Flow offloading implies basic functionality. It's not compatible with advanced features and if someone is looking i.e. gaming or VPN or even banip/ipset (or anything beyond basic NAT)...
Partially true, partially false.
It is indeed incompatible with QoS.
It is compatible with a site-to-site VPN or remote access VPN (i.e. not the default route) if one accepts that the VPN is slow (50 Mbit/s for pptp) and the main internet connection is fast.
It is compatible with ipset.
Banip works as long as hackers disconnect between attempts, which is mostly true for ssh hacking.
If one disables flow offloading in Luci and adds the same rule manually with an added -m connbytes --connbytes 500000 --connbytes-mode bytes --connbytes-dir both match, then banip will work as intended (because hackers do not do a dummy big transfer before the hack) at the price that small uploads and downloads will not be accelerated - but 500 kilobytes is not enough for TCP to reach speeds where flow offloading becomes meaningful.
Just to clarify: I never talked about compatibility with VPN. I talked about the ability to effectively use them together, which stills true due to CPU starvation.
Incompatibility only with QoS. The other things are not incompatible but also not doable because you're pushing the CPU to max already.
EdgeRouter X is MT7621. slh has it right above. An EdgeRouter X will handle basic routing at your new line speeds fine, but mine tops out with SQM enabled at ~185 Mbps. FWIW, an Archer C7 with SQM will top out around ~135 Mbps used as a router if memory serves (I know from experience its appreciably slower than the MT7621 - just been awhile since I used it this way). I've used an Archer C7 as an AP before and found the 5GHz WiFi wouldn't do much more than low to mid 1xx Mbps.
As long as you have a USB to serial dongle and are comfortable opening up the case to flash it the first time, I recommend a used EA8500 (IPQ8064) on ebay or such (~$60 shipped is about right). Much faster than EdgeRouter X and Archer C7, and much less expensive than an IPQ8065 R7800 without being that much slower. It will be borderline covering your line speed, but as long as you're content with getting most of the new line speed it will serve.
From personal experience with several Archer C7v2 units, they were great in their day, but the current ipq40xx wireless is significantly better. I would imagine the same for ipq806x.
I believe that relying on flow-offload to achieve the throughput you want will be limiting in the future as you can’t run SQM. Even with a high-bandwidth line, I find SQM very valuable.
That sounds pretty good.
And yeah, opening stuff up is not a big deal for me.
I actually studied microsystem engineering, despite working as a coder now, so I don't even mind soldering or whatever.
I'm gonna see if I can get an EA8500 for cheap.
After a quick check on ebay, they don't seem to be super common here, so it might be a bit more than 60bux, but eh.
Thank you!
While I'm very happy with ipq806x for my needs (on a 100/40 MBit/s VDSL line), that platform is borderline at best (and probably just beyond the that imaginary limit) for 500/50 MBit/s (especially as a gaming router with SQM) - and those figures are already based on the faster ipq8065 chipset, with the ea8500 is using the slower ipq8064 SOC and the additional drawback that the ea8500 is only using a single CPU-port, while all other ipq806x devices use both.
What about the ea-6350 doesn't that provide an excellent bang-for-buck ratio? (ipq40xx, 128m RAM, 256m flash where I am it's a quarter the new price of the ea-8500)
Oof, any better suggestions, then?
I mean... sounds like I'm gonna be spending 100 or more, after all.
As I said, I'm also down for getting a separate router and Wifi AP.
Well, if you are willing to exceed the 100 EUR by a lot, the turris omnia is a pretty nice dual core MVEBU arm router, that I tested to allow sqm traffic shaping up to 550/550 Mbps. But it is ~300EUR, and for that monkey you should be able to get a more performant x86/64 based wired router and a 5GHz capable router to do duty as AP.
I just checked and the EA6350 is about 80 bux here, while the EA8500 is about 180 new and 120 used or refurbished.
Looking at the specs, the EA8500 for 120 seems like an okay deal, but it might actually be cheaper to import, then, but yeah, as others have stated, it might not be enough.
To be frank, I do not think ipq40xx would handle 500 MBit/s for a gaming router (SQM) either (although I don't have hands-on experience with it); there's a reason why I suggested mvebu (despite its challenged wlan) or x86_64.
Have a look at @jeff's most excellent comparative testing post: https://forum.openwrt.org/t/comparative-throughput-testing-including-nat-sqm-wireguard-and-openvpn/44724.
IPQ40xx comes out at 210 Mbps (that is the sum of up and down) with SQM under the demanding RRUL test instead of the 550 the OP ideally would require, so at least with sqm both EA6350 and 8500 might too puny to fully saturate the link, but they should punch leagues above the OP's trusty old TL-WR1043ND...
@vitaliy-kuzmich the keywords here are "500/50 MBit/s" and "a bunch of gaming systems", which implies QoS/ SQM to be at least a potential concern.
mt7621, as on your mir3g, has hardware acceleration for up to 1 GBit/s linespeed, but the mt7621 CPU is weak - everything that can't be dealt with in hardware (hint, QoS/ SQM can't) suffers greatly. So no, mt7621 is not suitable to serve "a bunch of gaming systems" at "500/50 MBit/s". It would be fine doing that for an office environment (where latencies are less of a concern, as long as VoIP/ SIP remains usable), but certainly not for multiple gaming systems.
The fact remains, everything above ~200 MBit/s, ~300 MBit/s at most, goes beyond the means of most contemporary consumer devices - and a gaming focus (low- and stable latencies) worsens the situation even more. Your experiences from the <=150 MBit/s range don't really extrapolate.
What's left are near-enterprise solutions:
mvebu (difficult wireless)
x86_64
mt7621, if all you care about is routing and simple firewalling+NAT, it will not be competitive for VPN uses, nor in the low-latency domain.
given that most users these days do have some additional features beyond the hardware accelerated base line on their list of requirements, I don't really consider this as a recommendation aside from being a budget option or for ~up to 100 MBit/s home setups.
Indeed, i worked on ea6350 v1. Gave me almost a nervous breakdown. Those things are rubbish! Cant believe linksys sold devices with cfe's that crap out. That entire ea**** broadcom series is horrible. In the end, i just threw my ea6350 v1 in the garbage (after planting my size eleven a couple of times on it ).
Hokay, seems like I can get a used WRT3200ACM for 70-100 bux on ebay.
(If I'm lucky, a WRT32x, but those are super rare, it seems)
Any objections to that one, then?
I the wifi really DOES become a problem, I could always get a separate AP, right?
wrt3200acm and wrt32x are basically the same hardware, aside from the flash partitioning (which requires different firmware images) and the colour of the case. Just get whatever is cheaper or easier to obtain - there is no functional difference between them while running OpenWrt.
).