-utils
libatomic1
libblkid1
libblobmsg-json20220515
libbpf20220308
libc
libcap
libelf1
libev
libevdev
libgcc1
libgcrypt
libgpg-error
libimobiledevice
libimobiledevice-utils
libip4tc2
libip6tc2
libiperf3
libipset13
libiptext-nft0
libiptext0
libiptext6-0
libiwinfo-data
libiwinfo-lua
libiwinfo20210430
libjson-c5
libjson-script20220515
liblua5.1.5
liblucihttp-lua
liblucihttp0
liblzo2
libmnl0
libncurses6
libnfnetlink0
libnftnl11
libnl-core200
libnl-genl200
libnl-tiny2022-05-17
libopenssl-conf
libopenssl1.1
libpcap1
libpcre
libplist
libpthread
libqrencode
librt
libstdcpp6
libtirpc
libubox20220515
libubus-lua
libubus20220601
libuci-lua
libuci20130104
libuclient20201210
libucode20220812
libudev-zero
libusb-1.0-0
libusbmuxd
libustream-wolfssl20201210
libuuid1
libwolfssl5.5.1.15181848
libwrap
libxml2
libxtables12
logd
lsof
lua
lua-cjson
lua-ipops
lua-md5
luasocket
luci
luci-app-autoreboot
luci-app-dawn
luci-app-ddns
luci-app-fakemesh
luci-app-firewall
luci-app-ksmbd
luci-app-ledtrig-switch
luci-app-macvlan
luci-app-mwan3
luci-app-natcap
luci-app-natflow-users
luci-app-openvpn
luci-app-opkg
luci-app-p910nd
luci-app-sqm
luci-app-upnp
luci-app-wireguard
luci-app-wizard
luci-app-xwan
luci-base
luci-compat
luci-i18n-base-zh-cn
luci-i18n-dashboard-zh-cn
luci-i18n-ddns-zh-cn
luci-i18n-firewall-zh-cn
luci-i18n-ksmbd-zh-cn
luci-i18n-mwan3-zh-cn
luci-i18n-openvpn-zh-cn
luci-i18n-opkg-zh-cn
luci-i18n-p910nd-zh-cn
luci-i18n-sqm-zh-cn
luci-i18n-upnp-zh-cn
luci-i18n-wireguard-zh-cn
luci-lib-base
luci-lib-ip
luci-lib-ipkg
luci-lib-json
luci-lib-jsonc
luci-lib-nixio
luci-mod-admin-full
luci-mod-dashboard
luci-mod-network
luci-mod-status
luci-mod-system
luci-proto-3g
luci-proto-ipv6
luci-proto-mbim
luci-proto-ncm
luci-proto-ppp
luci-proto-qmi
luci-proto-wireguard
luci-ssl
luci-ssl-nginx
luci-theme-bootstrap
luci-theme-openwrt-2020
miniupnpd-nftables
mtd
mwan3plus
natcapd
natcapd-client
natcapd-server
natflow-auth
natflow-boot
netifd
nfs-utils
nftables-json
nginx
nginx-mod-luci
nginx-mod-luci-ssl
nginx-ssl
nginx-ssl-util
nginx-util
odhcp6c
odhcpd-ipv6only
openssl-util
openvpn-openssl
openwrt-keyring
opkg
p910nd
ppp
ppp-mod-pppoe
ppp-mod-pptp
pptpd
procd
procd-seccomp
procps-ng
procps-ng-ps
px5g-wolfssl
qrencode
r8152-firmware
resolveip
rpcd
rpcd-mod-file
rpcd-mod-iwinfo
rpcd-mod-luci
rpcd-mod-rrdns
sqm-scripts
swconfig
tc-tiny
tcpdump
terminfo
ubi-utils
uboot-envtools
ubox
ubus
ubusd
uci
uclient-fetch
ucode
ucode-mod-fs
ucode-mod-ubus
ucode-mod-uci
uhttpd
uhttpd-mod-ubus
umbim
umdns
uqmi
urandom-seed
urngd
usb-modeswitch
usbmuxd
usbutils
usign
usteer
uwsgi
uwsgi-cgi-plugin
uwsgi-luci-support
uwsgi-syslog-plugin
wget-ssl
wireguard-tools
wireless-regdb
wireless-tools
wpad-openssl
wsdd2
wwan
xtables-nft
zlib

There is no magic BE_FASTER checkbox, if there were one, it would be enabled. In general, OpenWrt's defaults are fine, everything else follows custom requirements.

It would be interesting to see -O2 vs -Os as default optimization though

if youre concerned with compilation and especially kernel using clear linux cflags on O3 on clang with lto polly including a kernel timer of 1000hz can improve quite a bit. the problem is that benchmark results in general are not stable across kernel versions, sometimes even contradict theory and simply Os vs O2 is not worthwhile. however when scrambling every single bit of userspace + kernel optimization together i have increased benchmarks very significantly in the past. not on routers just talking about the linux kernel in general. if you are interested even if outdated check the makefile and kernel config of desktop and phone config. this however takes a LOT of effort and a compromise in security as well if you want to achieve significant gains. for my sake it has been just for experimentation and tinkering which is not worth the time thus i prefer sticking to online building. in my usage case using fq_codel with bbr already shows some improvement in latency. ive tried O2 already on wrt. not worth on itself. too insignificant.

• O3 is not necessarily better, will silently break things and is not recommended to use by kernel developers
• O2 (etc) are not equal between GCC and Clang in terms of what they include
• Both Clang and LTO support is still experimental, if I recall Google is working on Clang support for mainline kernel but I don't follow it closely so I don't know the current status

point being part from theory ive tried most of this step by step benchmarking and comparing results both with gcc and clang. its a complete waste of time even compilers on every version release differ from eachother sometimes one catches up to the other and vice versa. the setup ive sent you is quite significant. but its not worth the effort and time. so much so that hackbench latency scores dropped from 5/6/7 to 0.7 or something at maximum also depends on distro ofcourse and hardware. testing was done on debian .it includes mitigations. without those at aboout 2? dont remember. ill just avoid compiling at any cost. lazy

Hey, while you’ve provided a lot of info on what you did in the past your post doesn’t include any specific details of what you’re trying to achieve with openwrt or what you want to optimise.

At the minimum you should detail what device you’re using, what performance issue you have, what network speed you have purchased and what you have already done.

There are speed ups to assist with some issues, like packet steering, Irq balance, flow offloading, sqm - but these are situation specific, you can’t just enable everything and have an ‘optimised’ network.

hey thanks for responding. to clarify theres no issues with my devices. i just love openwrt and tinkering in general and would like to ask for general optimizations. this being so because i do notice improvement with my own config. bear in mind im a hobbyist. and for example would like to learn more about why x-wrt uses so many kernel modules and what they are for. ofcourse its also hardware related forgot to mention. 1 openwrt device using buildbot snapshots xiaomi miwifi mini and one x-wrt device using selfcompiled x-wrt on xiaomi router r3. so basically im interested in anyone that can provide more potential improvements just for the sake of tinkering. no compilation however just userspace and packages and config. id be glad to hear what i can improve on my setup however minimal. bit of nitpicking as to say. my network speed is also under the lan ports of 100mbps. so in other words having this setup i posted as an example. what would you recommend changing. the openwrt router is used with pppoe passthrough provided by the isp modem. just to name an example, i stumbled upon a package called kmod-dnsresolver which wasnt in x-wrt nor openwrt stock configuration. theres too many interesting packages and functionality for general usage that i know nothing about just as the above example. my usage has always been pretty basic and have no clue. eager to learn more.

And what is the internet speed you have? And what medium?

Lan speed can’t be optimised, the switch ic runs at the speed it runs.

If your upstream bandwidth is under 50mbps maybe you can reduce latency with sqm, but that’s more complicated with pppoe. If your bandwidth is higher than that your device is likely too low end to do sqm and as stated above the defaults are well optimised for non-sqm routing.

the wiring outside the house allows 105 to pass but need to replace inside wiring with utp so i lose quite a bit. currently with wifi ive maxed the settings out and it reaches almost maximum of what the cabling can handle so 77. i already have sqm running in kernel fq_codel in combination with bbr works good for me. i dont need to setup anything more right? i have the same setup across routers and pc. no qos however. lets say the isp modem gets 80 mb then through passthrough over 2 routers leaves me with 77 if im not mistaking

I'd be curious to find out if there's any latency penalty for using Go-based dnscrypt-proxy2 over C-based https-dns-proxy.

I was going to recommend irqbalance, but you already use that.

ive tried both didnt notice too much difference. i was also wondering if these legacy settings in /etc/config/wireless still apply today. because afaik there are more settings i didnt include in the above post like 'powersave' 'bgscan'. and also are there any more. never had a look into ht_capab stuff. im not sure what im using and what not because some of the settings require additional packages. i didnt bother to remove from desktop since my setup might change. also hope if someone can suggest improvements on the rc.local file because its not meant for my router. despite it still worked fine. for the reason of dnscrypt adding up to some latency ive installed kmod-loop and kmod-dnsresolver. am interested in more stuff like that
i just checked out i need a package called irqbalance but the hardware im using is 1 core so i guess not needed. basically the isp modem is better hardware. zte h1600. no jtag serial etc and fully restricted. also no ssh/telnet to play around with kernel config and usually when its there it uses a locked special cli interface. kind of sucks probably wont get openwrt. at best reverse engineering the firmware files might lead to decryption keys of config files but not more. ill replace my wrt hardware in the future however till i do still have time to learn more about how it works. the technician checking the cabling in the house got a max of 89mbps i guess sometimes with my older isp modem it did peak higher at times it fluctuates on time of the day think its isp related. this newer isp modem tends to settle at 80 mbps most of the time. sometimes a bit higher.
ive been talking to them and some suggested i should use utp wiring then input ethernet to wan and after get phone sip acces through the modem ports. dont know if this is possible. ive checked cabling coming to the house and it appear to be 4 cables so i was thinking using 1-3 6 on the utp pins. however after speaking more with the technicians they told me just 1 pair is working so i cant use the wan port just the phone port. it connects with vdsl2 phone port pppoa and after i pass it through ethernet on the wan on openwrt using pppoe passthrough on a seperate vlan set by isp. also am interested if there are settings in /etc/config/network related to ppp interface that are not in the openwrt manual. legacy stuff that still might work i mean. the router does have a tr069 port but i have no decrypted config file otherwise i could play around with the snr margins at least.

On VDSL2 it is very unlikely that a modem uses pppoa (PPP over ATM), VDSL2 allows the use of ATM/AAL5 but as far as I can tell most ISPs use the more modern PTM mode; and if PTM is used PPPoA is not an option anymore.

yes if im not mistaking it used to be atm now is ptm im not that familiar with the terms this is called ppptp right? it has a backup config of atm but autoconnects on ptm using profile 17a. on my older isp modem i could configure most of this manually now its all locked in their latest revision of firmware. sucks

Over VDSL2/PTM ISPs often directly use PPPoE. This has the advantage that it can be "offloaded" to a different machine, while PPPoA requires that the en-/de-capsulating machine actually has an ATM interface.

guess im confused thought that e implied over ethernet. and i wonder why i have a set of 4 cables and they just use 2 since my link most probably would be capped by the isp at 100 but in the meantime id have less loss over their cables.

Yes "oE" expands to over Ethernet but the PPPoE header lives inside the ethernet payload, so any transport that caries at least the full ethernet payload (like VDSL2/PTM, some ADSL/ATM/AAL5 configurations, DOCSIS, GPON/GEM, ...) can use PPPoE.

Telephony traditionally uses 2 wires (organized as a pair). Often a house/flat is connected to the distribution point with multiple pairs, but at that distribution point most a single pair is connected to the central office (or directly to an outdoor DSLAM). When you say "cables" do you mean individual wires in a compound entity or do you have multiple "compound entities"?

1 cable 2 pairs 4 individual wires within the cable towards my house. i dont know where the dslam is. but the cable coming towards my house is connected to a pole which divides the wires of individual houses. all i know is 105 mbps is reaching my house and the cabling within my house needs replacement. so i wonder why they used one pair. but on the other hand in house wiring is also 1 pair. so id need to replace the wiring within the walls even if id have 2 working pairs to install ppp over utp. if im not mistaking it must be fiber till dslam and from there on regular copper.

Because DSL really only works over a single pair. You can combine multiple such 2-wire links (called bonding) but typically ISPs avoid that because typically there are not enough ports/wires to the CO to allow multiple pairs per subscriber (at least that is an explanation I read somewhere IIRC).
What sometimes happens is that if a pair is compromised a technician might switch over the an so far un-used pair. Also if say a flat gets split into two (or a subscriber books a second internet access link) a hitherto unused pair might get activated.

If your in house cabling is bad, you could try to move the modem as close to the first face-plate as possible and use proper ethernet cables for distributing the network internally after the modem.

hmm so the first technician telling me i could convert my dsl from phone line to ethernet was wrong even if i had 2 pairs. if i will change cabling im thinking at least making it future proof. have some quality sattelite cables which i could use instead. good isolation and seperated from eachother. wonder if that is a viable solution next to shortening the in house distance. unfortunately i cannot bond them because the 1 pair goes to the first floor and second to the second floor. i wonder though since its only 1 pair if i would have loss using an ethernet cable unless i bond that one as well and if sattelite cables wouldnt be better. very thick copper very well isolated in individual cables. but since i have ptm as you say i could just ask them to activate all 2 pairs and use pppoe instead of ppptp right, even if its sattelite cabling. ive read however that 4 pin ethernet is capped at 100mbps at some forums. others say it can carry 1gbps. not sure myself havent ever tried before. the house is seperated from neighbors so the wiring belongs to the same house. i wonder if they would be so kind to make it possible for me to use pppoe instead though. right now the way it works is either i can use a splitter and the isp recommends splitting twice and using a filter directly on the phone line and the second split of the phone line reenters the router. i could also directly plug in the phone line in the router and without splitters hookup my landline to my router and still works but think the latter gave me less performance. id have no problem if i would use pppoe to do the same pluging in my phone in my router right.