At present, I have a single router (Linksys WRT3200ACM) which acts as an access point for three different WiFi networks and router for eight distinct local IP subnets and three WAN interfaces including a VPN. I've done some tests and found that the router can only drive AES-encrypted VPN connections at a maximum of about 80Mbps. I'm considering changing the router for one which can cope with higher bandwidth, primarily for fibre WAN but I'm also eyeing 10G Ethernet.
Following @dlakelan's advice and splitting the WiFi access point and router into separate devices, which seems reasonable, I would have a WiFi access point serving three networks, connected by Ethernet to a separate router. Routing between the different WiFi networks would require packets to go from the access point to the router and then back to the access point again.
It seems silly to me to have incoming WiFi packets take the round trip to the router if they're going out to another WiFi network but I can't see how else such a system would work. Perhaps others know better. So I'm seeking recommendations on how to go about setting up a high-bandwidth network which can route between separate WiFi networks?
You've not made an explicit suggestion about how to set up a high-bandwidth network, you've just linked to a table of devices that include a WiFi radio. Are you suggesting to not separate the WiFi access point and router, in contradiction to @dlakelan's suggestion?
Yes, if you want to route between these networks, ypu need a router. But you can run an internal router for the internal routing in addition to the external WAN router if that makes things easier.
Oh, you also could just add an internal decive, say a raspberry5 to tetminate thd VPN link to increase the VPN throughput.
If the networks are separated (as opposed to just different SSIDs on the SAME network) then you have to go through a router. That's what it means to be separated.
So the method is to make the router beefy. Some x86 running at least 2GHz clock and gigabit or 2.5gigabit nics would be reasonable. You can get the Mini PC dual LAN router and a gigabit managed switch for less than $200 in the US.
The router and the WiFi access point can be the same device, as they are currently in my network. Having separate IP subnets doesn't imply having separate router and WiFi access point devices.
I think you're conflating two kinds of separation: (1) separation of IP subnets and (2) separation of routing functionality and WiFi access point functionality into different devices. I'm asking about the latter, not the former.
If you want high speed routing between vlans its not a great idea to rely on all-in-one devices which are unlikely to provide the same kind of routing performance as mini PCs. The economics is such that the customer base for all in one devices simply doesn't demand the kind of hardware you get from a mini PC. You might find some niche hardware but the usual stuff from netgear/belkin/dlink/Asus/tplink etc is not gonna route like a $150 N100 mini PC.