How can Internet speed be 10 times slower without a router than when using the same connection with a router?

28

6

I am trying to figure out what is the realistic "speed of service" that my Internet company provides to my house. Here are the test that I am running:

  1. Internet ↔ modem ↔ wireless router ↔ laptop: Internet speed (using an internet speedometer test): about 19 Mbit/s download and 18 Mbit/s upload.
  2. Internet ↔ modem ↔ WIRED router (using cable; turned off wireless on laptop) ↔ laptop: about 40 Mbit/s down/ 38 Mbit/s up
  3. Internet ↔ modem ↔ laptop (no router at all; cable to modem): 4 (four) Mbit/s up and 2 (two) Mbit/s up?! WHAT?!

How is this possible?

AlexeiOst

Posted 2019-05-02T01:29:23.923

Reputation: 389

Because the router works on the LAN, probably Ethernet, and the modem works on the WAN. – user207421 – 2019-05-02T10:40:56.570

@user207421 except that in most SOHO routers the destinction between a WAN and LAN port is quite arbitrary - especially as they arethe same inteface.type, same chipset and indeed I have turned WAN ports into LAN ports and vv (usong dd-wrt) – davidgo – 2019-05-02T11:42:16.437

8When you plug direct to the modem does the ethernet adaptor negotiate full duplex? – J... – 2019-05-02T12:45:49.117

5Also which router/modem are you using? I would imagine a router would have dedicated hardware for things that your computer would do in software. Additionally, what type of connection and modem? Is this an ADSL modem? VDSL modem? Is this a copper or a fibre optic line? How is the laptop connected to the modem? USB 2? USB 3? USB-C? Ethernet? – Tom J Nowell – 2019-05-02T13:53:37.080

1@tomjnowell This is typically incorrect. The vast majority of SOHO routers do routing in software (ie using Linux and an embedded CPU). The router has to be an Ethernet / Ethernet.router based on the description. – davidgo – 2019-05-02T19:22:48.270

Are you connecting your laptop directly to the modem with USB instead of ethernet? (If so, is it using USB1.1 speed?) Is the router still connected and powered on when you're bypassing it? Maybe your ISP does something different with multiple MAC addresses connected to the cable modem. – Peter Cordes – 2019-05-02T21:14:52.060

5You should probably give a few more details, including: the brand and model of the modem, how you connect your laptop to that modem, how you connect either of the routers to the modem, what settings you have in your router for the WAN connection (including things like PPPoE). Many "modems" are actually routers, so the settings of the modem could be useful as well. What type of connection is it (fiber, cable, DSL...)? Are you sure your laptop is actually going through the modem and not via some mobile hotspot or a distant Wi-Fi network? – jcaron – 2019-05-02T23:23:14.457

what test exactly are you running to determine the speed? Answer to this will provide more info for troubleshooting. – Matija Nalis – 2019-05-03T11:40:32.200

1It would really help to know what kind of connection and hence modem you are using. If possible provide the modem and router brand and model as well. To exclude certain problems, (1) reboot both devices after connecting them; (2) try different cables (3) try different computers. Tell us what happened. – Peter - Reinstate Monica – 2019-05-03T12:02:13.333

What ISP? What make and model of modem? Did the ISP furnish the modem, or did you? These things matter. Please [edit] your question to tell us. – O. Jones – 2019-05-04T11:33:53.163

We cannot answer objectively with more details on your side. You do not tell us whether there is a USB interface or a bridged interface. i.e. my 4th LAN port in my ISP modem is bridged and much faster than going over NAT+firewall+routing of the slow ISP modem and got knows whatever else. The question is basically asking people to guess the network setup. Is it out of the equation asking this to the ISP? They ought to know their equipment. – Rui F Ribeiro – 2019-05-04T20:12:32.560

Answers

36

The first two are easy to explain - you live in an area with a fair amount of Wi-Fi noise or are far away from the router or have a crappy router, so a wired connection is faster - indeed that represents the typical maximum speed you will get.

Your Internet -> modem -> laptop is a lot harder to answer. In the naive case, yes, connecting to the laptop should be the fastest option, however it assumes a number of things which may not be true.

My speculation is that there is some kind of authentication going on on the router - possibly through PPPoE or using its MAC address. This authentication is failing and the router is being put in a very low bandwidth pool by the ISP. It's also possible that VLANS are involved that the router knows about but your PC doesn't. These kinds of thing are deliberately set up by telecommunications companies for a number of reasons on about which I can only speculate.

It is, of-course possible that there is a negotiation issue between the router and the modem.

davidgo

Posted 2019-05-02T01:29:23.923

Reputation: 49 152

17

It could possibly be a QoS issue. I recently attended a presentation at work that included some discussion about a problem where people who paid for a 100 Mbit/s Internet connection could only use 5 Mbit/s.

QoS refers to the way your bandwidth is limited. I'm simplifying this for a general audience, but in this case (that I was told about) the Internet connection was very strict about the 100 Mbit/s limit - you couldn't go over that amount, even for a few milliseconds. If you did, the ISP's equipment would simply drop (discard) the traffic. Your computer thinks the dropped traffic means that your Internet connection is at its maximum capacity, even though it's only sent a little bit of traffic, so it slows right down.

If this is the problem, it would be because your ISP has configured your router with the right QoS settings so this doesn't happen (your router would hold onto the extra traffic for a few milliseconds instead, to avoid going over 100 Mbit/s or whatever your speed is). But your laptop doesn't have the right settings so it runs into the problem.

user253751

Posted 2019-05-02T01:29:23.923

Reputation: 324

10

I may be able to offer an explanation for #3, at least.

First, my assumptions going into this, since there's a good deal of detail missing from your question. Please do correct anything I got wrong (by adding the relevant details to your question).

  1. The router in your #1 and #2 was the same router, and nothing about its internet-side connectivity changed between those two scenarios. (Meaning, you simply changed how the laptop connected to the router, but didn't touch anything between the router, modem, and upstream connection.)

  2. You then unplugged the router from the modem, and plugged your laptop directly into the modem where the router used to be connected.

  3. You didn't reboot the modem between your #2 and #3.

Many consumer-grade "broadband" type modems, especially those provided/leased to customers by their providers, are programmed to support only a single downstream client device. I suppose it's intended as some sort of protection against wirejacking or who knows what. When they boot up, they register the MAC address of the first device they contact on their local network port, and that device becomes their sole reason for existence. Connecting any other devices directly to the modem will then either fail to communicate at all, or they'll experience vastly degraded performance, because the modem is holding out for its one true love.

TL;DR: Always, ALWAYS power-cycle your broadband modem when connecting a different device to its LAN port.

FeRD

Posted 2019-05-02T01:29:23.923

Reputation: 989

2

With the current information given, the difference between the wired connection through a router and without a router cannot be definitely answered. I want to mention one more possibility: MTU issues. I'll try a gentle description of the problem.

The connection between a router and a modem may be established via PPPoE. PPPoE adds an additional header to every transmitted packet, lowering the maximum possible payload (data) size. If some communication participant along the way does not know about this and sends IP packets with the usual maximum size of 1500 Bytes, the packet has to be fragmented before entering the PPPoE tunnel. Fragment reassembly at the receiver can cause latency jitter, which may be interpreted as a connection being close to its capacity limit, causing slowdowns.

Now, if you connect your laptop directly to the modem, your laptop should know about the correct MTU since it is the one that established the connection, making this explanation somewhat unlikely. However, the fact that there is a lower-than-normal MTU on the tunnelled connection may have been forgotten by whatever PPP implementation you are using.

Lastly, why would this issue not appear with the router? Most routers are aware of this kind of problem and "clamp the MSS", meaning they use a hack one layer above IP: to participants establishing a TCP connection, they indicate that the maximum acceptable TCP segment size is lower than usual (by modifying the connection establishment packets), effectively bringing down the size of IP packets being used for that connection.

Caesar

Posted 2019-05-02T01:29:23.923

Reputation: 147

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - From Review

– I say Reinstate Monica – 2019-05-03T10:35:59.713

@TwistyImpersonator while somewhat terse, I think it does provide answer to the question. Examples (1) and (2) which are fast go via the router which fixes TCP MTU issues with MSS clamping and thus restores speed to normal levels, while (3) does not go via router, so MTU is broken, so it is slow. – Matija Nalis – 2019-05-03T11:34:28.593

@TwistyImpersonator All the neceesary clarifications have been asked for by jcaron. I suppose I should have waited? Nevertheless, anyway, I tried to expand my answer a little cough. – Caesar – 2019-05-03T12:51:02.167

@Caesar Your edit was the needed improvement. – I say Reinstate Monica – 2019-05-03T13:29:43.217

The idea that an incorrect MTU can greatly slow things down is correct, and if the router is doing MTU clamping could be correct. The post goes a bit off the rails by talking about PPPoE and the desktop knowing the MTU size from the router. – davidgo – 2019-05-03T20:18:50.470

@davidgo If there is a router, indeed, the correct MTU likely won't be known to the desktop. But if the desktop is the one establishing the PPP connection? Also, if you're aware of any other common causes for reduced MTUs, please do tell. – Caesar – 2019-05-03T22:33:39.570

Any tunnel (includong openvpn and ppp) will likely reduce the MTU, as will things like MPLS (which is sort of like vlans used a lot by carriers). Of less likelyhood are other types of delivery like ATM. – davidgo – 2019-05-03T23:55:04.453

2

Adding to Davidgo's answer, point 3 could also be a negotiation Issue: When a device is connected, it starts to negotiate the 'terms' (speed, rates, ...) of the communication with other devices and selects the highest possible standard that both devices are able to understand.

So in your case the ISP's modem might use some protocol that your laptop is unable to understand. Your router however is ok with that protocol. It's really dependent on the hardware tho.

ndcHunter

Posted 2019-05-02T01:29:23.923

Reputation: 21

0

Agree with davidgo. Now, if your modem is a pure modem (or a router in bridge mode), you can try spoofing the MAC address of your router as that may be what your ISP is looking at.

Does the router have a configuration that includes a username/password or keypair information? If so, the ISP may have client software for the PC, or a Web Page for entering this data.

Also try a crossover cable. The router may have auto-MDIX.

mckenzm

Posted 2019-05-02T01:29:23.923

Reputation: 829

3If the cable type were wrong, you wouldn't connect at all. – Barmar – 2019-05-02T19:42:15.477

Also, most network cards do auto crossover, too. Or, at least, at least one in every network I've ever made at home has. It was fun finding out I wasted my money on a crossover cable. – trlkly – 2019-05-03T10:46:15.697

0

I do not feel my answer is the complete answer, but may be part of the total answer, and has not been mentioned in another answer.

In my setup, the router is placed in bridged mode, and my firewall is attached behind. I see a relatively constant incoming stream of traffic to the firewall, all dropped. Your computer may be "unaccustomed" to the constant attempted connections, all valid to a normally isolated machine. Your machine may be performing connection handshakes with, or otherwise consumed with processing, this incoming traffic. It may not be necessary for trouble, but I can only hope the handshake fails, because many of these connections are, I believe, zero day exploits to unpatched systems.

I would recommend you not connect directly to the Internet, unless you have very heavy-duty protection in place.

newyork10023

Posted 2019-05-02T01:29:23.923

Reputation: 21

Reason for downvotes? This answer sounds plausible to me. – krubo – 2019-05-04T09:44:35.813

0

This really sounds like a TCP window scale option problem (often conflated with MTU and MSS). Your laptop is asking the other end of the connection to only send it a small amount of data between acknowledgements. This means that a long latency in the connection will lead to a much lower throughput than the link is capable of because only a small amount of unacknowledged data can be in flight at any one time, and acknowledgements are limited by latency. This is called BDP.

When you insert the router in there, the router can use a much larger TCP window scale option going to the remote end of the connection. So you get high throughput from remote to router because of the large window size, and high throughput from the router to the laptop due to the lower latency between them.

Depending on the age and OS and OS version of your laptop, you might be able to adjust the window scale option on it.

jjanes

Posted 2019-05-02T01:29:23.923

Reputation: 119

This makes no sense to me.for a typical ethernet network and modern os. – davidgo – 2019-05-04T20:39:03.027

His diagram includes the internet and a modem, so clearly he is not on ethernet from end to end. I don't know how modern his OS is, or what your criteria is for modernity. – jjanes – 2019-05-04T23:02:31.220

modern OS = anything which has reasonable defaults for window size, ie a stack which is not expecting a dialup modem on the other end. As the upload speed is 38 megabit up, it is hugely unlikely this is a high latency connection to the nearest speedtest server as home user satellite service does not typically have that kind of bandwidth. (We know its home user because he says to my house.) In short, no reason is given to believe this is a high latency connection rather then typical home broadband. – davidgo – 2019-05-04T23:28:03.523

-3

Also, it might be that your laptop is infected with some malware, and that firewall in router is dropping connections to/from your laptop, thus preserving all available bandwidth for your test and you get better peeds.

And when you connect your laptop directly to the modem, it is unprotected and additional malware connections are made to/from it which uses up most of the bandwidth, leaving only a little for your test.

Matija Nalis

Posted 2019-05-02T01:29:23.923

Reputation: 2 107

I mean, it's not impossible, but this is the IT-troubleshooting equivalent of hearing hoofbeats and expecting a unicorn. – FeRD – 2019-05-04T02:38:57.057

1APWG reported between 20%-47% of computers were infected by malware as of 2016, depending on the country. So this answer seems plausible to me. – krubo – 2019-05-04T09:57:36.687

@krubo There are a lot of issues with that report, but in this context the most salient is that their definition of malware is extremely broad. Even "PUPs" ("potentially unwanted programs", the non-malicious crapware that often tags along with application installers) count as malware by their definition. While malware in general is widespread, malware of the type that would act in the way Matija posits (the kind that would saturate a broadband connection if it could) is incredibly rare. – FeRD – 2019-05-04T21:26:22.077

@FeRD actually, while some malware will try to limit bandwidth in order to remain stealth, most malware which exfiltrate data from your computer to attacker (which is by no means all of them, I agree) will opt to get as much data as possible before it is detected, and as such will saturate your outbound link (and thus severely impact not only upload, but download speeds too). – Matija Nalis – 2019-05-05T22:15:01.370

@MatijaNalis Yes, and most malware that does that would do it just fine through a consumer router as well, making it incredibly unlikely the user would remain blissfully unaware of this theoretical malware, only for it to be revealed once they bypassed the router. ...Look, I agree it's possible. In fact, that was the very first sentence in my very first comment. It's still a unicorn. – FeRD – 2019-05-06T05:20:07.883

Asked: 2019-05-02T01:29:23.923

Viewed: 10 362 times

Active: 2019-06-05T22:29:12.220