Advice wanted: Best Tomato Router/Firmware for 175Mb Fibre

Discussion in 'Tomato Firmware' started by Arch Duke of Awesome, Apr 23, 2013.

  1. Arch Duke of Awesome

    Arch Duke of Awesome Serious Server Member

    Hi there, I'd welcome your advice on the best tomato based router/firmware to take advantage of my new 175Mb/s Fibre connection! Thanks in advance.
  2. gfunkdave

    gfunkdave LI Guru Member

    I think you might have trouble finding a consumer router that can deal with that...though I think the Asus RT-n66u can.
  3. RMerlin

    RMerlin Network Guru Member

    An RT-N66U running Tomato should do, altho barely. Without hardware acceleration, 200 Mbps is about the max you can get out of an RT-N66U (and that's assuming you have straight DHCP and no PPPoE encapsulation). Beyond that, you'd need to stick with Asuswrt(-Merlin), which has so-called HW acceleration.
  4. Monk E. Boy

    Monk E. Boy Network Guru Member

    Indeed, at those speeds you may very well want to simply run routers in "access point" mode, where you disable routing on them & just let them serve up the LAN connection over wireless. Upside is you get a more stable wireless connection than most OEM equipment can provide. Downside is you're stuck with the featureset of the ISP's router, which typically means no QoS, filtering, etc.
  5. nick ant0ny

    nick ant0ny Networkin' Nut Member

    Well maybe the only choise would be the rt-n66u as the other guys refered, even though for those speed in base of what you need always if i was you, i would go for a dedicated mini pc with some kinda x86 distro firewall.
  6. Monk E. Boy

    Monk E. Boy Network Guru Member

    I quite like pfsense, it's fairly easy to understand as x86 firewalls go. Nearly everything you would want to do is configured via a web server on the box.
  7. Elfew

    Elfew Network Guru Member

    Is there any way how to add "HW acceleration" to Tomato? Or it is so complicated thats it is not possible... I am just curious
  8. koitsu

    koitsu Network Guru Member

    What exactly would you like accelerated by hardware?

    These consumer routers do not have any kind of IP offloading hardware (dedicated ICs) -- in fact, most systems (including PCs) don't. Only dedicated hardware tends to. The IP stack in Linux is therefore, by default, entirely CPU-bound. This specifically affects traffic being forwarded (to the ISP) along with NAT; meaning, LAN traffic stays on a dedicated switch (in many models of routers this is a physically separate IC), which means not CPU bound. NAT, packet forwarding, and all these other nonsensical features (including "virtual LANs" (not the same thing as 802.1Q VLANs), layer 7 filtering, and god knows what else you people think these low-end devices are capable of handling) are CPU-bound.

    These routers were not made/engineered for networks pushing 175mbit/sec.. They were made for things like DSL lines and cable modems doing things like 10mbit. The newer routers handle more because they have faster CPUs (and nothing else, really!), but the overall hardware does not offer any new "offloading" features. If you want that, buy an actual router -- you know, something from Cisco or Juniper. And even Cisco and Juniper's low-end stuff can't push very many PPS (packets per second). You have to start considering US$800-900 devices (which should not be a problem if you're able to afford a 175mbit/sec connection anyway).

    These routers are not x86 PCs. x86 PCs are absolute ball-deep powerhouses as far as what they can handle. They are in no way/shape/form as limited/slow as little MIPS CPUs. And even with the upcoming ARM-based routers which will probably perform better, the ARM CPUs used in the routers will not compete with an x86 PC. Period.

    if you have a very high end connection, you should be looking into Juniper and Cisco devices (not their SoHo crap either -- some of Cisco's low-end SoHo crap is actually just "rebranded" Linksys garbage, as in they took some crap Linksys device + put a Cisco label on it + changed pictures in the firmware + SHIP IT. These are awful devices and not what I consider a real Cisco router to be).

    Else you should be looking at getting routed a subnet directly from your ISP and get rid of a router (and NAT) entirely -- native IPs on all your machines, and use the firewall on each machine. Really. It works, and the processing power of those machines is significantly higher than any consumer-grade router, plus you don't have to deal with NAT's nonsense.
  9. Elfew

    Elfew Network Guru Member

    What about CTF - does it increase throughput? CTF is not working in Tomato, so I cannot test it
  10. RMerlin

    RMerlin Network Guru Member

    Working CTF would mean you lose QOS, Parental Control, advanced VLANs, and a bunch of other features that rely on fully working iptables. At that point, what would be the point of running Tomato if you'd only use basic routing functionality?

    That was the rationale for which the Tomato devs decided to drop CTF a few years ago. Which does make sense IMHO.

    Impossible to tell exactly what CTF does (closed-source), but the base of it seems to be in taking shortcuts through the Linux network stack, bypassing (for one) part of iptables.
  11. Elfew

    Elfew Network Guru Member

    Yes, I agree. We have some Mikrotik devices in our company... their products are excellent with good price.
  12. quihong

    quihong Networkin' Nut Member

    A little off topic, but what are people using with Google Fiber?
  13. koitsu

    koitsu Network Guru Member

    I've yet to see anyone on this forum who has Google Fiber, given the very small area where it was deployed. It's not exactly cheap either (for that region/area). I have a friend who's in Kansas City and she simply can't afford it.

    Google themselves say this (read section "Special Information Regarding Home Wi-Fi Routers"): -- the short version: they give you a router that's known to work and provide high enough speeds. So, ask Google what device it is they're providing their customers, if it's open-source, if it does NAT, and so on. Ten bucks says it's proprietary, might do NAT (possibly with something like CTF), and that's about it.
  14. RMerlin

    RMerlin Network Guru Member

    If I were to get such a ridiculously fast connection (maybe in 2030 at the current upgrade rate we are seeing here in Canada...), I would most likely use a dedicated PC as firewall, either an Atom or a low-end i3, then hook a router as the AP.
  15. philess

    philess Networkin' Nut Member

    Let´s hope by that time the routers have evolved a lot too :) I hope we laugh at a Atom or i3 as router
    in 17 years from now hehe.
  16. Monk E. Boy

    Monk E. Boy Network Guru Member

    The only form of "hardware acceleration" I'm aware that used to be enabled in Tomato that's no longer enabled is NAT acceleration, which was disabled due to a hoary list of caveats that have to be strictly obeyed in order to keep it functioning. With NAT acceleration, which you get with ASUS's default firmware on an RT-N66U, you can push more IPv4 NAT packets through the router. If you're primarily pushing IPv6 then that shouldn't affect anything. Ultimately there is a limit since routing is entirely CPU bound as clearly explained by koitsu.

    FWIW you should be able to build an ITX-based PC with a fairly quick (for a router) CPU that's compatible with pfsense for around $300 or so. That cost includes a budget 4-port 1Gb Ethernet card and an 802.11n card, though I don't know what (if any) dual band 802.11 cards are supported (when I last built one I only cared about 2.4Ghz).
  17. koitsu

    koitsu Network Guru Member

    FreeBSD (which pfSense and m0n0wall are both based on) has quite awful 802.11 support in general (driver-wise), especially 802.11n. Supposedly the only decent cards are Intel ones driven by the iwn(4) and iwnfw(4) drivers. Most (and probably all) of the cards listed there are miniPCI or miniPCIe.

    I have had personal experience with Atheros cards on FreeBSD (trying to use the system as an AP, specifically with an AR9280 card), and the experience was horrible (and here's the follow-up from the ath(4) maintainer who works for Atheros).
  18. RMerlin

    RMerlin Network Guru Member

    I wouldn't use the PC for any wireless duties. Just plug a decent router in AP mode instead.
  19. Elfew

    Elfew Network Guru Member

    Is there somebody, who can share WAN->LAN speed with Merlin and Tomato FW?

    Thank you
  20. RMerlin

    RMerlin Network Guru Member

    A few months ago someone tested Asuswrt-Merlin with hardware acceleration disabled. His top speed was near 200 Mbits if I remember (I can't track down the post he made on the SNB forums at the time). So, I assume Tomato to show about the same speed, give or take a few based on enabled features and so on. That was either an RT-N66U or RT-AC66U (both should be the same).

    With HW acceleration enabled, SmallNetBuilder's review was able to reach about 730 Mbps: That might have changed a bit with all the FW changes since then.
  21. Monk E. Boy

    Monk E. Boy Network Guru Member

    Yup, that's why I got a PCIe to miniPCIe adapter and slapped a MiniPCIe card in it. It looked kind of like this except with three SMA connectors & card leads.
  22. DJarvis1

    DJarvis1 Addicted to LI Member

    So, back to home routers again. I got an old Lynksys e2000 and gonna put Toastmans tomato usb on there, I know ppl have said home routers won't handle super fast connections.
    I have BT Infinity2 80Mbps/20Mbps (in based in the UK)

    ( actually get 72Mbps down/15Mbps up )
    How would my router handle that?


    Sent from my HTC One using tapatalk
  23. humba

    humba Network Guru Member

    My RT-N66U running Tomato handles my 150mbit/s connection just fine. I'm afraid I can't get any faster for the moment, but the first 300mbit lines have started popping up where Fibre is available, and cable should get 500mbit/s later this year so I'm hopeful to have to switch routers yet again ;)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice