The pros/cons of CTF

Discussion in 'Tomato Firmware' started by koitsu, Sep 28, 2018.

  1. koitsu

    koitsu Network Guru Member

    We've talked on this forum in the past about the pros and cons to enabling CTF (Cut-Through Forwarding). Mostly there's nebulous information floating about, where it's suspected that some Tomato features no longer work, but nobody seems to know those features are any more.

    I think it'd be nice to at least list somewhere -- like in this thread -- definitive stuff in Tomato that stop working or misbehaves when CTF is enabled.

    Tonight I confirmed one such feature on my RT-AC56U running freshtomato-RT-AC56U-ARM-2018.4-VPN-64K.trx (but was happening with older builds too): upon enabling CTF, the Bandwidth Monitoring feature stops functioning properly. Graphs of real-time traffic, and thus rstats' own knowledge of traffic, "mostly" stops working. I say "mostly" because there does seem to be some degree of traffic that's detected on br0 (LAN), but it's nominal.

    For example, when doing an Xfinity Speed Test (I use Comcast; my connection is 300/30mbit) with CTF enabled, I see something like 40kbits of traffic under Bandwidth -> Real-Time... while the speed test actually maxes out the connection.

    And I know this isn't specific to Real-Time/graphing because I enabled CTF about a month and a half ago, and my Monthly data from August is short by about a third, and all of September 2018 reports a total of around 4GBytes. I tend to push around 300-400GBytes/month, guaranteed. I'd have provided this data, but sadly I lost several months (everything from April to September; I found an old backup from March) of rstats data messing about with features and doing firmware upgrades.

    TL;DR -- Enabling CTF breaks Bandwidth Monitoring in funky ways.

    If you definitively know of of other features that stop working or act odd, please state them here! I hope this information will be useful for those deciding whether or not to use CTF, as everyone's needs vary.
     
    M_ars, Monk E. Boy, AndreDVJ and 2 others like this.
  2. Sean B.

    Sean B. LI Guru Member

    IIRC, when I tried out CTF it broke my transparent proxy ( squid ) which is running on the router. By broke I mean it no longer functioned as it did prior. No traffic made it to/through the proxy as far as I could tell, as none of the access logs showed anything. Yet the squid process itself was up and running with no errors reported, and my kids' tablets had internet connectivity as usual. I use netfilters TPROXY and xmark extensions along with an ip route table in order to transparently run the traffic through squid. I'll have to try it again to be sure though, as that was somewhere back in 2016 I believe.
     
  3. Elfew

    Elfew Network Guru Member

    @pedro311 @AndreDVJ @kille72 - ok, what about to add a notice box which will be displayed on every affected setting page when CTF is enabled? Or add this notification box on the top to display a notice that CTF is enabled, these features wont be working properly (and the list of affected features)
     
  4. AndreDVJ

    AndreDVJ LI Guru Member

    I'd keep a list of features that don't work in the Notes section of Advanced Settings > Miscellaneous page.

    A warning everywhere would be annoying. Yes there are ways to suppress the heaps of warnings and make it configurable, it should be trivial enough to implement, but I won't look into it anytime soon.

    I'd double-post for this but I'll keep here anyway. I ran few file transfer tests with my R8000, with the following setup:
    • PC at the LAN side running Windows 10 - NAT'ed with DHCP
    • Laptop at the WAN side running Windows 7 - Static IP assignments for WAN port and Laptop NIC.
    • File sharing enabled on laptop. 2GB file transfers were performed between RAM disks.
    I forgot to test with QoS though (won't bother with that)... All three wi-fi radios were disabled, no USB drive connected, and everything else as-is, as coming straight from a NVRAM reset.

    Results without CTF:
    • Upload: 57MB/s
    • Download: 62MB/s
    • Simultaneous: 29MB/s each way
    Results with CTF:
    • Upload: 113MB/s
    • Download: 113MB/s
    • Simultaneous: 102MB/s each way

    I believe R7000 and AC3200 will perform the same. AC68U and remaining ARM routers I don't think so, but shouldn't be a huge difference.

    So if someone is planning to saturate a 1Gbps line, enabling CTF is the way to go.

    If someone has a 1Gbps line and wants QoS, BWL, VPN, Transmission daemon, USB drive connected, CIFS drive mounted, and all other possible CPU-intensive junk enabled, I'm pretty sure the router is gonna crawl through mud and won't even route, firewall and do NAT stuff in an acceptable speed anymore.
     
  5. Tolocdn

    Tolocdn Networkin' Nut Member

    AndreDVJ I have a question, as I just noticed it that you are are stating USB drive, does that slow down the connection speed? I have a small USB key 8GB - dual partion (2GB Ext3 for Entware - was going to try Unbound - and 6GB fat for document sharing) on the USB3 port.

    I'm on FreshTomato latest version for R7000 and just enabled CTF. I have a 1Gbps service, from the modem I can see 900+Mbs but am bridged and am seeing max 32MB/sec down. PC to PC over my switch, mixed linux and windows systems I can sustain over 100MB/s easy. Would removing the USB drive kick up my speeds?
     
  6. AndreDVJ

    AndreDVJ LI Guru Member

    Using the switch, any Gigabit switch including those from old MIPS routers e.g my dead WNR3500Lv2 sustains 113MB/s.

    The question is NAT'ing/routing a 1Gbps line. It's a completely different story.

    In the end of the day it all depends on what you're doing. Just having an USB drive doing nothing but syslog and Entware won't affect speeds.

    What causes you to have 32MB/s over the WAN I don't have the slightest idea.

    CTF being enabled would automatically take out BWL, QoS (and NoCatSplash), because they don't work. So Transmission, Samba, and regular port forwarding still work from what I tested so far. I have no idea about OpenVPN.

    USB 3.0 file transfers max out at 40MB/s here. smbd takes 50% of CPU (completely saturated 1 of 2 cores), so the file system driver take another 15%, that's 65%, so you're left 35% for anything else, which I don't believe it's sufficient to NAT a 1Gbps line. Well I'm not willing to setup everything again and seek a worst case cenario. I'm fed up already of cabling everything just for benchmarks.

    Again, ARM routers while they do look good on CPU speeds, they're not ideal for running too many things in parallel. If you have a somewhat simplistic setup with just Port Forwarding and things a consumer router is supposed to do, and not asking too much from that, CTF in Tomato-ARM should serve you well.

    I already ask too much of my R7000 already.
     
  7. brav

    brav Addicted to LI Member

    Andre,

    How did you get your USB to transfer at 40MB/s? Even when I'm on wired connection with my r8000, I max at around 11MB/s with NTFS USB 3 external HDD. Thanks
     
  8. RMerlin

    RMerlin Network Guru Member

    Anything that involves the FORWARD iptables chain will fail to work with CTF. That means IPTraffic for instance isn't compatible.

    Port forwards require their traffic to be marked to bypass CTF (which means, any port forwarded traffic will not benefit from CTF acceleration).
     
    koitsu and AndreDVJ like this.
  9. AndreDVJ

    AndreDVJ LI Guru Member

    IP Traffic and Bandwidth Monitor don't work with CTF as well. Among the side effects of enabling CTF. Honestly I don't believe it's worth the trouble unless you have a 1gbps connection.
     
  10. maurer

    maurer Network Guru Member

    first of all use a file-system native to linux like ext4
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice