Now attention turns to its predecessor, the Draytek 2762. For many the 2762 may still be in use as a dependable unit and offers more or less the same feature set of the newer units. But, does it have enough grunt to support the higher speed profiles that full fibre internet offers, and will its hardware acceleration help boost its potential?

For the test I’m using a 2762ac running the latest 3.9.7_BT firmware. As before, the throughput is measured with iPerf3 on a Windows machine with two NICs, MTU on WAN2 is set at a constant 1492.

Out of Box

Starting with a factory configuration, WAN2 was enabled and set to use a dynamic IP.

Quoted throughput is 400Mbps, however in this test I could only achieve 361Mbps:

Hardware Acceleration

While hardware acceleration is available for this generation of router, Draytek seemed to shy away from announcing or advertising. This seems odd as the single line in the spec sheet states that throughput of 900Mbps could be achieved with it on, albeit with some caveats such as a loss of traffic graphs and the monitor page.

Still running an out of box config, HW ACC was enabled to auto. Subsequent tests yielded around 923Mbps:

Granted, this test using iPerf3 is very simple creating a single session on an otherwise idle router, real world applications may have an impact on its performance.

Next, I thought to apply a basic setup on the router to see if this has an impact, consisting of remote access with 3 ACL entries and SNMP v2 enabled.

Following a reboot, on the next test speeds were back down to a pre-accelerated ballpark of 340Mbps:

Thinking that HW ACC was set to auto was the issue, I manually assigned the LAN side client to be in the scope of acceleration, yet speeds remained in the low 300Mbps.

For a sanity check, acceleration was set back to auto and the basic config setup reversed, returning it to a config where 900Mbps was achieved. Yet speeds did not improve.

At a complete loss, it was factory booted and again setup with the bare minimum of WAN2 and auto acceleration enabled. Speeds returned to 900Mbps. Yet, again the addition of ACL and SNMP brought speeds back down to non-accelerated levels.

Below is before and after the basic config:

Note: Summary speeds are at a lower 840Mbps as a click of the “OK” or “Submit” button on the web GUI causes the router to drop packets until config is saved.

Summary

If you’re looking to get more out of a Draytek 2762, I’d only expect it to reliably achieve a throughput of 330Mbps over WAN2.

While hardware acceleration is an option and can at times offer 950Mbps under sterile conditions, its implementation puts you in a precarious position where the next config change could more than halve the throughput. With only a factory reboot being the only resolution.

Draytek’ s current portfolio offers 950Mps NAT throughput on Ethernet WAN ports, let’s see if that is theoretical or expected.

The test will use a 2763ac running firmware 4.4.3_BT

Hardware Acceleration

The key point on Draytek’s spec sheet for WAN2 throughput is the 950Mbps can be achieved with hardware acceleration enabled.

Hardware acceleration has been an option on Draytek for many years, however historically enabling this came with caveats ranging from the loss of data flow statistics to a reduction in firewall effectiveness.

Out of the box with FW 4.4.3 hardware acceleration is enabled, either Draytek is confident it has matured enough to be able to fit around most users’ requirements, or it needs to be enabled in order to keep the product as a viable product.

Test – HW Acceleration On

Using just enough configuration to get it “online”, WAN2 was enabled for dynamic IP mode.

Test performed on a single machine using iperf3, one NIC port plugged into WAN2 via a switch, other port into LAN1.

Average throughput on 60 second test: 929Mbps

Test – HW Acceleration Off

For those still dubious about HW acceleration on these devices, it was disabled and test re-run.

Average throughput on 60 second test: 541Mbps

QOS

For final test I thought to load it with a standard setup with HW on, not complex but included SNMP, TR-069, ACL lists on management interfaces, I also chucked in 4 VLANs and a few firewall rules.

Two observations here:

In my usual setup I add software-based QOS, this took average test speeds down to 423Mbps.

Second note and may be a quirk, when adding the VLANs and sending router for reboot, the router entered a reboot loop, resolved only by physically cycling power, meaning I lost the error codes for any potential diagnostics.

Switching to HW QOS, test speeds remained excellent at 946Mbps average.

Summary

If you have no concerns around hardware acceleration, the 2763/2765 does what it says on the tin with a typical config. Your mileage will vary especially dependant on the number of NAT sessions it has to deal with in the real world but these tests are certainly promising.

Difference between 2763 and 2765

These units are essentially the same, but as the 2763 is exclusive to the UK you’ll likely find greater stock availability for these over the 2765.

The only difference relates to a chipset for the VDSL on WAN1, the chipset in the 2763 conforms to UK standard VDSL2 but falls out of spec for some European countries where VDSL2 35b code is used. This stemmed from the chip shortage of a few years ago and the alternative chipset was used to boost availability.

Source: https://www.draytek.co.uk/our-solutions/videos/draytek-webinars/vigor-2763-series-new-product-information

As we expand there is greater need for international connections, this is fine if they have a static WAN IP or FQDN, but the more recent requirements are for “home” users with phones on their residential connections where dynamic IPs are the standard.

Changing the whitelisted IP every time their IP changes is not only tedious, but gives poor service, plus due to recent events (here and here) I’m not prepared to open access to another country for a single extension.

In my case, these internationals are satellites of a UK based office, so the idea is having the overseas phone route all voice traffic through the UK office where its free to connect to the PBX…

For this setup, a Yealink T46S will connect to a Draytek 2927 via OpenVPN and crucially, route all traffic destined for the PBX via the VPN to get around the GeoIP block.

This guide should also be compatible with the Draytek 2865, and Yealink T4xS and T4xU series phones.

Notepad++ and 7zip are required.

Draytek Setup

Original Guide: https://www.draytek.com/support/knowledge-base/7462

First create a user for the Yealink, at the router GUI navigate to: VPN and Remote Access >> Remote Dial-in User.

Click an Index number and make the following changes:

• Enable this account: On
• Allowed Dail-In Type: OpenVPN Tunnel: On
• Username: Enter a username
• Password: Enter a password

It should look like this:

Next is to setup the Draytek to accept OpenVPN connections.

Navigate to VPN and Remote Access >> Remote Access Control. And check OpenVPN is enabled.

Then navigate to VPN and Remote Access >> OpenVPN >> OpenVPN Server Setup.

In the General Certificates section, select Router Generated Certificates, and then press generate.

After some time, the generated certificates appear in this section:

OpenVPN Setup

The Draytek has the ability to create an OpenVPN config file for clients. However, what the Draytek generates and what the Yealink requires is not compatible. Therefore, we’ll need to manipulate the file to file to get what we want.

Extracting Certificates

On the Draytek, navigate to Remote Access >> OpenVPN >> Client Config.

Leaving defaults in place, enter a filename and click the Export button to download the config file.

Open the file in Notepad++.

You’ll see the protocol config at start of file, followed by each of the certificates in the following order:

1. CA
2. Client
3. Private Key

The Yealink requires the certificates in their own file so they need to be extracted.

Copy the text from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– of the first certificate and paste into a new Notepad++ file.

Save this file as ca.crt (remove the txt file extension)

Repeat this for the second certificate, naming this one client.crt

Now it’s the private key, copy text from —–BEGIN RSA PRIVATE KEY—– to —–END RSA PRIVATE KEY—– to a new file and save as client.key

Config files

For the next file, you’ll need to add the Draytek VPN user details as a file to allow the Yealink to authenticate.

In a new text file, enter the username and password on separate lines as below:

Save the file as auth.txt

You’ll now have the following files:

With the supporting files ready, it’s time to reference them together with the OpenVPN config file.

In a new text file, enter the following info:

client
dev tun
proto udp
remote nnn.nnn.nnn.nnn 1194                  # IP address of Draytek
auth sha256
cipher aes-256-cbc
resolv-retry infinite                        # Reconnect if dropped
nobind

ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key

auth-user-pass /config/openvpn/keys/auth.txt

persist-key
persist-tun

route nnn.nnn.nnn.nnn 255.nnn.nnn.nnn nnn.nnn.nnn.nnn  # Static route:
                                                       # PBX IP
                                                       # IP Subnet
                                                       # Draytek LAN Gateway
verb 5

Save this as vpn.cnf

Preparing Yealink File

Original Guide: https://support.yealink.com/forward2download?path=ZIjHOJbWuW/DFrGTLnGypjZRKhDplusSymbolXJQ4JaUSvKXmAoZw0rMev5uUPSPDoclfqojerLoiDU/Ol0NW5DZdXcWplusSymbolZDNbde0dvqwZjDVChAjsaqHDjPW14991UaBvXhQ10P6Rm4u3tO4pNBqXRzzyvj9PbA==

The OpenVPN configuration is uploaded to the Yealink via a specifically arranged tar file, so the directory structure needs to be prepared.

On your desktop, create a new folder (named anything you like) and within this folder create another named “keys”

Move vpn.cnf to the upper folder, and move auth.txt, ca.crt, client.crt and client.key to keys directory.

Open 7-Zip and navigate to the newly created folder:

Highlight vpn.cnf and keys, right click and choose 7-Zip >> add to archive.

Ensure the following is set:

• Archive format: tar
• Compression level: Store

Click OK to create the file. The tar file is created in the directory and it’s ready to be uploaded to the Yealink

Yealink Setup

On the phone, press the OK key to discover it’s IP address, then navigate to it’s Web interface via a browser on your computer.

Login, then move to Network >> Advanced and scroll down to the VPN section.

Set Active to Enabled and set Mode to OpenVPN

Click browse next to Upload VPN Config and choose the created tar file.

Click Upload, the page will refresh and now Upload VPN Config is populated with vpn.cnf

Click Save at the bottom of the page.

OpenVPN will be set back to Disabled, scroll down and Enable it again, then click Save.

As there’s a network change pending, you’ll need to click apply at the warning message:

It’ll now connect to the VPN.

Note: If you are configuring a phone remotely, the web page will stop responding as traffic is now passing through the VPN. To get back to the interface, check the Draytek for the VPN connection (VPN and Remote Access >> Connection Management) to discover it’s local IP:

The phone is now connected and routing traffic via the VPN.

In newer Draytek models the perceived performance of wireless as been lacking based on earlier models such as the rock solid 2860n/plus with reduced range and throughput speeds, in particular poor VoIP performance for my industry.

This could be down to the passage of time and how WiFI has become even more ubiquitous, in demand and ultimately a more congested radio band. Regardless an alternative solution needs to be explored.

Previous dabbling with deployment of Unifi access points have yielded trouble fee results, so this would be a quick win. Trouble is, the default AC-Pro and AC-LR are in serious supply shortages at present. Wifi 6 variants have better stock availability but also have a higher purchase cost.

The only Unifi AC product that is plentiful is the NanoHD, so in desperation lets see if it is a justifiable upgrade to the Draytek offering…

Test Environment

There’s nothing scientific about the test setup here, I’m currently using a Draytek 2927ac for WiFi so will switch all home wireless traffic over to the Unifi AC-Nano (by cloning SSID and PSK) and observing any changes.

I’ll keep the Draytek radio’s active during use of the Nano, adding a ‘_D’ to the SSID to differentiate the devices for testing. This will also add a bit of competition on the radio spectrum that is now commonplace.

Location

The competing devices are placed within a foot of each other to give an accurate range comparison, I’ve chosen to suspend mount the Unifi as research suggests the antenna’s in the unit are somewhat directional.

As this is mounted on a fixture on the ground floor, I’d be interested on discovering WiFi performance on the first floor, ultimately to discover how directional the antenna’s are.

As mentioned, both Draytek and Unifi units will be broadcasting SSID’s and within a foot of each other, chosen as a worst case scenario of how each compete / compare in the radio spectrum (auto channel enabled on both).

Test Equipment

For simplicity, its a Samsung Galaxy Note9 using speedtest.net app, connecting to the same test server each time.

Test One

First test is an indoor line of sight, test phone is approx 25 feet away from the access points but still in line of sight.

Unifi:

Draytek:

I wouldn’t expect this to be a struggle, but both results were far shy of the available 550Mbps download bandwidth, however this could be down to the test server as it was kept as a constant. Upload reached full utilisation at 75Mbps.

Draytek wins this round.

Test Two

Relatively speaking I have a home that’s easy for Wifi, small and of traditional brick construction. To create a bit of a challenge for comparison the next will be from outside and within the car sitting on the drive, approx 50 foot distance

Unifi

Draytek

Something I’ve noticed during testing is the Unifi does seem to offer a better range over the Draytek, giving better bars / RSSI on the fringes of my network.

Results are pretty even, but from a VoIP perspective the latency and jitter under load is way too high to support real time media.

Test Three

More of a real world test, I have a Raspberry Pi Zero running in a garden shed running off a solar panel and 12V battery. The Pi Zero WiFi antenna is self contained on the chip, being a challenge to an access point to create a reliable connection to it from a distance.

The AC-Nano was installed on 9th June, although the ping times don’t show much of an improvement.

Summary

The results were disappointingly similar considering adding AC wireless to a Draytek router is around £40, compared to the £130 in buying the NanoHD (before required controller / Clouldkey).

Yes the NanoHD is not the most suitable product for the testing, but as mentioned this is the only one that has plentiful stock at the moment.

From testing, the Nano seems to advertise a better signal to devices than the Draytek, so ‘devices’ such as my car can pick up Wifi on the Nano where the Draytek could not.

But on comparison, this signal increase does not yield better throughput, devices that pick up the Draytek get more or less the same, with the Draytek advertising a greater speed.

From a VoIP perspective, where both pushed over 1 second latency on upload at load, neither can be considered a solution. I understand that a speedtest.net test aims to utilise all available bandwidth, but in real world scenarios, there nothing to stop any other application acquiring all available bandwidth during normal use and negatively affecting voice traffic at the same time.

Finally if you were wondering, suspending the NanoHD then using a device “behind” it (i.e above its location) worked fine.

Update: August 2021

Since initial testing I ended up reverting back to the Draytek for Wifi, as performance was the same and saved on powering another device. However I’ve now sourced an AC-Pro and replaced it in the same location as the NanoHD.

Performance with this model is improved, not so much from increased speed or reduced jitter but whats noticable is the reliability of devices on the fringes of range.

Below is a recent graph from the Pi Zero:

Its clear to see the AP-Pro’ installation on 9th Aug by the lowered ping times.

Its not perfect however as seen with the spikes, however am starting to suspect this is lining up with my activity in having other Wifi devices (laptop, mobile) in the same vicinity or between the Pi and Pro is causing these spikes.

If time permits I’d would like to revisit this compare the AC-Pro and NanoHD side by side, but for the original brief of is a NanoHD better than a Draytek, the answer is No.

Earlier this year I made the change from PIA to NordVPN due to a change of goalposts from PIA (More below), and since the change my VPN service has been impeccable, using a LAN to LAN connection via L2TP to connect, and routing traffic through the service for a separate VLAN.

However a few weeks ago I noticed that the connection has dropped and stayed down, despite being set to always on.

During hour long web chat with NordVPN support (who were helpful and responsive) it was revealed that recent changes to the Nord service meant that now only service account credentials were permitted for authentication for 3^rd party devices.

The Draytek and Nord guides for setup (albeit NordVPN guide referred to Draytek’s notes) both illustrated the account login credentials being used, and likewise this is what I was using. Although it was now apparent why this was and now why using service creds is a huge issue.

The NordVPN service account has a 25-character password, which at the advice of Nord support, cannot be changed. The Draytek 2862 was only capable of storing up to 15-character passwords. This essentially stopped the service for my use in its tracks.

As a big relief, the latest 3.9.6.1 release firmware for the 2862 now allows 26-character passwords to be saved in the LAN to LAN profile, this is worthy to note as this detail is not in the release notes.

So, if you are in a similar predicament, upgrade your firmware to the latest.

PIA to NordVPN Story

As mentioned, prior to NordVPN I was using PIA in a similar setup using the weaker PPTP as the connection protocol.

The change in providers was forced upon me late last year PIA made upgrades to their infrastructure, which as a result meant that only OpenVPN or Wireguard protocols were offered. This effectively stopped the support for a Draytek 2862 as it did not have these available for a dial-out LAN to LAN VPN.

Following some research, the move to NordVPN was made and it turned out to be a blessing in disguise.

My use of PIA came before the purchase of the 2862, so as part of my initial configuration PIA was added as a dial-out profile. In use, the Draytek from the start suffered multiple reboots, sometimes twice a day. A lengthy dialogue with Draytek support started (Personal opinion; Draytek support are abysmal) in which many logs were sent, and in the end had to prove its instability with SNMP graphs. Eventually I was sent a beta firmware to load onto the router.

This helped, but uptime was still limited to at most 7 days, either through unexpected reboot or to fix a new issue where the WiFi SSID would stop broadcasting.

Since the change to NordVPN, stability has been impeccable, and the change to L2TP as a protocol has brought a big improvement to speed, where I’m now able to reach WAN speeds (40Mbps on VDSL) whereas was only getting a quarter of that with PIA.

Even though the removal of PIA brought a stability breakthrough, I was reluctant upgrade firmware in the fear that the reboots would return. This was compounded by the lack of detail in the firmware release notes and the recent news that the 2862 was becoming end-of-life, leaving me skeptical that new firmware’s would bring anything other than security patches.

I’m happy to be proved wrong on this point. Lesson here is that new firmware can bring feature updates that while not worthy enough of the patch notes, could be critical for your operation.

If you are NordVPN user with a Draytek 2862, upgrade to the latest firmware to regain functionality.

For background, I was previously in a FTTC environment getting average speeds due to my distance from the cab, however good enough to assumably be overlooked for the next phase of the Openreach Ultrafast rollout. Not that I’m complaining, 2020 is the year my speed gets a much-needed boost.

2020 also turns out to be the inaugural international work from home year, so had the opportunity to have a front seat view from my home office on the activity and timeline that brought FTTP home.

I’d like to share my observations and timeline as an example of what you can expect should you get the inkling of fibre coming to your street soon.

Before we get started, as my expectations rose, I found this post by Andy’s World invaluable for identifying activity and helping me confirm that FTTP was on its way.

Background

As mentioned, I was already in a FTTC enabled area. From the cab the copper “last mile” travelled underground from the cab to my nearest telegraph pole, then overhead to my property.

I was getting speeds on average of 40Mbps down and 5Mbps up due to the distance from the cab, I also suffered loss of sync approx. every other day. I notice that my overhead line was a lot older than others on the pole, identified by the greying colour and how you could identify both cores on the cable rather than the single looking shielded core of adjacent cables. A 48h MTBF was not ideal but well within Openreach service levels, meaning I couldn’t get this drop cable replaced without a significant cost.

Being in an FTTC area, no matter how bad the connection is usually meaning that it is not up for consideration for upcoming phases of an Openreach FTTP rollout. Couple this to a Virgin media rollout along my street the previous year and this would reason that the demand for FTTP would be low.

Timeline

Early days – May 2020

Entering my second month of working from home, notice a lot of Openreach vans passing my door. I may be more observant of these given my profession, but it was a lot of activity over the normal fault-based callouts.

Later and as I started venturing out of the house again, it looks as though they were commissioning a new cabinet a couple of streets up, therefore assumed the activity was for this.

June 2020

I happen to live near a train station, and was intrigued by the letters through the door.

Since moving in a year earlier, I’ve received a couple of letters of this type. But a new ticketing system combined with increased Openreach activity made me think if maybe this would include fibre. Hopes were still low at this point, but even if the rail infrastructure went for leased line circuits, this would increase the likelihood of FTTP.

Hopes were increased later in the month, when I noticed active involvement in the pole supplying my house.

To coincide, another letter relating to communications works on the rail system piqued my interest further.

August 2020

Another letter, this time for roadworks to clear blocked ducts for Openreach, with my and adjacent poles labelled for work.

This was very telling, as FTTC was already available with a on pole distribution point (DP), either this was to increase the number of copper circuits, or for deployment of a new technology.

25^th August 2020

The conformation I needed; thanks to the Andy’s World post I knew what to look for.

This day a cherry picker arrived soon after 9am, and then commenced the installation of a FTTP termination at my local pole. It was a day later before the “Fibre lines overhead” label appeared but it was clear FTTP was on its way.

Through my work I’m able to check and order connectivity for premises, so now began my daily check to see if/when FTTP would be available.

10^th Sepember  2020

Daily ISP provision check 16, and FTTP appeared as an order option, at 9am it appeared as an option but unable to order to lack of capacity, but an hour later it was fully available:

Before getting ahead and ordering the full 1000/115Mbps, time for a reality check to see what my current router can actually process, resulting in an order of 220/30Mbps later that day.

My ISP like many others allow me to upgrade speed within contract but now downgrade, so this will be a good starting point with the option to increase should I get a router upgrade.

Activation date was set for Wednesday 23/09/2020.

Monday 21^st September 2020

Activation week, and more activity around the Openreach pole. Involving a cherry picker, a team of 3 descended to check over the FTTP distribution point.

Also noticed that the tensioners (Or the metal wire that attaches to the ring on top of the pole and is wrapped around the drop cable hold it to the pole) of my current copper drop cable were unwound slightly.

Tuesday 22^nd September 2020

The day before I had an unexpected reconnaissance visit from the Openreach engineer assigned to my activation the next day.

My previous drop cable for reasons I cannot fathom was run into the house via a corner of the uPVC window frame, so was eager to have the fibre enter the house via a new route. And the five-minute visit was worth it as it was determined that a cherry picker was needed at pole side due to the slope of the road.

Wednesday 23^rd September 2020 – Install Day

ONT- Optical Network Termination – The modem that converts light to electrical data.

Openreach engineer turned up at 9am as promised, and a recap of the installation path.

The assumed installation work would disconnect the copper to the building, and replace the analogue master socket like for like with the new ONT. I needed the FTTC to remain in use while I transition IP addresses so at request the old copper would remain active.

Sub-plan was to leave the copper untouched, and run a new route of fibre only cable into the house. However, when the cherry picker turned up so did a supply of combined copper/fibre cable, allowing the supply of all services via the new route, and to replace the aging copper.

Installation

Fibre installation comes in two parts, the distribution point (either overhead or underground) to the outside of the property, and a fibre from the ONT inside the property out to meet the other.

First the hole was drilled close to the ONT location, the ONT was mounted on the wall and the internal fibre ran to the outside. The internal fibre is much thinner than from the pole due to the less armoured sheathing and benefits with more flexibility, although this comes at a risk of snapping or kinking the fibre, resulting in light loss and ultimately network loss.

Next stage with the help of the cherry picker was to plug in the fibre to the DP on the pole, and run it overhead towards the house. The fibre was secured to the house and run down the side of the building. During this the old copper was disconnected and new was connected at the pole.

Thirdly, the internal and external fibres are joined together. A new box is attached to the external wall that has inside a spool that will hold a few windings of each fibre, as the joining of the cables is considered a failure point, as few windings are included during the initial installation to give extra fibre should the cables need to be re-joined in future.

A portable splicing machine is used to join both fibres by lining them up, heating to fuse the two together, and shrink wrapping the join for protection. The unit also checks the light levels at this location, mine being 17 at this join, 14 at pole.

The fibre is coiled in the external box and closed, completing the installation of the fibre.

Commissioning is a simple as Openreach completing the order, then waiting for the PON light on the modem to illuminate. Such is the technology, there’s no fine tuning or testing of the signal, as long as the light levels at the splicing phase is good, the connection should just would. Although a sanity check wouldn’t go a miss and a quick speed test confirmed I was running on the new connection.

Fibre installed, the analogue side was reconnected with the use of a new mk5c socket, the copper in the new combo cable is extremely thin to the point where you’d struggle to believe it’s a pair. That so, VDSL sync speeds are comparable to the old drop cable, although I don’t think longevity was in mind with this design.

Equipment

As FTTP enters a maturity, the efficiency and cost saving measures improve (depending on your side of the fence).

Early installations had modems which included a PSTN port for analogue phones, and were accompanied by a battery backup unit to keep the phone line active during power failures. Later units dropped the PSTN and battery options, in favour of four RJ45 ports, with the potential to provide 4 separate internet connections via the single fibre and modem.

The new ONT supplied for my residential installation was something new to me, a Nokia G-010G-Q. This unit is far smaller than previously seen, and is sized perfectly to replace in situ a BT analogue master socket. The compromise is from the bare minimum of I/O, with the only connections being power, fibre termination and a single RJ45 port for modulated data.

Results

As expected, my internet connection has been perfectly stable and just what I need when working from home, in particular the upload speed and lower latency is a much-needed improvement for this website, which I host from a home server.

Ironically the install of FTTP has greatly improved the FTTC connection its replacing, now it syncs for days at a time instead of a hopeful 48hour maximum.

If you are like me and insist on using your own router, double check the WAN throughput before deciding on a speed profile. Even though Draytek advertises a 400Mbps firewall throughput, I’m reliably getting a maximum of only 180Mbps. This I would attribute to three active WAN and a couple of VPN all with load balancing options applied.

My current router is a Draytek 2862ac, which has an advertised 400Mbps throughput at the WAN, but what can it actually achieve in the real world? This will be the basis on choosing a FTTP speed profile.

Speed testing a router can be setup with a couple of laptops…

In this example I’ll be using a similar Draytek 2860n router, this has an advertised firewall throughput of 300Mbps so this will be the number we are looking to hit.

Router Setup

Using a fresh factory rebooted 2860, plug the “client” side PC into a LAN port, then navigate to http://192.168.1.1 in a web browser and log in with admin/admin.

In the left-hand menu, navigate to WAN -> Internet Access.

Click the Details Page of WAN2.

Click the Static or Dynamic IP tab, then click the Enable button.

Here we will enter manual settings to simulate that of an ISP, enter the following IP values that will differ from factory defaults:

Note: Set WAN Connection Detection to Always On to force it as active.

Click OK to save and reboot the router.

Server PC Setup

While the client-side PC gets its network from DHCP, the WAN side PC needs to be set manually to fit the IP details set on the router.

On the WAN PC, navigate to change the network adaptor IP address:

Settings -> Network & Internet -> Ethernet -> Change adaptor options.

Right click the connection in use -> Properties -> Click Internet Protocol Version 4 -> Properties.

Enter the following to simulate the WAN side:

Click OK to apply changes, now plug in the network port to WAN2 of the Draytek.

Getting Data

Stats and throughput results will be delivered by iPerf3. For this to work it needs to be installed on two machines, one that will act as client on the local network, and another that will be the server sitting on the “internet” side of the router.

Visit the iPerf website and download the latest binaries for your operating system.

Extract the contents of the Zip file to the desktop of both machines.

Open up a command prompt window on both, and navigate to the desktop by typing cd desktop.

Firstly, on the server side, type iperf3.exe -s and enter, allow access to any security prompts. The window should report “Server listening on port 5201”

Now on the client side, type iperf3.exe -c 10.0.99.11 and enter. All things correct the two machines connect and start reporting bandwidth stats.

This reports the maximum throughput available between the two machines, the maximum is determined by the biggest bottleneck in the connection. In this setup it should be the firewall of the Draytek, but if your results are below expectations it’s worth investigating if something else is limiting the bandwidth. For example, a client PC using wireless N (150Mbps) technology would shift the bottleneck to the WiFi connection and will not be able to fully test the firewall.

Real World Setup

This example was conducted in a standalone environment, but a more accurate benchmark can be achieved by running this on a live system, for instance on a router where vDSL is established and the WAN2 speed is to be tested.

An issue you I ran into is even though the routing table has been updated on the Draytek, my Windows 10 machine is unaware on how to reach the test network.

To resolve, I added a temporary static route to push 10.0.99.0 traffic to WAN2.

In a command prompt window, run the following:

Replacing 192.168.1.1 with the gateway of the WAN2 setup.

Results

With the standalone example here using a 2860, the results averaging at 283Mps are comparable to the 300Mbps throughput advertised by Draytek.

I also conducted another test using my 2862 in situ, utilising the WAN2 port for testing alongside an active vDSL on WAN1. For an advertised 400Mbps throughput, the results were disappointing:

Where theoretical maximums are achievable, in reality there are a lot of factors that can impede this, I can only assume that my current setup involving multiple VLANs, VPNs and traffic shaping in place is causing the Draytek 2862 not to perform as advertised.

Whether this is expected behaviour or a misleading speed claim is another discussion.