I did a quick search and couldn't find anything relevant before posting, so forgive me if this has been posted before.
I just upgraded my connection to a gigabit fiber internet service. I wasn't expecting to be able to utilize the full capacity as the whole setup at home is rather old, but I was a little disappointed when I realized my throughput was capped at around 160 mbps or so both up and down. Direct connection to the gigabit modem gives me ~800 mbps (my test machine is old too, so I'd say the actual speed is probably "as advertised")
Then I stumbled upon info about the "software flow offloading" in firewall, enabled it, and much to my surprise throughput through the router now becomes 3xx mbps. Almost twice as fast.
... which leads me to these questions:
Any other tricks to further enhance speed? For instance I saw another post that talks about renaming firewall zones and deleting the wan interface (obviously not applicable to my case as my router is the internet gateway... although I did apply this trick to my other router serving as a wireless bridge). Seems to provide further improvements. Anyone else have something they would like to share?
What are the drawbacks to having software flow offloading enabled? My iptables is not overly complicated although I have customized my firewall with some pretty standard rules. These rules are still in place as far as I can tell. I have noticed however the "realtime graphs" -> "connection" no longer shows all the active connections, most notable being an always-on VPN connection that have apparently gone missing. Not 100% sure but I believe this has something to do with activating the software flow offloading feature...
160 MBit/s vs ~300 MBit/s with software flow-offloading suggests a device (yes, specifics matter for this question) somewhere along the lines of 400-560 MHz ath79 (tl-wr1043nd v1 (ar9132) to tl-wdr3600/ tl-wdr4300 (ar9344)) or equivalent, however you take it, that is no match for more than ~150 MBit/s WAN speed. You lack the CPU performance, you lack the I/O throughput, you lack the RAM for conntracking that comes with busy lines at that speed.
Well the good news is that you don’t have a modem any more.
Fiber is a digital signal pretty much of the same type as the whole network already uses, it is only wrong physical medium. So that “fiber box” is pretty much only a simple optical to electrical medium converter.
Simplest variant of these medium converters are the SFP module where you can change module in the router or switch often plug-n-play between a optical or RJ45 module as you needs are.
A modem converts the analogue telephone or radio (coax) signals to digital signals.
In many residential FTTH deployments that is not the case, GPON is very popular, which multiplexes the fibre cables of several households (around 32-36 is common, but more or less exists) onto a single fibre coming into their POP (ideally you get your dedicated fibre into the POP, for it to be multiplexed there (makes future upgrades easier/ cheaper, as the changes happen exclusively ISP side in their central cabinet - but technically they may also happen in the streets, underground (bad)). These GPON networks require an active, ISP blessed, ONT, to demultiplex the signal, encrypt/ decrypt the individual user streams and handle authentification (in many cases you get 1000BASE-T out of it, but models with fibre output exist as well - also some in SFP/ SFP++ form factor, but they still need to be accepted by the ISP).
That's before looking at all the fun stuff sold as fibre, such as FTTC (plain VDSL2 + (super-)vectoring) or FTTB, which uses g.fast (also similar to VDSL) or TV cable for the last few dozens of metres from the basement to the individual apartments.
That's exactly the kind of setup I have here: 1000/400 connection, the FTTH-box has a 1000BASE-T port on it for networking and a coax for DVB-C. No SFP of any kind, unfortunately. The box itself is quite stuffed with electronics and it's obvious that it's a lot more than just a simple medium converter.
Personally, I prefer having a separate Internet-facing router (currently an UP Squared running pfSense as the OS) without WiFi that does all the firewalling/adblocking/access-control etc. and then having dumb access-points for WiFi -- since the access-points do not do any firewall-tasks, no firewall-rules defined at all, no DHCP, nothing extra other than just handling shuffling the traffic back and forth like a simple pipe, they get slightly better performance than with even just a couple of rules. It's not an enormous difference, but it's still measurable.
I have not been able to get an RPi4, so I have no idea how well it performs CPU-wise. That said, UP Squared has dual gigabit NICs connected through PCIe, whereas with RPi4 you'd have to use a USB Ethernet-adapter, and that alone will make a sizeable difference wrt. latency.
Personally, I would recommend something with PCIe-connected NICs, whether they are built-in or discrete cards, for gigabit-speeds.
Well, maybe it's just me, then. I have a whole bunch of gigabit USB-adapters and they all introduce latency and none of them can reach quite as high speeds as PCIe-connected NICs, no matter what system I connect them to -- Windows, Linux, BSD, no difference.
They shouldn’t be able to do it either since the whole USB system is based on star connections around a hub where every device on the star gets its slot time to do something. This works fine for low speed devices and single device on the star. But as soon as you get more high performance devices on the star they need to share bandwidth with each other.
So USB-to-ethernet devices and pretty much all other converter devices like HDMI etc is like bad compromise's to solve acute problems at best but I don’t see them as permanent solutions.
Not that the typical dongles support that (yet), but USB (from 3.1 on and certainly 4) offers alernate modes in which PCIe or displayport can be either using dedicated lanes or be tunneled over the existing USB link....'
And USB devices tend to be relative compatible, if e.g. compared to SFP modules.... I am not saying a working SFP module isn't great, just that the chance of getting a random SFP module to work seems slimmer than getting a random USB dongle to work....
You are talking about Thunderbolt. USB 3.1 or earlier do not have any PCIe-over-cable support unless the port supports Thunderbolt; if the port doesn't support Thunderbolt, you won't be getting a PCIe-over-cable connection, even if the device you're plugging in did support it. You also won't be finding Thunderbolt on most devices, because when used with USB before the USB4 spec, it requires licensing from Intel.
USB4 specification does support Thunderbolt without it needing to be licensed from Intel, but the port still has to support it in order for you to be able to use PCIe-over-cable. It's not automatically available on every USB4-port.
Well, "thunder-bolt" has been folded into USB4 for all intents and purposes, and alternate modes have already been specified for USB3.1...
But you write pretty much exactly that, so we agree. Point being USB is improving and the issues brought against it now, might go away in the near future... But that is not going to change the fact that there will be low cost lw quality devices out there that will result in unhappy users, just like today the asix based dongles are considerably less fun then the realtek ( like the tp-linkUE300) ones.
Even with that out of the way, I wouldn't put too much hope into that idea, it's just a different market segment and target audience (small/ cheap).
For these hypothetical PCIe based devices in USB form-factor, you'd be looking at considerably bigger devices to help with heat dissipation and to get useful antennas mounted - and significantly higher costs. wifi6 cards are running hot and are rather power hungry (often even to the extent of exceeding PCIe specs).
So that is why all serious network equipment all over the world is equipped with SFP and usually have no USB ports to begin with and definitely no USB ports that actually run network data…