B1300 vs S1300

I’m looking to upgrade my current router but can’t figure out if the S1300 is worth the price difference. How comparable are the speeds of these routers using vpn/wireguard?

The S1300 should get almost 10Mbit for 128bit AES with OpenVPN as seen here:

First S1300 spotted in the wild

For comparison, a Raspberry Pi 3 B+ will do ~37Mbit

For openvpn/wireguard, B1300 and S1300 is almost the same

Openvpn 25Mbps, Wireguard 190Mbps

Are you getting that speed while copying a text file over the OpenVPN link with compression enabled?

What method are you using to get these numbers?

where are you getting your numbers?

sfx@raspy3:~ $ openvpn --genkey --secret /tmp/secret
sfx@raspy3:~ $ time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc
Thu Jun  6 18:59:24 2019 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode

real	0m41.372s
user	0m41.212s
sys	0m0.120s

Take the “real time” value (in seconds)

3200/time = max throughput in Mb/Sec

So RPi3B+ is around 77 Mb/Sec in theoretical throughput…

Anyways, bit of discussion on that topic over at SNBForums.com

I’ll have to take a look at my B1300 when I get a chance…

I would expect OpenVPN to be about half of Pi3B+ – as it’s a Cortex-A7 running at half the speed…

time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-128-cbc

This test is only a self-check of correctness for OpenVPN to encrypt and decrypt a packet crafted for upto the specified --tun-mtu setting. It is not a speed benchmark test.

If you run it without --verb 0 you can see what its doing. The last few lines are:

Fri Jun  7 07:50:12 2019 TESTING ENCRYPT/DECRYPT of packet length=19998
Fri Jun  7 07:50:12 2019 TESTING ENCRYPT/DECRYPT of packet length=19999
Fri Jun  7 07:50:12 2019 TESTING ENCRYPT/DECRYPT of packet length=20000
Fri Jun  7 07:50:12 2019 OpenVPN crypto self-test mode SUCCEEDED.

Interesting my Raspi 3b + running in 64 bit mode (OpenWRT) completed the check more than 2x as fast as yours:

real 0m 16.33s
user 0m 16.33s
sys 0m 0.00s

Which using the magic 3200 gives 195 Mbps (on a CPU without AES instructions!!) :smile:

I am using the openssl speed bench. OpenVPN will not be able to go faster than openssl’s max encryption per second. The real world number will be lower.

openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 5881191 aes-128 cbc’s in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 1648690 aes-128 cbc’s in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 426536 aes-128 cbc’s in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 107570 aes-128 cbc’s in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 13476 aes-128 cbc’s in 3.00s
Doing aes-128 cbc for 3s on 16384 size blocks: 6739 aes-128 cbc’s in 3.00s
OpenSSL 1.1.1c 28 May 2019
built on: Fri May 31 19:01:33 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc -fPIC -pthread -Wa,–noexecstack -Wall -O3 -Os -pipe -mcpu=cortex-a53 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -fpic -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_SMALL_FOOTPRINT
The ‘numbers’ are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128 cbc 31366.35k 35172.05k 36397.74k 36717.23k 36798.46k 36803.93k

I’m using the ‘36803.93k’ number to get a ball park 37Mbit.

1 Like

The Pi 3 B+ has a A53 - heres some documents for comparison of the two.

So:

The Cortex-A35 can deliver up to 40% faster performance[1] than the Cortex-A7 — at the same clock speed — while consuming 10% less power

And:

At the same clock speed the Cortex-A35 reaches 80%-100% of the performance of a Cortex-A53 depending on the workload

The A53 in the Pi 3B + will be quite a bit faster, clock for clock.

1 Like

Depends - RPi3B+, even in 64bit is going to pale against other Cortex-A53’s that have the ARM crypto extensions (Pi3/Pi3B+ doesn’t)

Default Raspbian on Pi3 runs the A53 as a 32-bit ARMHF, so perf there is going be reflect that.

Getting back to B1300/S1300 - OpenVPN perf there is going to be slightly faster, around 15 percent, compared to AR300M with the AR9531 running at 612MHz…

WG, I would think the S1300/B1300 might be quite a bit faster than AR300M as an estimate - wider memory bus on the IPQ40XX vs. the AR9531…

OpenSSL provides a higher level interface to abstract away cipher specifics. This is called the EVP interface. OpenVPN uses the EVP interface.

When calling openvpn speed <cipher> it does not use this interface, but the cipher-specific one.

Instead, calling openvpn as such:

openvpn speed -evp aes-128-cbc

Uses the more generic interface, and actually will detect applicable optimizations for your processor such as AES-NI and enable them accordingly. In the case of the pi3b+ it does not have specific AES instructions, but it does have a more generic hardware acceleration they call NEON which in more recent (2014) versions of OpenSSL they utilize with assembly code.

When running in this mode on my RPi3B+ I get the following:

openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 7718360 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 2639178 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 731593 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 187992 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 23692 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 11847 aes-128-cbc's in 3.00s
OpenSSL 1.1.1c  28 May 2019
built on: Fri May 31 19:01:33 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -Os -pipe -mcpu=cortex-a53 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -fpic -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_SMALL_FOOTPRINT
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      41164.59k    56302.46k    62429.27k    64167.94k    64694.95k    64700.42k

A theoretical maximum of 63Mbps.

Yes thats right, but 64bit mode will not make it faster - it could well make it slower using unneeded larger 64 bit addresses. 64bit is for addressing more then 4GB of memory - but it has 1GB. I’m unsure why openwrt chose to make it 64bit - it makes all the binaries bigger for no gain.