Massive PPPoE performance drop in 23.x with Archer C7 v2

I've been using an Archer C7 v2 as main router for some years now. I have a symmetric 1Gb fiber connection at home. I know that the device is not capable of that speed but I was getting a decent ~600Mb symmetric connection with 21.02.7

When I upgraded to the latest 23.05.3 I immediately noticed a performance drop. Indeed when running speed tests (I tried multiple ones) the download speed seems capped at 200Mb/s while the upload speed is a bit better (~350Mb/s) but still far away from the values I was getting with the same configuration.

I've read about ct and non-ct drivers but AFAIK that only affect wifi performance right? I'm testing always with ethernet cables. I have verified that the upstream connection is perfectly fine, I setup a PPPoE connection in my laptop and connected directly to the HGU bypassing my router and I was getting the symmetric 1Gb without issues.

Also I've seen this topic that suggests that 150-200 is the maximum you can get. I think the actual test data contradict that.

Is offload involved?
is pppoe lowlevel interface vlan or ethernet?

So software offloading is enabled, otherwise I get lower speeds indeed. Hardware offloading is not supported in this device.

Regarding the underlying device of the PPPoE interface, it's a VLAN indeed. For that VLAN I have packages tagged in both CPUs (it has eth0 and eth1) but the packages go untagged in WAN interface because that's how the HGU serves them (that's the reason why I can connect my latptop directly to the HGU).

Note that this might not be something specific to 23.x as I had similar issues in 22.x and decided to downgrade to 21

1 Like

First correct MSS:
in /etc/nftables.d/mssfix.nft

chain mangle_postrouting {
                type filter hook postrouting priority mangle; policy accept;
                oif $wan_devices tcp flags syn / syn,fin,rst tcp option maxseg size set rt mtu
}

(fw4 check && service firewall restart)

Then apply this patch (note if ppoe lowlevel device is not vlan like eth0.1 it is not sufficient)

-> view file -> raw -> upload to /usr/share/ucode/fw4.uc (backing up original just in case)
then do the firewall check & restart

1 Like

Basically pppoe-wan and br-lan should be only offload devices in nft list ruleset | head -20

After applying the patches the speed is back at the 21.x level! Even a bit higher (20-30Mbs) in download. Thanks very much. I hope those patches are merged upstream soon.

WRT the devices after applying the patches I have 5 offload devices in the nft rules: my 3 local VLANs, the underlying device for the PPPoE VLAN (eth0.6) and the pppoe-wan. I hope this is correct. Note that only 2 out of the 3 VLANs have access to the WAN connection but all of them are listed there, maybe additional filtering is needed?

1 Like

I confirm the PPPoE performance drop on 2 of my devices running OpenWrt 23.x: WR1043ND v3 and WNDRMAC v2 (WNDR3800):

Mss part is committed, likely due soon, 2nd is for unrelated reason but saves the day on half of pppoe installs...

Can you try patches?

Release 23 does not need tcp flags a/abc part, nft emits respective bytecode anyway.
You can try bfifo qdisc to claw back few cpu cycles for nftables.

@brada4 None of your PRs have been merged into firewall4 according to https://github.com/openwrt/firewall4/pulls?q=is%3Apr+is%3Aclosed

Can I ask why do you think that is? And what do you mean by the Mss part being due soon? It doesn't look like that at all from my perspective. Sorry if I misunderstand the situation or perhaps I don't see the whole picture?

because jow transfers them upstream.

OK, so the last commit in firewall4 that's like 6 months old https://github.com/openwrt/firewall4/commit/698a53354fd280aae097efe08803c0c9a10c14c2
and I assume this hasn't been integrated into 23.05 yet, am I correct?

How can I find out which firewall4 version (or up to what commit) has been integrated into the public OpenWrt versions? Is there a way to track that down?

You are correct, last pull was for 23..0
How to find -> go to openwrt/opwnert/package/net/firewall4 , check makefile release hash, find that in firewall4.git on openwrt git (github works too)

Found it: 23.05.2 has an older firewall4 update, pulled from 2023-09-01

the commit was made on Nov 2, 2023, just before your fix was merged into firewall 4 on Nov 3 and nothing since then under 23.05.x.
The 23.05.2 release notes https://openwrt.org/releases/23.05/notes-23.05.2 contain this line:

  • Update firewall4 from 2023-03-23 to 2023-09-01

But in the main branch, it's there, commit pulled 2023-11-03 https://github.com/openwrt/openwrt/commit/5bb3b5d46ce8e0c91d456bc295c190505b37dbda

I really hope @jow makes another pull of firewall4 into the next 23.05.x.

You can review offloads PR at least confirming worksforyoutoo....
It does not work if MSS is mismatched.
If your pppoe lowlevel transport is not VLAN then you need to take that eth0 device out of masq wan firewall zone (default output->accept will let it pass)

Your assessment is correct.

I am not sure if I understand it correctly. Do you mean the mss part is not needed with 23?

Regarding the second suggestion that's about enabling SQM? I thought it wasn't playing well with soft offloading

You dont need tcp flags s/sfr piece to extract only syn packets, the nft command emits respective kernel bytecode.
i.e.:

chain mangle_postrouting {
                type filter hook postrouting priority mangle; policy accept;
                oif $wan_devices tcp option maxseg size set rt mtu
}