Massive PPPoE performance drop in 23.x with Archer C7 v2

svillar · May 8, 2024, 5:31pm

I've been using an Archer C7 v2 as main router for some years now. I have a symmetric 1Gb fiber connection at home. I know that the device is not capable of that speed but I was getting a decent ~600Mb symmetric connection with 21.02.7

When I upgraded to the latest 23.05.3 I immediately noticed a performance drop. Indeed when running speed tests (I tried multiple ones) the download speed seems capped at 200Mb/s while the upload speed is a bit better (~350Mb/s) but still far away from the values I was getting with the same configuration.

I've read about ct and non-ct drivers but AFAIK that only affect wifi performance right? I'm testing always with ethernet cables. I have verified that the upstream connection is perfectly fine, I setup a PPPoE connection in my laptop and connected directly to the HGU bypassing my router and I was getting the symmetric 1Gb without issues.

Also I've seen this topic that suggests that 150-200 is the maximum you can get. I think the actual test data contradict that.

brada4 · May 8, 2024, 5:37pm

Is offload involved?
is pppoe lowlevel interface vlan or ethernet?

svillar · May 8, 2024, 7:53pm

So software offloading is enabled, otherwise I get lower speeds indeed. Hardware offloading is not supported in this device.

Regarding the underlying device of the PPPoE interface, it's a VLAN indeed. For that VLAN I have packages tagged in both CPUs (it has eth0 and eth1) but the packages go untagged in WAN interface because that's how the HGU serves them (that's the reason why I can connect my latptop directly to the HGU).

svillar · May 8, 2024, 7:56pm

Note that this might not be something specific to 23.x as I had similar issues in 22.x and decided to downgrade to 21

brada4 · May 8, 2024, 8:13pm

First correct MSS:
in /etc/nftables.d/mssfix.nft

chain mangle_postrouting {
                type filter hook postrouting priority mangle; policy accept;
                oif $wan_devices tcp flags syn / syn,fin,rst tcp option maxseg size set rt mtu
}

(fw4 check && service firewall restart)

Then apply this patch (note if ppoe lowlevel device is not vlan like eth0.1 it is not sufficient)

github.com/openwrt/firewall4

Do not add all physical devices for soft offload

openwrt:master ← brada4:wifiroam

opened 08:53AM - 15 Mar 24 UTC

brada4

+5 -1

Let kernel heuristics take care of offloading decapsulation Packets may still en…ter flow engine one encapsulation below actual interface subject to heuristics, while exiting it on listed interfaces, in kernel subject to non-flow encapsulation offloads. Fixes: openwrt/openwrt#13410 Accidentally-part-fixes: openwrt/openwrt#10224 Signed-off-by: Andris PE <neandris@gmail.com>

-> view file -> raw -> upload to /usr/share/ucode/fw4.uc (backing up original just in case)
then do the firewall check & restart

brada4 · May 8, 2024, 8:22pm

Basically pppoe-wan and br-lan should be only offload devices in nft list ruleset | head -20

svillar · May 9, 2024, 8:46am

After applying the patches the speed is back at the 21.x level! Even a bit higher (20-30Mbs) in download. Thanks very much. I hope those patches are merged upstream soon.

WRT the devices after applying the patches I have 5 offload devices in the nft rules: my 3 local VLANs, the underlying device for the PPPoE VLAN (eth0.6) and the pppoe-wan. I hope this is correct. Note that only 2 out of the 3 VLANs have access to the WAN connection but all of them are listed there, maybe additional filtering is needed?

KrypteX · May 9, 2024, 9:07am

I confirm the PPPoE performance drop on 2 of my devices running OpenWrt 23.x: WR1043ND v3 and WNDRMAC v2 (WNDR3800):

brada4 · May 9, 2024, 9:27am

Mss part is committed, likely due soon, 2nd is for unrelated reason but saves the day on half of pppoe installs...

brada4 · May 9, 2024, 9:28am

Can you try patches?

brada4 · May 9, 2024, 10:04am

Release 23 does not need tcp flags a/abc part, nft emits respective bytecode anyway.
You can try bfifo qdisc to claw back few cpu cycles for nftables.

KrypteX · May 9, 2024, 11:20am

@brada4 None of your PRs have been merged into firewall4 according to https://github.com/openwrt/firewall4/pulls?q=is%3Apr+is%3Aclosed

Can I ask why do you think that is? And what do you mean by the Mss part being due soon? It doesn't look like that at all from my perspective. Sorry if I misunderstand the situation or perhaps I don't see the whole picture?

brada4 · May 9, 2024, 11:34am

because jow transfers them upstream.

KrypteX · May 9, 2024, 1:25pm

OK, so the last commit in firewall4 that's like 6 months old https://github.com/openwrt/firewall4/commit/698a53354fd280aae097efe08803c0c9a10c14c2
and I assume this hasn't been integrated into 23.05 yet, am I correct?

How can I find out which firewall4 version (or up to what commit) has been integrated into the public OpenWrt versions? Is there a way to track that down?

brada4 · May 9, 2024, 1:27pm

You are correct, last pull was for 23..0
How to find -> go to openwrt/opwnert/package/net/firewall4 , check makefile release hash, find that in firewall4.git on openwrt git (github works too)

KrypteX · May 9, 2024, 2:21pm

Found it: 23.05.2 has an older firewall4 update, pulled from 2023-09-01

github.com

openwrt/openwrt/blob/v23.05.2/package/network/config/firewall4/Makefile

#
# Copyright (C) 2021 Jo-Philipp Wich <jo@mein.io>
#

include $(TOPDIR)/rules.mk

PKG_NAME:=firewall4
PKG_RELEASE:=1

PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall4.git
PKG_SOURCE_DATE:=2023-09-01
PKG_SOURCE_VERSION:=598d9fbb5179667aa0c525040eaa41bc7f2dc015
PKG_MIRROR_HASH:=038b5b5611425e3c0fcc3ef4a0aea37296733300766d787909a689d16d4f39b4
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=ISC

include $(INCLUDE_DIR)/package.mk

define Package/firewall4

This file has been truncated. show original

the commit was made on Nov 2, 2023, just before your fix was merged into firewall 4 on Nov 3 and nothing since then under 23.05.x.
The 23.05.2 release notes https://openwrt.org/releases/23.05/notes-23.05.2 contain this line:

Update firewall4 from 2023-03-23 to 2023-09-01

But in the main branch, it's there, commit pulled 2023-11-03 https://github.com/openwrt/openwrt/commit/5bb3b5d46ce8e0c91d456bc295c190505b37dbda

I really hope @jow makes another pull of firewall4 into the next 23.05.x.

brada4 · May 9, 2024, 3:33pm

You can review offloads PR at least confirming worksforyoutoo....
It does not work if MSS is mismatched.
If your pppoe lowlevel transport is not VLAN then you need to take that eth0 device out of masq wan firewall zone (default output->accept will let it pass)

brada4 · May 9, 2024, 3:34pm

Your assessment is correct.

svillar · May 9, 2024, 3:46pm

I am not sure if I understand it correctly. Do you mean the mss part is not needed with 23?

Regarding the second suggestion that's about enabling SQM? I thought it wasn't playing well with soft offloading

brada4 · May 9, 2024, 3:51pm

You dont need tcp flags s/sfr piece to extract only syn packets, the nft command emits respective kernel bytecode.
i.e.:

chain mangle_postrouting {
                type filter hook postrouting priority mangle; policy accept;
                oif $wan_devices tcp option maxseg size set rt mtu
}