Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Router Performance

We have looked at the Soekris net4501 embedded PC platform and some of the basic m0n0wall features, but how does the combination of the two perform?

Below are two sets of performance data provided by Manuel Kasper showing the throughput of the firewall under NAT and packet filtering, and throughput of an IPSec VPN.

Test Setup

[XP notebook] ----- LAN [device to be tested] WAN ----- [FreeBSD PC]

  • In IPsec throughput tests, the ESP tunnel was established between m0n0wall and the FreeBSD PC (which was running racoon and FAST_IPSEC).
  • FreeBSD PC hardware: P4 2.8 GHz (CPU usage was below 50% at all times during the tests).
  • m0n0wall configuration: factory defaults (except for "block private networks on WAN" disabled, an inbound NAT mapping + rule in the WAN->LAN no-IPsec test and of course the IPsec tunnel).
  • The highest of three iperf TCP readings was used (10 seconds each).
  • All network connections 100 Mb/s Ethernet.
  • iperf throughput between XP notebook and FreeBSD PC with no m0n0wall in between: 94 Mb/s in both directions.
  • All test results given in Mbits / second (LAN->WAN / WAN->LAN).
Manufacturer Platform NAT Test, Mb/s IPsec Test, Mb/s (3DES-MD5)
    LAN -> WAN WAN -> LAN LAN -> WAN WAN -> LAN
PC Engines WRAP.1C-2 38.3 42.8 3.64 3.52
Soekris net4501-30 16.5 18.5 2.07 2.02
net4801-50 25.3 33.6 3.85 3.76

In the real world, the net4501 would perform more than adequately for most users' needs as an Internet firewall, since not many of us are lucky enough to have Internet connections that exceed 15Mb/s. However, the IPSec performance is more likely to be an issue, especially if multiple tunnels were configured.

As you can see, the CPU speed does have an impact on throughput performance of 2.07 / 2.02 Mb/s. However using the more efficient Blowfish encryption algorithm improves this to 3.99 / 3.89 Mb/s.

Although in this article I have focused on the Soekris net4501, the data shown above for all the embedded platforms is fairly indicative of what you might expect from standard PC hardware. The net4501 is approximately Pentium 100 MHz in performance; the net4801 and WRAP.1C-2 are Pentium 266 & 233 MHz respectively.

If you needed increased performance, using more recent standard PC hardware such as a Pentium III CPU with 128MB of RAM and good quality network cards such as 3Com or Intel is likely to yield 'wire speed' transfers approaching 90 to 95 Mb/s. This would be appropriate for using m0n0wall as an inter-departmental router/firewall on a large LAN

The full test results are available at http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=62&actionargs[]=57.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I'm trying to upgrade to the latest f/w (384.18_0), but each time I try to upload the new f/w it times out. I've gotten as close as 93% uploaded and t...
So recently I was able to get a great deal from Amazon Warehouse a 16GB Sandisk high-speed USB stick, for around £4, to replace the dodgy 2gb USB driv...
Continuation ofhttps://www.snbforums.com/threads/custom-firmware-build-for-orbi-rbk50-v-2-5-0-42sf-hw.60308/. . .https://www.snbforums.com/threads/c.....
Hi,I've finally gotten around to restoring my AC-RT86U to factory defaults (since upgrading to Merlin) and i'm now attempting to clear the jffs partit...
On Merlin firmware, when selecting the Bandwidth Limiter option for QoS both the "Queue Discipline" and "WAN packet overhead" options are presentAre t...

Don't Miss These

  • 1
  • 2
  • 3