LAN speed differs for private and public IPs

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Configure the router to DHCP for 192.168.1.1/24 and to route for a fixed 
public IP, say A.B.C.D 
2. Connect two machines to LAN1 and LAN2 via DHCP, say IPs 192.168.1.2 and 
192.168.1.3
3. Connect a third machine to LAN2 manually as A.B.C.D

What is the expected output? What do you see instead?
I expect that file transfers between any of the three machines to have the same 
performance.
Instead, I see that

  (a) transfers between 192.168.1.2 and 192.168.1.3 go at about 880Mbps
  (b) transfers between A.B.C.D and 192.168.1.2 or .3 go at about 50Mbps

Is there any reason why these should be treated differently?

What version of the product are you using? On what operating system?
Vigor 2130Vn firmware 1.5.1 as released from here. Machines on Mac OS X 10.6.8

Please provide any additional information below. Can it be a bug in NAT?

Routing table seems OK, the connection to A.B.C.D is *not* routed through the 
WAN. The ping and roundtrip times appear to be similar in the two cases. It is 
almost as though the connection to A.B.C.D is throttled, but all bandwidth 
control and firewall features are disabled (only CSM >> URL Content Filter is 
activated). Happy to provide any further information that might be required. 

It occurs to me that an interesting test is to verify the speed of transfers 
between between two machines  with manually assigned public IPs. I will do 
that. 

Original issue reported on code.google.com by vladimir...@gmail.com on 28 Jun 2011 at 7:49

[GoogleCodeExporter]

PS. I can confirm that if I configure a second machine with public IP 
A.B.C.(D+1), the file transfer with A.B.C.D is back to 880Mbps. The problem 
appears to be routing across subnets...

Original comment by vladimir...@gmail.com on 28 Jun 2011 at 10:45

[GoogleCodeExporter]

It is normal. Not bug.
192.168.1.2 to 192.168.1.3 is the same LAN subnet. they can transfer the data 
directly ( not via 2130 cpu / routing), the switch speed is 1Gbps , so you got 
800Mbps

A.B.C.D to 192.168.1.2 , not the same LAN subnet. their transfer data must via 
2130(Gateway). So the speed limit is 2130 CPU . so you got 50Mbps

Solution:
1. Add another IP (the same subnet as 192.168.1.x) for A.B.C.D
2. expand the subnet mask . so that A.B.C.D is the same subnet

Original comment by jht...@gmail.com on 29 Jun 2011 at 10:37

[GoogleCodeExporter]

Thanks for your reply. I see your point.

 > 1. Add another IP (the same subnet as 192.168.1.x) for A.B.C.D

Do you mean instead of A.B.C.D ? Or in addition? You see, my entire purpose is 
to use the public IP, reachable from outside and not subject to NAT, and at the 
same time to have Gbps internal LAN routing.

 > 2. expand the subnet mask . so that A.B.C.D is the same subnet

Hmm, dont think I can do that (because A is actually 81), but perhaps I could 
reconfigure NAT entirely to serve addresses in A.B.C... space (some will be 
outside the router's DHCP range, fixed and public, the other will be under 
NAT). Will this work?

Alternatively, I could put the interface currently configured as A.B.C.D's, 
which is a ethernet, in the 192.168.1.1/24 and assign A.B.C.D to the machine's 
WiFi card. That would give me gigabit routing internally, and still make the 
reachable from outside. (Though connections initiated internally will always go 
under NAT, because ethernet would take priority over WiFi, so possibly this 
solution is inferior to the one above.)

What do you think? I'd appreciate your help (this router is giving me a lot of 
troubles, eg the 11n network will not route above 30Mbps under no 
circumstances....) 

What do you think? 

Original comment by vladimir...@gmail.com on 29 Jun 2011 at 11:34

[GoogleCodeExporter]

1. Yes, add another IP means additional IP.

double NAT is another solution, but the limit will be the NAT throughput.

insert 2 network adapter in the same PC is also a solution

Wireless 11n in 2130 can be more than 100Mbps (LAN to LAN and LAN to WAN)
But if you need routing, it may down to 30Mpbs.

Original comment by jht...@gmail.com on 30 Jun 2011 at 1:10

[GoogleCodeExporter]

> 1. Yes, add another IP means additional IP.

I don't know how to assign two IPs to the same interface. Don't think the 
Vigor's web interface allows that. Can you show me how?

Also, you did not react to the my idea of 

> but perhaps I could reconfigure NAT entirely to serve addresses in A.B.C...

Is that silly? 

The point is that I "own" IPs of the kind A.B.C.96/27. I could configure the 
router route for that (as it is now) and to NAT for the (unconventional) 
internal network A.B.C.64/27 (rather than the current 192.168.1.0/24), and then 
somehow see all of these IPs as a single LAN like A.B.C.64/26. (But again, I 
don't think the web interface will allow me that, I would have to learn if that 
can be achieved via the command line.

Thanks again for your help.

Original comment by vladimir...@gmail.com on 30 Jun 2011 at 7:12

[GoogleCodeExporter]

Add an additional IP to your third machine, say 192.168.1.4
(I am sure that you can easily do that in Windows OS, but not sure for Mac OS)
By this way, transfers between A.B.C.D (192.168.1.4) and 192.168.1.2 or .3 will 
go at about 800Mbps, I think.

Original comment by vincent....@gmail.com on 30 Jun 2011 at 2:07

[GoogleCodeExporter]

ok, adding a new IP seems to work. (And it's easy to do on MacOSX.) Thank you.

Yet: transfers from A.B.C.D go at about 800Mbps, whilst transfers in the other 
direction depend on which IP is used among the 192.... (800Mpbs) and A.B.C.D 
(this morning 100Mbps)

So, I now need to convince the LAN naming services (Bonjour) to favour the 
192.... IP over the A.B.C.D one

For curiosity, anybody thinks the approach of using two contiguous network of 
the kind A.B.C... might work?

Original comment by vladimir...@gmail.com on 1 Jul 2011 at 10:19

[GoogleCodeExporter]

2130 Hardware NAT engine provide a hardware routing command.
It may speed up the routing between LAN.

interouting set 
[index:<number>] [sip:<ip/mask>] [dip:<ip/mask>] 
[dscp:<number>] [proto:<tcp/udp/all>] 
[sarf:<value>] [fmask:<value>] 

Ex:
#echo "interouting set index:0 sip:192.168.10.0/24 dip:140.0.0.0/8 proto:all" | 
shnat_cli

#echo "interouting list" | shnat_cli
CMD:==== Interrouting List ====
[0][LAN]: source ip:192.168.10.0/24  dest ip:140.0.0.0/8 tcp:1 udp:1 sarf:0 
fmask:0 dscp:5
[1][LAN]: source ip:140.0.0.0/8  dest ip:192.168.10.0/24 tcp:1 udp:1 sarf:0 
fmask:0 dscp:a

Original comment by jht...@gmail.com on 20 Jul 2011 at 3:50

[GoogleCodeExporter]

In our test. Both static route(LAN-LAN & LAN-WAN) and policy route (ip rule) 
can do Hardware Accelerate in current firmware.
The throughput should be line speed > 900Mbps.
We need detail configuration about this issue.

Original comment by jht...@gmail.com on 28 Jul 2011 at 11:11

[GoogleCodeExporter]

OK, tell me what do you need and in what form. I'd rather send you 
configuration details in a private email, not on the public forum.

Thanks

Original comment by vladimir...@gmail.com on 28 Jul 2011 at 11:51

[GoogleCodeExporter]

You can check the arp table first

#arp   (show the arp table of linux)

#echo "arptable list" | shnat_cli    (show the arp table of hardware engine)

If all your local host is in the list. The hardware forwarding engine should 
work.

Original comment by jht...@gmail.com on 2 Aug 2011 at 1:09

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Model                   :   Vigor2130Vn
Firmware Version    :   v1.5.2_RC2
Build Date/Time     :   Mon Feb 20 19:01:52 CST 2012
System Date             :   Tue May 29 18:45:15 2012
System Uptime           :   10days 06:53:27
Also happens on earlier versions and Draytek firmware releases.
I have an issue where the speed via WAN port is a max of 4MB/s when linked to 
Cisco BigPond router on Gigabit port. Cisco direct to a PC on the same port is 
40MB/s or over depending on device saving file to. It's like the WAN port is 
limited to 100Mbp/s and not the 1000mbp/s. Internal LAN ports operate fine 
between devices however, as soon as you hit the WAN port out, speed drops off 
majorly. 
The Cisco supports large packet transfer and all QOS etc, it is a fast cable 
modem on Big Pond Ultimate. Put it this way, I can hit 30MB/s downloads from 
AMD when Vigor is not used and I go direct with Cisco (terrible 
firewall/parental support) a 150MB file arrives 4 seconds. When connected as 
pass through mode and PC is connected to Vigor, that same file takes 2 minutes 
or so. I have tried fooling with MTU settings and QoS without making any 
difference. When I type MB I do mean MegaBytes, not Mega Bits. BP Ultimate have 
upgraded to Gigabit speeds here in Australia

Original comment by shades....@gmail.com on 29 May 2012 at 9:01

[GoogleCodeExporter]

You need to check the WAN link speed in WAN >> port page

Original comment by jht...@gmail.com on 25 Jun 2012 at 3:10

[GoogleCodeExporter]

WAN >> Ports
Port Configuration

Current Configured  Current Rx  Current Tx  Configured
WAN Up  1Gfdx       Rx Pause    Tx  

I have checked the ports in the web login, they are set exactly the same as the 
LAN ports. Packet frame size made no difference even set all the way up to 9600 
and jumbo frames enabled. I can also reprduce the same speed results on generic 
gigabit switch, netgear gigabit switch and via 2 gigabit PCs

Original comment by shades....@gmail.com on 27 Jun 2012 at 1:20

[GoogleCodeExporter]

I'm having similar problems with the Vigor1000, latest firmware release:

- wan speed is 100mbps
- public routed subnet
- hardware nat is on, fastforward is on, shaping is on (at 110 mbps)
- dhcp is off
- linespeed from network to wan is only 50mpbs

Original comment by rob...@gmail.com on 30 Aug 2012 at 7:37