OpenWrt Forum Archive

Topic: No Hardware NAT Support = No FUN

The content of this topic has been archived between 16 Apr 2018 and 28 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

mazilo wrote:
spirymedia wrote:

I am having a fiber connection 1Gbit .... I only get 300 mbps because of OpenWRT lazy developers to try to workaround this issue. Is very important.

I strongly recommend you get involved with developers to support this feature.

I am not sure whether contacting the developers will further his agenda, given his attitude...

Best Regards
       M.

alphasparc wrote:
tapper wrote:

openwrt is getting slower could we gang up and crowd fund for some work on speeding up openwrt or all just donate to openwrt?

Need better tools to analyse MIPS network processing to improve performance as well as leverage on any HW assisted processing possible we cannot afford to pretend everything that runs well on Intel will run well for other processors.
Unless you want to buy new routers.

I agree an I am all for it. But while we talk about pretending, we also should not pretend that hardware that was targeted at working with ADSL-class bandwidth needs to scale up to the multiple hundreds of mbps of bandwidth ISP no routinely offer. At some point the hardware needs to step up, hardware assists are attractive to manufacturers because they are cheaper than modernizing the whole architecture... (and unfortunately home-router class MIPS are basically stuck 10 years in the past compared to more main stream architectures, like arm or x86). That said any kbps that can be wrought out of existing deployed hardware is certainly worth the effort; but people on 1Gbps links complaining that <$50 routers do not cut it maybe need to think about upgrading their hardware (or downgrading their link wink )...

Best Regards
        M.

moeller0 wrote:

Not that I am an expert, but part of the slow down is related to new functionality we have gained. Odhcpd makes native IPv6 connectivity (in the best case) as easy as plugging the wan cable into the openwrt router. Personally that is functionality I am willing to sacrifice a bit bandwidth to. Please also note that hardware NAT as a proposed solution falls short in the AQM department; while it would be nice to achieve higher NAT bandwidth this becomes irrelevant as long as AQM not NAT effectively limits the achievable throughput... Currently it seems that AQM requires a beefy CPU, and once you have that sufficient NAT performance comes as part of the territory. I realize that there is not a general consensus about these trade-offs though...

Best Regards
         M.

For people with fat enough pipes AQM is no longer required they can't even saturate the half the bandwidth.
Gigabit transfer greatly exceeds Disk I/O unless you are talking about SSD.
We also have to take note that CPU bound processing affects all other functionality.
If Router performs WiFi processing and NAT processing the combine processing effects will reduce throughput, overall performance depends on every other thing the router has to do, now add more Wireless Clients to the equation and maybe someone in the network uses bittorrent, quickly performance will drop even further, offloading allows the CPU to concentrate on performing less task.

In addition I have read Hardware NAT docs for Hardware NAT switches they do have some form of QoS like 3 or 4 queues not sure if that is good enough.
I do think that Hardware NAT will continue to be used in future hardware since any form of hardware assist will definitely be utilized in future hardware, we have hardware assisted virtualisation, hardware assisted encryption.
Even quad arm processors will have trouble hitting the gigabit rate of software NAT.
Let me just link the Linaro Network Group here
http://www.linaro.org/projects/networking/

(Last edited by alphasparc on 5 Oct 2015, 18:43)

alphasparc wrote:
moeller0 wrote:

Not that I am an expert, but part of the slow down is related to new functionality we have gained. Odhcpd makes native IPv6 connectivity (in the best case) as easy as plugging the wan cable into the openwrt router. Personally that is functionality I am willing to sacrifice a bit bandwidth to. Please also note that hardware NAT as a proposed solution falls short in the AQM department; while it would be nice to achieve higher NAT bandwidth this becomes irrelevant as long as AQM not NAT effectively limits the achievable throughput... Currently it seems that AQM requires a beefy CPU, and once you have that sufficient NAT performance comes as part of the territory. I realize that there is not a general consensus about these trade-offs though...

Best Regards
         M.

For people with fat enough pipes AQM is no longer required.

       I believe it when I see it with my own eyes wink. Really GPON for example comes with enough potential for latency screwup that I am not as optimistic as you are regarding the need for AQM...

alphasparc wrote:

We also have to take note that CPU bound processing affects all other functionality.

       I realize that this my view is not the consensus view, but I basically am happy if my router does routing, NAT and firewalling, anything on top of that is bonus, nice to have, but will be jettisoned if it interferes with the 3 main jobs. I realize that others have different views on this.

alphasparc wrote:

If Router performance WiFi processing and NAT processing the combine processing effects will reduce throughput, overall performance depends on every other thing the router has to do, offloading allows the CPU to concentrate on performing less task.
In addition I have read Hardware NAT docs for Hardware NAT switches they do have some form of QoS like 3 or 4 queues.

Hrrm, neither ethernet qos ( https://en.wikipedia.org/wiki/IEEE_P802.1p ) nor wlan qos ( https://en.wikipedia.org/wiki/IEEE_802.11e-2005 ) work that well in real life, I would be (positively) surprised if hardware-NAT qos would be any better. But just because my expectation are low, that does not mean that I am right, just that I am sufficiently cynical...

alphasparc wrote:

I do think that Hardware NAT will continue to be used in future hardware since any form of hardware assist will definitely be utilized in future hardware, we have hardware assisted virtualisation, hardware assisted encryption.
Even quad arm processors will have trouble hitting the gigabit rate of software NAT.
Let me just link the Linaro Network Group here
http://www.linaro.org/projects/networking/

Once there is a mainline supported open API to the network assist hardware the balance might tip (well as I perceive it), but I do not see that we are there currently. There are reports that the marvel armada 385 SoC based home routers get close to what can be expected with software NAT and aqm ( 860 Mbps at 55% sirq), so I believe that hardware NAT can be avoided currently.


Best Regards
        M.

(Last edited by moeller0 on 5 Oct 2015, 18:55)

alphasparc wrote:
tapper wrote:

openwrt is getting slower could we gang up and crowd fund for some work on speeding up openwrt or all just donate to openwrt?

Need better tools to analyse MIPS network processing to improve performance as well as leverage on any HW assisted processing possible we cannot afford to pretend everything that runs well on Intel will run well for other processors.
Unless you want to buy new routers.

So do you think some donations will help with this issue or not? I was looking to upgrade to a new router after Xmas, may be a c5 or c7 or some thing like that what ever is running with Openwrt at that time.

No, donations will not really help. Whats needed is manpower, not money. So far, hardware NAT acceleration has not been incorperated because the integration quality of vendor provided drivers with the kernel is very poor. In order to get accepted into OpenWrt mainline, the hw nat support needs to be written in a way which makes it possible to get accepted upstream - this requires good coordination with the netfilter and kernel networking developers and likely involves a complete rewrite of whatever source code the vendors released (if any).

A bit of noise I can see it can reach attention. Well so I guess nothing can be done at this point whatsoever ? No even with crowdfund or anything like that? sad It's really , really sad then. We are stuck in the pass.

As I understand it, with IPv6 NAT will disappear. TCP/IP and the Internet were never designed for NAT in the first place. And IPv6 is slowly slowly being adopted.

I use OpenWrt bacause of control and features... if that comes at some performance cost, well so be it.

(Last edited by zo0ok on 6 Oct 2015, 07:29)

zo0ok wrote:

As I understand it, with IPv6 NAT will disappear. TCP/IP and the Internet were never designed for NAT in the first place. And IPv6 is slowly slowly being adopted.

I use OpenWrt bacause of control and features... if that comes at some performance cost, well so be it.

Thanks for this post! If you have it rite then. I don't mind that the devs are not working on hard ware nat. It wood make sense not to put all that work in to some thing that will be dropped in the near future. Hears hoping that more people will ring up there ISPS and ask for IP v 6 If that is the case.

spirymedia wrote:

A bit of noise I can see it can reach attention. Well so I guess nothing can be done at this point whatsoever ? No even with crowdfund or anything like that? sad It's really , really sad then. We are stuck in the pass.

You could always, you know, start to write the code yourself? Then maybe after some years, you might appreciate the amount of _free_ work the OpenWrt devs have done for us already and respect their decisions on what they want to focus on.

Again, there are routers available that will handle ~1Gbps with software NAT until your ISP can deliver IPv6.

moeller0 wrote:
mazilo wrote:
spirymedia wrote:

I am having a fiber connection 1Gbit .... I only get 300 mbps because of OpenWRT lazy developers to try to workaround this issue. Is very important.

I strongly recommend you get involved with developers to support this feature.

I am not sure whether contacting the developers will further his agenda, given his attitude...

Best Regards
       M.

Then, s/he should get his/her hands dirty to get involved with the development as pointed out by arokh above.

What is really don't get is why sometimes we have such a change in performance when upgrade system.

When i first got my TP-LINK 4300 - with original malay firmware ( i was able to get the full speed i pay from my ISP ) its optical fiber ... 200/100 - i use malay firmware because of vlan support that was dropped on usa version.

Ok, good router ... with openwrt support ( i flashed it when it started with 12.09 ) ... we hit final 12.09 and vualaaa. Openwrt was good ( still have 200/100 ) the router is very powerfull.

Then it comes BB 14.07 ( since the first build ) it was never possible to get 200/100 ... in everykind of speedtest i get 130 ... 140 with some sacrifice ... from wan to lan.

We've got 14.07 final issue is still there.

15.05 CC is here, the problem is still there.

Ok, this is not a firmware for end users, it was not developed to do this kind of job. we agree to sacrifice something ... but now i'm doing half of the speed.

Do you guys does not have this kind of issue ? is that really that in brazil ( far from being a good place with the best internet of the world ) i have a faster internet ... and devs don't suffer from it ?

So i understand that none of you guys care about this ? you pay your isp for X ... you received C .. because of your hardware you no ones care ? its ok to pay the double to have the half, instead of looking at the problem you suggest that i should cut half of the speed and pay only what my router can do ...

It's just like ... you buy a house with 4 rooms ... 2 of them have problem, instead of fix ... you prefer to ask and pay for only 2 rooms because you have to sacrifice ?

does not make sense to me ...

I just wish i could have on new updates with new features that makes me prefer openwrt instead of original ... at last equal performance like on previous build.

Perhaps it would be better to just let this topic die, but I take the bait, here we go...

Have you guys seen the list of kernel patches OpenWrt devs maintain and apply:
http://git.openwrt.org/?p=15.05/openwrt … tches-3.18

Clearly, many of these are about network, performance and reducing size (to make recent kernels install and run at all on much of the supported hardware).

I could imagine OpenWrt to be more specialised/hacked/adapted/optimized for the hardware it runs on and the tasks it performs. That would make the list of patches longer, and it would be harder and harder to keep up to date with recent linux kernels. Eventually, we might get stuck with a fork of some legacy kernel (the brcm-2.4 target was essentially that).

I could also imagine OpenWrt to be more standard-linux-compliant: less patches and less tweaks.

I feel confident that our developers make tough decisions all the time about this: optimise and specialise for OpenWrt, or keep it standard and compliant. And it makes me feel confident that OpenWrt is based on a recent linux kernel. The alternative, a heavily hacked old kernel, with plenty of binary blobs, would be very hard to keep secure and updated... and new features in Linux, and new hardware, would perhaps never make it to OpenWrt.

If you want maximum performance from your router, run stock firmware on it.
Or if you don't like OpenWrt, use DD-WRT then (which is not a real linux distribution the way OpenWrt is).

I think it is amazing that I can backup my configuration from a router with a MIPS chipset, and restore it to my WDR4900 with a PowerPC chipset, or to a Linksys WRT1900 with a modern ARM chipset. Any supported device essentially behaves the same. This requires focus on what is common between the devices, not specialising in the oddities (like hardware NAT).

Finally, I have a 100Mbit down/10Mbit up internet connection. And I have a WDR4900 with one of the fastest CPUs supported by OpenWrt. I would happily pay less for slower internet, but this is the cheapest/slower my ISP offers.

What do you guys do with 1GBit, which makes it a REAL problem, that your 50Euro router, does not exploit the NAT-chip?
If you really want super fast OpenWrt, why don't you just get a cheap MiniITX box with a Quad Core x64, an extra NIC, and a Gigabit switch?

...I should probably just have kept my mouth shut...

It is impressive how people thinks that an opensource project _not_ supported by the manufacturer (for exmaple tplink does not help releasing sources of their firmware) of a certain device could just use everything of that device because reasons.
And the openwrt project is not even supported by millions of bucks due to crowfunding.

Before whining for nat, get a firmware upgrade for your thinking processor.

donow you but im ok with 10MB/s (max NAT of my router) and we are 5 on same wan
on the other side your more then welcome to contribute; OWRT is a big project youll find something to do.. read forums.. ALL FOR FREE ofcourse

ps: id like to find some 56K modem access points for free sometime just for the fun of it
ps2: seems your happier with OEM FW.. go with that.. you dont need OWRT.. follow the american dream big_smile

(Last edited by makarel on 8 Oct 2015, 14:22)

makarel wrote:

ps: id like to find some 56K modem access points for free sometime just for the fun of it

If you find one (USB version), especially with a FREE S/H, please do let me know. I am interested to turn this beast into a FAX port for my PogoPlug Pro 02.

mazilo wrote:
makarel wrote:

ps: id like to find some 56K modem access points for free sometime just for the fun of it

If you find one (USB version), especially with a FREE S/H, please do let me know. I am interested to turn this beast into a FAX port for my PogoPlug Pro 02.

check your local SH market.. as delivery fees can be very high considering item value; you can also get a serial one and a serial to usb adapter.. or parallel big_smile

an if you insist.. i think you can do analog.. with a audio usb card.. far fetched thought

(Last edited by makarel on 8 Oct 2015, 15:23)

I found on the internet QCA8337N datasheet which support NAT offload but it can hold only 1024 entries in the translation table. It is not too much and it supports only TCP,UDP,GRE protocols. It can overflood with a simple torrent client...
So as I see, HW NAT in branch market devices is good for speedtests and similar but not for everyday production use.
Regards,
oreggin

Read this ticket - https://dev.openwrt.org/ticket/11779

HW nat is just fake feature with lots of limitations, and only works to show great speedtest results, but it doesn't work in real life when you have lots of connections.

valentt wrote:

Read this ticket - https://dev.openwrt.org/ticket/11779

HW nat is just fake feature with lots of limitations, and only works to show great speedtest results, but it doesn't work in real life when you have lots of connections.

bullshit

oreggin wrote:

I found on the internet QCA8337N datasheet which support NAT offload but it can hold only 1024 entries in the translation table. It is not too much and it supports only TCP,UDP,GRE protocols. It can overflood with a simple torrent client...

1024 free-for-cpu connections, it's great, and it's much better to have it then not to have

all additional connections will be pure SW and anyway it will allow your device to handle much more load in compare with pure sw mode

and btw, not only atheros provides hw nat capabilities
ralink/mediatek chips contains much better PPE block with nat table up to 16k connections, hw qos implementations and several other offloads
and all that features also still unimplemented in the mainline

(Last edited by stas2z on 3 Mar 2016, 13:05)

There are no open source implementations so far and nobody is even working on it. With faster hardware and IPv6 on the horizon I can't picture any developers wanting to work on this for free.

arokh wrote:

There are no open source implementations so far and nobody is even working on it. With faster hardware and IPv6 on the horizon I can't picture any developers wanting to work on this for free.

it's an acceptable point of view and i respect it
but imho IPV6 is still far from the real life and it will take at least 5-10 years to become an usual ISP option and current pure software router hardware have to be 3-5 times faster at least to reach current offload enabled devices

so for this moment with my device (mt7621a powered) i can have fully loaded 1gbit IPoE or PPPoE and 90% of CPU will be still available for other tasks. What kind of hardware can do the same in pure software mode atm?

(Last edited by stas2z on 3 Mar 2016, 13:37)

stas2z wrote:

but imho IPV6 is still far from the real life and it will take at least 5-10 years to become an usual ISP option

Well, that depends on the country where you live. Based on Google's data, 8-10% of traffic is ipv6 globally.
https://www.google.com/intl/en/ipv6/sta … 6-adoption

But the adoption rate varies wildly by country:
* in Belgium ipv6 is already over 40% of the traffic,
* in USA, Germany, Portugal and Greece it is over 20%,
* several other countries are at 8-10%,
* but of course there are laggards like Russia, Italy and Spain with <1%.
https://www.google.com/intl/en/ipv6/sta … 6-adoption

(Last edited by hnyman on 3 Mar 2016, 13:50)

stas2z wrote:

but imho IPV6 is still far from the real life and it will take at least 5-10 years to become an usual ISP option and current pure software router hardware have to be 3-5 times faster at least to reach current offload enabled devices

I think the number of people who can already use and benefit from IPv6 is much higher than the number of people who have internet connections with more than 200 Mbit/s. And if you do have a much faster internet connection, then you might as well just spend a few more bucks to get a faster router as well (like e.g. the Linksys WRT 1200/1900 or an x86-based custom router) - at least if you insist on running free software.

Sure, it would be nice if there was an open-source driver for the hardware NAT feature. But since OpenWrt is free and offers much more that is practically relevant (at least for me), I don't mind the lack of hardware NAT either. Plus, I assume most users spend some time to research the state of the OpenWrt support for a specific device before they buy it. When I bought my Archer C7 v2 last summer, I had read the wiki and browsed the forum before and I was aware that the NAT throughput is limited. So, I don't see any reason to complain.