Jumbo Frames

The new firmware also enables jumbo frames on the 2920.  Jumbo frame support isn't documented anywhere in the manual or product datasheet, but was mentioned in the new firmware release notes.

Enabling jumbo frames required telneting to the router and poking through various command line interface (CLI) options.  Fortunately, the Draytek CLI has a useful “?” help function.

I enabled jumbo frames with the commands port jumbo size 9022 and port jumbo on as shown in Figure 8 below.

Figure 9: Jumbo frame command line enable

Note, the maximum supported frame size on the 2920 is 9022 bytes.  I tested jumbo frames on the 2920 with two devices that support jumbo frames, one that supports up to 9000 byte frames and the other supports 7936 byte frames.  Thus, the largest frame size I could test is 7936 bytes. 

I'm happy to report that I was able to successfully pass 7936 byte frames between my two devices. I believe this is first router I've tested with true jumbo frame support!

VLAN

As with the 2910, the 2920 has basic VLAN capability in the form of physical port based VLANs. Each of the four LAN ports can be a member of one or more of VLAN0-VLAN3.

802.1q VLANs are not supported, however. I hope Draytek adds 802.1q in future firmware. I think 802.1q support is a useful feature, especially on a device that has so many different bandwidth management and QoS options.

Updated 12/29/2010

Draytek’s new firmware adds support for VLAN tagging on the WAN interface only This is an interesting choice. WAN interfaces can apply a VLAN ID on all outbound packets. Further, the new Multi-VLAN functionality, which is part of the WAN menu, allows for creating virtual interfaces on the WAN side. Additional functionality with VLANs on the WAN side is via the Bridge option in the WAN-Multi-VLAN menu. With this option, incoming packets with a VLAN tag can be forwarded to specific LAN interfaces.

The intent of my original statement was I’d like to see VLAN capability on the LAN side, where I think it will have the most utility. Nevertheless, I applaud Draytek for their innovative use of VLAN technology on the WAN side.

VPN

There are three options for remote access VPN connections: PPTP, L2TP with IPSec, and IPSec.  I tested all three options on a 32-bit Windows 7 laptop. 

The disk that comes with the 2920 has a copy of Draytek's Smart VPN Client 3.6.3 for IPSec client connections.  Draytek's website has a new version, 4.0.0.3, which is the version I used.

The configuration options are basic on both the router and the client software.   On the router, set up user names and passwords a pre-shared Key if using L2TP with IPSec or IPSec.  Figure 10 shows the configuration on the 2920 for creating a user name and password for a remote access PPTP VPN connection.

Figure 10: VPN user account setup

On the client software, enter the same settings as on the router, plus enter the IP or Host Name of the router.  Figure 11 shows a screenshot of the Draytek VPN client software.

Figure 11: Draytek IPsec client configuration

Site-to-Site VPN

The 2920 also supports standard IPSec options for creating a VPN tunnel between two or more routers.  The 2920 can have up to 40 defined VPN tunnels, but only 2 can be active at any one time. 

I tested the 2920 by setting up an IPSec tunnel to a Netgear SRX5308.  The 2920 supports DES, 3DES and AES encryption and I set up a tunnel using 3DES.  I created this tunnel early in my testing, and it stayed up continuously for days without fail.

As you can see in Figure 12, a IPSec tunnel is up between the 2920 and Netgear.  At the same time, I have a remote access PPTP connection running.

Figure 12: VPN Connection status

VPN Performance

I ran a basic iperf TCP test using all default values to measure throughput, which is the same methodology I use in all my reviews.  This test measures TCP/IP throughput with a TCP window size of 8 KBytes.

Draytek rates the 2920 with up to 40 Mbps VPN throughput.  Table 2 summarizes average throughput results over the remote access VPN and the Site-to-Site VPN tunnels tested. The fact that the 2920's throughput fell short of the 40Mbps rating doesn't surprise me.  I haven't tested a device yet that matched the manufacturer's VPN throughput rating.

Table 2: VPN throughput

I used the SRX5308 to test Site-to-Site VPN with the 2920 because I had measured 42.6 Mbps throughput on the SRX5308 in my previous review.  Thus, the SRX isn’t was not a limiting factor in the site-to-site test.

Routing Performance

Testing and analysis by Tim Higgins

The 2920 was tested using our updated router test process, using 3.3.3.1 firmware. Since the 2910G routing throughput measured only in the high 20 Mbps range, the 2920's performance is a definite improvement.

Table 3: Routing throughput

Figure 13 shows the IxChariot aggregate plots for WAN to LAN, LAN to WAN and simultaneous routing throughput tests, with pretty steady throughput.

Figure 13: Draytek 2920 routing throughput

The new Maximum Simultaneous sessions test, which has a limit above 40,000 sessions, came through with a best case of just shy of 35,000 sessions.