Introduction

External design and hardware

Firmware update

Web-interface

Command line

Testing

Summary

Introduction

It’s been more than two years since we tested Zyxel Keenetic Ultra II and Giga III wireless routers. Yes, time spins away. Today in our laboratory we have Keenetic Giga KN-1010 wireless router. Let’s review which new capabilities were added and how the performance of wireless routers has changed after Keenetic department became a separate company.

External design and hardware

Keenetic Giga KN-1010 wireless router comes in gray and white plastic case with the dimensions 214x154x33 mm (not considering external antennae). The device weighs 488 g. To operate properly KN-1010 needs an external power adapter (included to the box) with the following characteristics: 12V and 2,5 A.

There are a 3D vendor name, LEDs indicating state of the whole device and its wired and wireless interfaces on the front panel. In addition, button for managing wireless network is located here.

Keenetic KN-1010 wireless router has four external turning non-detachable antennae placed on the rare panel of the case and its sides.

The remarkable part of the sides is covered with the ventilation grate. Except for it, two USB ports (one USB 2.0 and one USB 3.0) are placed on one side and two additional configuring buttons for managing additional device parameters are located here, too.

Except for two antennae, five Gigabit Ethernet ports (one WAN and four LAN) with LEDs indicating their state, slot for power connection and sunken Reset button are placed on the rare panel. It’s worth noting that WAN-interface of the testing wireless router is a combo one: the user can connect to the Internet both with the help of twisted pair and optical fibers by using special transivers.

The bottom panel is rather traditional: the ventilation grate, four big rubber legs, two technological holes for mounting the router to the wall and sticker with brief information about the device are located here.

Now let’s take a look at the insides of KN-1010 case.

The hardware of Keenetic KN-1010 wireless router consists of the only green textolite plate which main elements are placed on its both sides. MediaTek MT7621AT dual-core processor working on 880 MHz and MT7615D wireless module of the same vendor are covered with protecting screens are not available for review, whereas DDR Nanya NT5CC128M16IP-DI RAM chip of 256 Mbytes is available.

On the bottom side of the plate Spansion S34ML01G200TFI000 flash-memory module of 128 Mbytes and Realtek RTL8211FS switch chip with five Gigabit Ethernet ports are placed. The given switch is responsible for working with WAN-port (select of SFP or RJ-45), whereas switching of data transmitting via LAN-ports is performed by gigabit switch built into the processor.

That’s where we complete Keenetic KN-1010 wireless router hardware review and go to reviewing its firmware capabilities.

Firmware update

Firmware update can be carried out in General settings menu item, Administration group of the web-interface. The users can prefer automatic or semi-automatic firmware update mode. One should be connected to the Internet to update firmware using any of this ways.

The whole firmware update process takes about 1,5 minutes and doesn’t require any special knowledge from the user.

Ability of manual Keenetic Giga firmware update is also available to the users, to use it one should click Replace the file button in firmware section of System files group of General settings menu item and select file with the new firmware version.

Firmware used for Keenetic wireless routers has module structure that allows the administrator to install only components that are really needed. One can select components for installation on General Settings page. Amount of available components is really surprising.

By default, only two firmware lines are available to the administrator: stable (release) and more dynamically developing beta-version. However, in addition, firmware of other lines can be available to the administrator. One can perform update to developing firmware versions either with the help of a special firmware file which can be retrieved from vendor technical support or by downloading it from the forum or by entering two hidden commands: components list draft and components commit (Internet connection is necessary).

One can turn on/off automatic firmware update and change list of installed components using command line interface.

(config)> components
 list - show an available component list
 install - install or remove a component
 remove - remove the component from this system
 preset - select a predefined set of components
 preview - show firmware info
 commit - apply selected component set
 validity-period - set a validity period of a local component list
 auto-update - manage firmware components auto-update settings
(config)> components install opkg
Components::Manager: Component "opkg" is queued for installation.
(config)> com
 components - manage firmware components
 (config)> components comm
 commit - apply selected component set
 (config)> components commit
Components::Manager: Update task started.

If necessary, the administrator can update device firmware using files located on the external USB drive. We copied file with new firmware version to our small flash-card and connected it to the router. After flash-card connection a new drive from which we are going to perform copying of firmware was detected by the system.

(config)> ls
 Usage template:
 ls [{directory}]
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 (config)> ls 9A8ABCA98ABC8375:/
 rel: 9A8ABCA98ABC8375:/
 entry, type = R:
 name: firmware
 size: 13893692
 (config)> copy
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 log
 running-config
 startup-config
 default-config
 (config)> copy 9A8ABCA98ABC8375:/f
 Usage template:
 copy {source} ({destination} | {destination})
(config)> copy 9A8ABCA98ABC8375:/firmware
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 9A8ABCA98ABC8375:/firmware ndm:/
 9A8ABCA98ABC8375:/firmware flash:/
 9A8ABCA98ABC8375:/firmware temp:/
 9A8ABCA98ABC8375:/firmware proc:/
 9A8ABCA98ABC8375:/firmware sys:/
 9A8ABCA98ABC8375:/firmware storage:/
 9A8ABCA98ABC8375:/firmware usb:/
 9A8ABCA98ABC8375:/firmware 9A8ABCA98ABC8375:/
 9A8ABCA98ABC8375:/firmware STORAGE:/
 9A8ABCA98ABC8375:/firmware log
 9A8ABCA98ABC8375:/firmware running-config
 9A8ABCA98ABC8375:/firmware startup-config
 9A8ABCA98ABC8375:/firmware default-config
 (config)> copy 9A8ABCA98ABC8375:/firmware flash:/firmware
FileSystem::Repository: Firmware update started.

One can check success of firmware update process using show version command.

(config)> show version
 release: 2.11.C.1.0-3
 arch: mips
 ndm:
 exact: 0-fbd6e4f
 cdate: 11 Apr 2018
 bsp:
 exact: 0-e2dc116
 cdate: 11 Apr 2018
 ndw:
 version: 4.2.3.114
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image,nopack,
 flexible_menu,emulate_firmware_progress
 components: angular-ndw,ddns,dot1x,fat,hfsplus,interface-
 extras,kabinet,miniupnpd,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,ntfs,ppe,
 trafficcontrol,usblte,usbserial,cloud,cifs,base,
 cloudcontrol,components,config-ap,config-client,config-
 repeater,corewireless,dhcpd,dlna,easyconfig,ftp,igmp,
 l2tp,madwimax,pingcheck,ppp,pppoe,pptp,skydns,storage,
 transmission,usb,usbdsl,opkg,usbmodem,usbnet,ydns,
 printers,theme-Keenetic,base-theme,sysmode,base-l10n,
 easyconfig-3.2,modems,ispdb,base-Intl
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center

That’s where we proceed to completion of description of different ways for Keenetic wireless routers firmware update and go directly to exploring its web-interface capabilities.

Web-interface

One can get access the router web-interface using any modern browser. In addition, managing the device can be performed with the help of mobile apps available for the systems based on Android and iOS. The web-interface of KN-1010 model is available in three languages: Russian, English, and Ukrainian.

The vendor decided to display a prompt message about the way of password reset (and, certainly, all user settings as well) directly on control panel login form.

Upon successful authentication the user is navigated to the router web-interface start page where the information about the use of Internet channel and wired interfaces statuses, connected devices, wired and wireless clients is presented. Except for it, with the help of this page the administrator can control running apps, among which are various VPN servers and file access protocols, torrent clients and proxies for IPTV watching. The brief information about the system is also presented on the start page.

It’s worth noting that in the given review we will describe the new web-interface that just recently became available on Keenetic wireless routers. During some time traditional version of the web-interface will be also available to the users, to navigate to it one should use «Go back to the previous design» link. However, we didn’t find a way to go back to the new web-interface version so to do this one should reconnect to the device.

With the help of Wired menu item of Internet group the administrator can perform setting of wired network operator connection parameters and select main connection in case Keenetic Giga has connections to different Internet providers simultaneously. Among available ways of connection there are all standard and widely used ones: static and dynamic IP addresses (it is IPoE term so adorable by marketers) and PPPoE/L2TP/PPTP tunnels. We cannot help but mention the support of authentication using IEEE 802.1X.

Have you obtained Keenetic Giga wireless router with wired Gigabit Ethernet ports, however for Internet access connection via ADSL/VDSL is needed or only wireless operators are available in the given area? - It’s not a big deal! One can connect wired xDSL modem or wireless modem with the support of 3G/4G networks to USB ports of the testing model. Corresponding settings are provided in 3G/4G modem and ADSL/VDSL modem menu items of the same group.

Except for the option of connection to mobile operators wireless networks Keenetic Giga provides the users with the ability of connection to wireless networks of Wi-Fi providers, the corresponding setting is available in Wireless ISP menu item.

In Internet group the only item is left for our review: Other connections. Here the administrator can configure parameters of VPN connections working in which KN-1010 router plays role of a client or peer. The following types of tunnels are supported: PPPoE, PPTP, L2TP, L2TP/IPsec, OpenVPN and 6in4. Connections via IPsec are performed in site-to-site mode. SSTP support will be available in the firmware versions since 2.12.

Device list menu item of My networks and Wi-Fi group allows the administrator to view the list of currently connected devices and parameters of their connection. A pleasant peculiarity is an ability to block Internet access for unregistered devices or set speed limit for them. To be reasonable, it’s worth noting that speed limit can be set for registered devices as well, in addition to it, the administrator can configure schedule in accordance to which Internet access will be provided to this or that client.

Now let’s have a look at Home network menu item of the same group. With the help of this item the administrator can not only set SSID for each Wi-Fi frequency range and main parameters of their work (including schedule) but also set IP address for LAN interface, configure DHCP server parameters, perform configuration of virtual networks and activate IGMP Proxy option that provides access to IPTV service of the local network operator. We cannot help but mention the support of Band Steering option with the help of which the router can dynamically distribute wireless clients, which support operating in both frequency ranges, between wireless networks.

One can prohibit access to the wireless router web-interface or limit Internet access speed for clients connecting to guest wireless network. If it is necessary to organise public Internet access with user authorization, one can user Captive portal option. It’s also worth noting that Captive portal function supports remarkable amount of third-party services for user authorization, however if due to some reason there is no needed provider in the list, one can configure parameters of connection to it manually. We also consider interesting an ability to connect to guest network not only wireless clients but also wired devices connected with particular LAN ports of the router. So, for example, one can create selected segment for friends of his/her child or for IoT (Internet of Things). All listed configurations are presented in Guest segment menu item.

Each parent would like to protect his/her child from inappropriate content and protect his/her devices from viruses and network attacks. Internet safety menu item of Network rules group can help with it. Filtration is performed with the use of third-party DNS servers that perform rating of Internet resources.

To use an ability of manual creation of filtration rules, one should go to Firewall menu item of the same group.

In the local network behind Keenetic Giga wireless router a service to which one should provide access from the Internet can be placed. In this case the administrator should go to Forwarding menu item with the help of which configuration of forwarding rules for incoming packets for TCP and UDP ports is performed.

One can manage static routes using Routing item of the same menu group.

Often operators provide users with dynamic IP addresses that make more difficult sharing resources located in the local network behind the router. DDNS service that allows dynamic updating binding of domain name and IP address can help in this case. Corresponding setting is available in Domain name menu item. It’s worth noting that except for widely known operators providing dynamic DNS service, KeenDNS service with a bit wider functionality is supported. So, for example, with the help of this service the users can have an ability of remote managing the router via HTTPS even if the device is located behind NAT/PAT provider. Except for managing, remote setting of SSTP tunnel (at the moment when this review was being written the given option was available in beta firmware versions) for connection to the devices of the home network is available. Some users can prefer ability to connect to different devices of home network using fourth level domains.

Choice of options necessary to the user can be performed with the help of User-defined options menu item of Management group. Here one can turn on/off torrent client and file services, VPN services and UDP proxy. In addition, setting of the services is performed with the help of this page.

One can manage users and their access rules with the help of Users item of the same menu group.

The number of options available for update to the administrator in System settings item is really significant. So, for example, here one can select operation mode of the device and parameters of system updates (including ability of changing set of installed components), view and replace system files, activate support of cloud service, manage working of buttons placed on the router case, configure speeds of network interfaces and USB ports.

With the help of Diagnostics menu item of Management group the administrator can perform checking of particular network hosts availability, view router system log, view the list of active connections, enable the debug mode, and perform packet capture.

Installation of additional extension packages is performed with the help of OPKG item of the same menu group.

In case of Zyxel Keenetic Plus DECT availability DECT base station managing its operation parameters is performed with the help of menu items of Telephony group.

That’s where we could complete the web-interface review, but…

There are several firmware versions for Keenetic wireless routers, the most famous among them are the following: stable (release), preliminary (beta) and debugging. It’s also worth noting that technical support of the vendor provides consultancy only for release and beta versions, we also don’t recommend installing debugging versions without really need. All new functions become available firstly in the debugging firmware versions and are available to enthusiasts for testing. Obviously, we decided to perform update to the latest available debugging and beta versions and check which changes will be available to the users in the short term.

New firmware versions will add new item Connection priorities to Internet group of the web-interface menu. With the help of Internet connection policies tab the administrator can create access profiles managing the order of using connections to providers.

More interesting, from our point of view, is Policy bindings that is the second tab of the same menu item. Using it one can perform binding of particular registered devices to access profiles that allows different wired and wireless clients to use different Internet connections. That’s the first step to realization of PBR - Policy Based Routing function.

User defined options item of Management group is extended with additional option SSTP VPN server.

A pleasant peculiarity of VPN server SSTP is an ability of users connection to it even in case of absence of globally routed (white/valid/real) IPv4 address. Connection is performed via the cloud supported by the vendor. The connection via the cloud can also be used for remote managing the device in case of real address absence.

It’s also worth noting that Keenetic Giga can play role of a client for connection via SSTP, corresponding setting is available in Other connections item of Internet menu.

When this review was being prepared for publication, Keenetic representatives notified us that firmware of 2.12 version is moved from debugging to beta version without any additional manipulations. But the most important point here is that official support is provided for beta versions so users can apply to the vendor technical support in case of any difficulties on using any of described new functions.

Now let’s turn to reviewing the command line capabilities of the device.

Command line

We will not review all capabilities of Keentetic wireless routers command line but describe the most interesting of them. To be reasonable, it’s worth noting that command line has more consistent functionality comparing with the web-interface. Okay, let’s start.

Command line of Keenetic Giga KN-1010 is provided as command interpreter and the users don’t have access to shell. The interface under review is similar to CLI of Cisco Systems devices, however it has many differences. To access the command line one should enter login and password which are the same as for web-interface authentication.

Login: admin
Password: **********
(config)>
 system - maintenance functions
 ntp - configure NTP
 schedule - schedule configuration
 known - manage lists of known network objects
 access-list - configure network access lists
 isolate-private - configure if traffic may pass between "private" interfaces
 user - configure user account
 dyndns - configure DynDns profiles
 ndns - configure NDNS
 yandexdns - configure Yandex.DNS profiles
 skydns - configure SkyDns profiles
 nortondns - configure Norton ConnectSafe DNS profiles
 adguard-dns - configure AdGuard DNS profiles
 ping-check - configure ping-check profiles
 interface - network interface configuration
 ip - configure IP parameters
 pppoe - configure PPPoE parameters
 ipv6 - configure IPv6 parameters
 kabinet - configure kabinet authenticator
 ppe - Packet Processing Engine configuration
 upnp - configure UPnP parameters
 torrent - configure torrent service parameters
 udpxy - configure udpxy
 crypto - configure IPsec
 igmp-proxy - configure IGMP
 dect - configure DECT parameters
 snmp - configure SNMP service
 sstp-server - configure SSTP VPN server
 vpn-server - configure PPTP VPN server
 service - manage services
 cifs - manage CIFS service
 dlna - manage DLNA service
 dns-proxy - manage DNS proxy service
 afp - manage AFP server service
 whoami - display info about the current management session
 printer - printer configuration
 more - view text file
 ls - list directory contents
 copy - copy files
 erase - erase file or empty directory
 access - set user access for directory
 monitor - manage monitor services
 show - display various diagnostic information
 tools - tools for testing the environment
 opkg - Open Package configuration
 ntce - NTCE settings
 easyconfig - configure Easyconfig services
 bwmeter - bandwidth meter
 components - manage firmware components
 cloud - manage cloud services

Several configuration modes are supported for such devices. For example, to update parameters of a particular interface one should go to a corresponding mode.

(config)> int
 interface - network interface configuration
(config)> interface
 Usage template:
 interface {name}
 Choose:
 Pvc
 Vlan
 CdcEthernet
 WiMax
 UsbModem
 RealtekEthernet
 AsixEthernet
 Davicom
 UsbLte
 Yota
 Bridge
 PPPoE
 SSTP
 PPTP
 L2TP
 OpenVPN
 IPIP
 TunnelSixInFour
 Gre
 EoIP
 TunnelSixToFour
 Chilli
 GigabitEthernet0
 GigabitEthernet0/0
 1
 GigabitEthernet0/1
 2
 GigabitEthernet0/2
 3
 GigabitEthernet0/3
 4
 GigabitEthernet0/Vlan1
 GigabitEthernet0/Vlan3
 GigabitEthernet1
 ISP
 GigabitEthernet1/0
 0
 WifiMaster0
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/AccessPoint1
 WifiMaster1/AccessPoint2
 WifiMaster1/AccessPoint3
 WifiMaster1/WifiStation0
 UsbDsl0
 Bridge0
 Home
 Bridge1
 Guest

For wireless interfaces the user can manage transmission power, wireless channel and modes of compatibility. Also the administrator can specify country code where the given device is used. For all interfaces including wireless ones the administrator can restrict maximum user data transmission speed using traffic-shape command.

(config)> interface WifiMaster0
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 debug - enable connection debugging
 rf - change RF settings
 ip - configure IP parameters
 ipv6 - configure IPv6 parameters
 country-code - set country code
 compatibility - set 802.11 compatibility (use parameters like BG or ABGN)
 channel - set radio channel
 power - set transmission power level
 preamble-short - enable short preambles
 tx-burst - enable Tx Burst
 rekey-interval - change WPA/WPA2 rekey interval
 band-steering - enable band-steering
 vht - enable VHT (QAM256)
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> tra
 traffic-shape - set traffic rate limit
(config-if)> traffic-shape
 Usage template:
 traffic-shape rate {rate} [schedule {schedule-name}]
(config-if)> rol
 role - interface role configuration
(config-if)> role
 Usage template:
 role {role} [for {ifor}]
 Choose:
 inet
 iptv
 voip
 misc
(config-if)> coun
 country-code - set country code
 (config-if)> chan
 channel - set radio channel
(config-if)> channel
 Usage template:
 channel {channel} | width ... | auto-rescan ...
 width - set radio channel width
 auto-rescan - set radio channel auto-rescan schedule
(config-if)> powe
 power - set transmission power level
(config-if)> power
 Usage template:
 power {power}
(config-if)> exi
Command::Base error[7405600]: no such command: exi.
(config-if)> exit
Core::Configurator: Done.
(config)> inter
 interface - network interface configuration
(config)> interface Acc
 Usage template:
 interface {name}
 Choose:
 AccessPoint
 AccessPoint_5G
(config)> interface AccessPoint
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 peer-isolation - enable peer isolation
 security-level - assign security level
 debug - enable connection debugging
 wps - enable WPS functionality
 authentication - configure authentication
 encryption - configure encryption parameters
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ipv6 - configure IPv6 parameters
 ping-check - ping-check configuration
 ssid - set wireless ESSID
 hide-ssid - disable SSID broadcasting on the access point
 wmm - enable Wireless Multimedia Extensions on this interface
 pmf - enable Protected Management Frames on this interface
 ipsec - configure IPsec parameters
 led - configure interface LED binding
 lldp - configure LLDP parameters
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> en
 encryption - configure encryption parameters
(config-if)> encryption
 key - set wireless encryption key
 enable - enable wireless encryption (WEP by default)
 disable - disable wireless encryption
 wpa - enable WPA version 1 (TKIP) encryption
 wpa2 - enable WPA version 2 (AES) encryption
(config-if)> encryption

One can manage access lists for IPv4 traffic with the help of access-list command.

(config)> acce
 access-list - configure network access lists
 access - set user access for directory
(config)> access-
 access-list - configure network access lists
(config)> access-list
 Usage template:
 access-list {acl}
(config)> access-list test
Network::Acl: "test" access list created.
(config-acl)>
 deny - add prohibitive rule
 permit - add permissive rule
 rule - set rule operation time
(config-acl)> perm
 permit - add permissive rule
(config-acl)> permit
 Usage template:
 permit ((tcp | udp) {source} {source-mask} [port (((lt | gt |
 eq) {source-port}) | (range {source-port} {source-end-port}))]
 {destination} {destination-mask} [port (((lt | gt | eq)
 {destination-port}) | (range {destination-port} {destination-
 end-port}))]) | ((icmp | esp | gre | ipip | ip) {source}
 {source-mask} {destination} {destination-mask})
 Choose:
 tcp
 udp
 icmp
 esp
 gre
 ipip
 ip

Using access-group interface command one can set access list for a particular interface.

(config-if)> ip acc
 access-group - bind access-control rules
(config-if)> ip access-group
 Usage template:
 access-group {acl} {direction}
 Choose:
 _WEBADMIN_WifiMaster0/WifiStation0
 test

Unfortunately, at the moment there is no ability for access rules configuration for IPv6 traffic. However, several improvements became available since our previous review. So, for example, one can restrict list of ports via which this or that local network host is available. As we were assured by vendor representatives more exact configuration of firewall rules is planned but without exact due dates.

(config)> ipv6 st
 static - add one-to-one address translation rule
(config)> ipv6 static
 Usage template:
 static tcp | udp [{interface}] {mac} {port} [through {end-port}]

Certainly, firewall for IPv6 can be totally turned off, however we consider this procedure unsafety.

(config)> ipv6
 subnet - subnet configuration
 local-prefix - configure local prefix
 name-server - add name server IPv6 address
 route - configure a static route
 firewall - enable firewall
 pass - configure IPv6 pass-through mode
 static - add one-to-one address translation rule
(config)> ipv6 fi
 firewall - enable firewall

Also with the help of command line one can set static IPv6 addresses to the device interfaces whereas this cannot be performed using web-interface.

system
 set net.ipv6.conf.all.forwarding 1
interface GigabitEthernet1
 ipv6 address 2001:db8:1::1
 ipv6 prefix 2001:db8:1::/64
interface Bridge0
 ipv6 address 2001:db8:2::1
ipv6 route 2001:db8:1::/64 ISP
ipv6 route default 2001:db8:1::2

One can view content of a particular catalogue with the help of ls command, whereas more command displays content of a particular file (we intentionally cut output of this command in our listing).

(config)> ls
 rel:
 entry, type = V:
 name: ndm:
 subsystem: local
 entry, type = V:
 name: flash:
 subsystem: local
 entry, type = V:
 name: temp:
 subsystem: local
 entry, type = V:
 name: proc:
 subsystem: local
 entry, type = V:
 name: sys:
 subsystem: local
 entry, type = A:
 name: log
 subsystem: local
 entry, type = A:
 name: running-config
 subsystem: local
 entry, type = A:
 name: startup-config
 subsystem: local
 entry, type = A:
 name: default-config
 subsystem: local
 entry, type = V:
 name: storage:
 subsystem: local
 entry, type = V:
 name: usb:
 subsystem: local
 entry, type = V:
 name: dect:
 subsystem: local
 (config)> more flash:/default-config
! $$$ Model: Keenetic Giga
! $$$ Version: 2.0
! $$$ Agent: default
system
 set net.ipv4.ip_forward 1
 set net.ipv4.tcp_fin_timeout 30
 set net.ipv4.tcp_keepalive_time 120
 set net.ipv4.neigh.default.gc_thresh1 256
 set net.ipv4.neigh.default.gc_thresh2 1024
 set net.ipv4.neigh.default.gc_thresh3 2048
 set net.ipv6.neigh.default.gc_thresh1 256
 set net.ipv6.neigh.default.gc_thresh2 1024
 set net.ipv6.neigh.default.gc_thresh3 2048
 set net.netfilter.nf_conntrack_tcp_timeout_established 1200
 set net.netfilter.nf_conntrack_max 16384
 set vm.swappiness 60
 set vm.overcommit_memory 0
 set vm.vfs_cache_pressure 1000
 set dev.usb.force_usb2 0
 hostname Keenetic_Giga
 domainname WORKGROUP

One should use service command to manage different auxiliary services.

(config)> ser
 service - manage services
(config)> service
 dhcp - start DHCP service
 dns-proxy - enable DNS proxy
 igmp-proxy - enable IGMP proxy
 dhcp-relay - start DHCP relay service
 http - HTTP service
 afp - enable AFP server
 ftp - enable FTP server
 cifs - enable CIFS server
 dlna - enable DLNA server
 telnet - start telnet service
 ssh - start SSH service
 ntp-client - start NTP client
 upnp - start UPnP service
 torrent - start torrent service
 udpxy - enable udpxy
 kabinet - start Kabinet authenticator
 vpn-server - enable PPTP VPN server
 dect - enable DECT server
 ipsec - enable IPsec
 sstp-server - enable SSTP VPN server
 ntce - enable NTCE
 snmp - SNMP service
 cloud-control - enable cloud control service

Change of system operating parameters is performed with the help of system command.

(config)> sys
 system - maintenance functions
(config)> system
 reboot - restart the system
 set - adjust system settings
 led - setup system LED controls
 button - setup system button functions
 clock - change system clock settings
 domainname - set the domain name
 hostname - set the host name
 configuration - manage system configuration
 log - manage system logging
 mount - mount USB disk partition
 drivers - manage kernel drivers
 swap - set swap area
 zram - set zram swap settings
 debug - enable system debug
 mode - select system operating mode

Command group show is intended for viewing configuration and current working parameters of the device. So, for example, show version command displays information about current firmware version.

(config)> show
 version - display firmware version
 signature - display firmware signature state
 system - display system status information
 drivers - view list of loaded kernel drivers
 threads - view list of active threads
 processes - view list of running processes
 configurator - display configurator information
 interface - display interface status
 ssh - show SSH server status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP information
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 dect - show DECT status
 afp - display AFP server status
 acme - display ACME client status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show PPTP VPN server status
 cloud - display status of the cloud service
 sstp-server - show SSTP VPN server status
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 internet - display Internet check status
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 led - display system LED information
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 chilli - show chilli info
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 access - display directory acl
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
 ipv6 - display IPv6 information
 ntce - show NTCE settings and status
 yandexdns - display YandexDns parameters
 nortondns - display Norton ConnectSafe DNS parameters
 adguard-dns - display AdGuard DNS parameters
(config)> show ver
 version - display firmware version
(config)> show version
 release: 2.12.A.6.0-2
 arch: mips
 ndm:
 exact: 0-4a1e5ca
 cdate: 19 May 2018
 bsp:
 exact: 0-2ca6889
 cdate: 19 May 2018
 ndw:
 version: 0.4.26
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image
 components: acl,adguard-dns,afp,base,chilli,cifs,
 cloudcontrol,config-ap,config-client,config-repeater,
 corewireless,ddns,dhcpd,dlna,dot1x,dpi,easyconfig,eoip,
 fat,ftp,gre,hfsplus,igmp,ip6,ipip,ipsec,kabinet,l2tp,
 madwimax,miniupnpd,monitor,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,netflow,
 nortondns,ntfs,nvox,openvpn,opkg,opkg-kmod-audio,opkg-
 kmod-dvb-tuner,opkg-kmod-fs,opkg-kmod-netfilter,opkg-
 kmod-netfilter-addons,opkg-kmod-tc,opkg-kmod-usbip,opkg-
 kmod-video,pingcheck,ppe,pppoe,pptp,skydns,snmp,ssh,sstp,
 sstp-server,storage,trafficcontrol,transmission,udpxy,
 usb,usbdsl,usblte,usbmodem,usbnet,usbserial,vpnserver,
 vpnserver-l2tp,ydns
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center
(config)> show sys
 system - display system status information

To simplify working with commands of show group the administrator can go to a special view mode.

(config)> show
Core::Configurator: Done.
(show)> system
 hostname: Keenetic_Giga
 domainname: WORKGROUP
 cpuload: 2
 memory: 51204/262144
 swap: 0/0
 memtotal: 262144
 memfree: 168060
 membuffers: 10564
 memcache: 32316
 swaptotal: 0
 swapfree: 0
 uptime: 7301

Except for viewing commands, a set of diagnostic ones is available to the administrator.

(config)> tools
Core::Configurator: Done.
(tools)>
 arping - send an ARP request to a given host
 ping - send ICMP ECHO_REQUEST to network hosts
 ping6 - send an ICMPv6 echo request to network hosts
 pppoe-discovery - scan available PPPoE servers
 traceroute - do IPv4 network route diagnostics

One can get information about the connection to command line using whoami command.

(config)> whoami
 user: admin
 agent: cli
 host: 192.168.1.200
 mac: 00:15:17:6a:f3:9a
 where: Bridge0

Also we decided to find out with the help of which commands PBR (Policy Based Routing) setting is performed, that is the ability to perform routing based on policies. At the moment reaching a decision about routing can be performed separately for each client device, so the first thing to start configuration is to perform device registration specifying its name and MAC-address.

known host test 00:15:17:6a:f3:9a

The next step is creating a profile in which Internet connections are listed in order of decreasing priority. In our case wireless provider was used at first and then connection to Ethernet-network.

ip policy Policy0
 description second_profile
 permit global WifiMaster0/WifiStation0
 permit global ISP
 permit auto

After that one should list all existing profiles in ip hotspot section and perform binding of client devices to this or that profile.

ip hotspot
 policy Home Policy0
 policy Guest Policy0
 host 00:15:17:6a:f3:9a permit
 host 00:15:17:6a:f3:9a policy Policy0

That's where we proceed to completion of the brief review of the command line interface capabilities and pass directly on to its testing.

Testing

The first test we traditionally begin this section is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received via ICMP. Keenetic Giga wireless router boots after 31 seconds. We consider this as a good result.

The second not less than traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 network security scanner. At first, we performed scanning from LAN-interfaces side using recommended set of components.

On the whole, there were eight open ports discovered. The most interesting data are presented below.

Then we decided to repeat scanning procedure but from WAN-interface side. Scanner didn’t discover any open port, so Keenetic wireless routers are absolutely safe from external attacks with their default settings.

Before start performance tests we would like to get our readers familiar with the key parameters of the test stand we used.

Component	PC	Laptop
MB	ASUS Maximus IX Extreme	ASUS GL753VD
CPU	Intel Core i7 7700K 4 GHz	Intel Core i7 7700HQ 2.8 GHz
RAM	DDR4-2133 Samsung 64 Gbyte	DDR4-2400 Hyundai 8 Gbyte
NIC	Intel X550T2 ASUS PCE-AC88	Realtek PCIeGBE
OS	Windows 7 x64 SP1	Windows 10 x64

We decided to start with measuring performance of the device while IPv4 traffic routing with using NAT/PAT translations and without them. Measuring was performed for 1, 5 and 15 simultaneous TCP connections. JPERF utility of 2.0.2 version was used as an instrument for measuring. Both measurements displayed below were performed with hardware routing acceleration enabled by default.

As KN-1010 model is a wireless router, we cannot help but test user data transmission speeds in wireless network segment.

Keenetic Giga supports great number of various tunnel connections so we decided to measure performance of some of them. Data transmission speeds via PPTP and L2TP tunnels are traditionally high. Certainly, using of encryption together with PPTP significantly decreases speeds available to the users. In these tests KN-1010 model was used as a client.

One of the most popular ways of connection to remote networks is OpenVPN tunnel. Another not less than popular way of connection is using of IPSec. Here we used KN-1010 as a server.

It’s worth noting that testing model also supports connections with the help of SSTP protocol. The peculiarity of this connection is ability to set tunnel even if router doesn’t have globally routing address. The results of performance measuring for KN-1010 router working in SSTP-server mode are presented below.

Next version of IP IPv6 is becoming more and more popular. The increase of popularity of this protocol in Russia can be explained by users desire to bypass interlocks set by Roskomnadzor and keep up with the times, implementing new developments the first. Obviously, we cannot help but measure routing speeds for IPv6 packets. On the diagram below obtained speeds while using of hardware accelerator of IPv6 working and without it are displayed.

Different 3G/4G modems, USB printers, flashcards, DECT stations, ADSL/VDSL modems can be connected to USB port of the router. We decided not to miss an opportunity to measure access speeds for data located on our Transcend TS256GESD400K SSD drive of 256 Gbytes connected to USB port of Keenetic Giga router. We consequently formatted drive using the following file systems: EXT2/3/4, NTFS, FAT32 and HFS+. The results of measuring on connection to USB 2.0 and USB 3.0 ports are displayed below.

In addition, we decided to find out which access speeds to data located on USB drive can be obtained by the users connecting to the router with the help of PPTP tunnel without encryption. Measurements were performed for NTFS file system. Obtained data correspond to maximum announced performance of PPTP server (150-200 Mbps) working on Keenetic Giga router. Performance of PPTP client and server built into Keenetic Giga wireless router is significantly different.

In conclusion, we would like to mention about one more test which we performed in parallel with main experiments. With the help of our ADA TempPro-2200 laboratory pirometr we performed measurement of router case temperature under full load. It turned out that maximum temperature of router case was 37 degrees celsius while external temperature was no more than 24 degrees. Obtained temperature value we consider a normal one.

That’s where we complete testing section and move directly to summing it all up.

Summary

On the whole, we are glad with tested Keenetic Giga KN-1010 wireless router, after two years since our previous testing of Zyxel devices a significant work has been performed: hardware performance is increased, web-interface is remarkably revised and updated, device functionality is significantly expanded. The most positive appreciation is reasonably referred to the flexibility of network interfaces settings and new web-interface we consider user-friendly and intuitively understandable even for new users.

Strength areas of Keenetic Giga KN-1010 wireless router are the following:

• high user data transmission speeds;
• support of great amount of VPN connection types;
• flexible configuration of network interfaces;
• IPv6 support;
• ability to connect to existing wireless networks;
• support of two wireless frequency ranges;
• captive portal option;
• ability to remotely connect to the router even without global routing address;
• module firmware structure;
• ability to set SFP for connection to optical networks;

The only peculiarity that surprised and a bit confused us is inability to manage access to the devices in the local network based on access lists on connection via IPv6. Probably, that’s the only thing that we could refer to the drawbacks in the meantime.

At the moment this review was being written, the average price for Keenetic Giga KN-1010 wireless router in Moscow online shops was 7500 roubles.

ASUS RT-AC86U

Introduction

External design and hardware

Firmware Upgrade

Web-interface

AiMesh

Command line interface

Testing

Summary

Introduction

Today our laboratory hosts ASUS RT-AC86U wireless router that offers a whole set of significant capabilities among which are the support of MU-MIMO, AiMesh and AiProtection, adaptive QoS. All of this became possible thanks to dual-core processor with the support of 64-bits version of instruction set with an operating frequency of 1.8 GHz. But first things first!

External design and hardware

ASUS RT-AC86U wireless router is built to stand up and intended for desk mounting. We’ve already met such form of the case of ASUS network equipment, for example, RT-AC68U and 4G-AC55U models, however, obvious differences exist: the front panel doesn’t have ribby glance cover anymore. Now cover of the front panel is two-colored and mate, common ASUS gaming devices design is discernible. So except for vendor name, LEDs indicating working of the router and its wired and wireless interfaces are located here.

The upper panel has three SMA-connectors for connecting external antennae and the ventilation grate.

The ventilation grate also covers the rare panel of the case. Except for it, sticker with brief information about the device, five Gigabit Ethernet interfaces (four LAN and one WAN), USB 2.0 and USB 3.0 ports, DC-IN port for power connection together with Power button, key button turning off LEDs of the front panel and sunken Reset button are located here.

Two buttons: WPS and button for turning on/off wireless interfaces are placed on one of the sides.

Specialized stand with rubber legs is responsible for positioning the device in vertical mode that allows more convenient placing the router on horizontal surfaces.

Now let’s have a look at the insides of ASUS RT-AC86U wireless router which hardware consists of the only textolite plate of aquamarine color. We don’t consider a small plate of one antenna.

Main elements are placed on both sides of the plate, but before we start describing used electronic components, we would like to take our readers attention to four long antenna cables connecting remote points on the plate. We should admit that we consider such design a bit strange.

Under the long radiator on the right side of the plate, if it can be called like this, there are two protecting screens with technologic holes that get access for reviewing three chips located under them. The system is based on Broadcom BCM4906 processor with dual cores operating on 1.8 GHz frequency. Microschemas Broadcom BCM4365E and BCM4366E with antennae configurations of 3x3:3 and 4x4:4 correspondingly are responsible for wireless network functioning. Also we cannot help but mention that ASUS RT-AC86U wireless router has 512 Mbytes of RAM based on Micron MT41K256M16TW chip.

On the left side of the plate Macronix MX30LF2G18AC flash-memory module of 256 Mbytes is available for review. The whole left side is covered by a big detachable screen.

That’s where we complete review of ASUS RT-AC86U wireless router hardware platform and go directly to studying its software capabilities.

Firmware Upgrade

Upgrade of ASUS RT-AC86U wireless router firmware version can be performed in a rather traditional way: using Firmware Upgrade tab of Administration web-interface menu item. The whole process takes about three minutes and doesn’t require any special knowledge from the user. Upgrade can be performed both in manual and semi-automatic mode.

One can check success rate of firmware upgrade with the help of any web-interface page as firmware version is displayed in the header near device Operation Mode. One can get more detailed info about using firmware with the help of Firmware Upgrade tab of Administration menu. To be reasonable, it’s worth noting that the given page also allows performing update of antivirus signatures in case AiProtection option was activated.

If firmware upgrade was not completed successfully, the router moves to recovery mode which can be identified by turned off power LED. Indirectly TTL value returned in ICMP echo-replies also indicates this. In normal mode TTL = 64 and in recovery mode TTL = 100.

C:\>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Reply from 192.168.1.1: bytes=32 time<1ms TTL=100
Ping statistics for 192.168.1.1:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms

One can restore firmware version using Firmware Restoration specialized utility which interface a bit differs from all we reviewed before, however the meaning left the same.

If the administrator cannot use the utility due to any reason, ASUS RT-AC86U router provides one more restoration way: web-server built-in the bootloader to which one can connect with the help of any modern browser. One should just select file with the correct firmware and click Update Software button.

That’s where we bring the review of the questions dedicated to firmware upgrade to a close and pass on to studying the web-interface capabilities of the device.

Web-interface

One can access to web-interface of ASUS RT-AC86U wireless router with the help of any modern browser. After entering correct credentials the device start page is open for the administrator. The web-interface is available in 19 languages.

We will not review all web-interface capabilities of the router in detail but describe the most interesting of them.

In Network Map menu item a new option we haven’t met before is added: AiMesh Node that displays state of wireless Mesh network. Using of wireless Mesh networks is a trendy line for development wireless routers and access points of various vendors. Mesh network allows space covering with wireless network without gaps. Previously the same can be achieved by using repeaters or hybrid WDS connections. Mesh network simplifies the process of wireless network expansion.

Managing of guest wireless networks is performed with the help of menu item of the same name. Creation up to three guest networks in each frequency range is available.

Ai Protection menu item provides access to settings of network security mechanisms and parent control. It’s worth noting that the given functionality was significantly rewritten. As for the capabilities provided before they were expanded and deepened.

Not new but not less useful option is QoS support functionality (Adaptive QoS and Game Boost menu items).

Also during analysis of network performance Traffic Analyzer menu item that contains statistic data about links utilization and displays data about real-time load can be helpful.

The wireless module of the device under test can work in two modes: providing independent network functioning in both frequency ranges and with the support of Smart Connect. In the second way the router can use built-in logic for optimization of client distribution to frequency ranges. However it’s worth noting that the distribution rules are presented in Smart Connect Rule tab of Network Tools menu item. All other tabs of Wireless menu item are rather typical for ASUS wireless equipment. Probably, it’s just worth reviewing Professional tab with the help of which the administrator can decrease mutual influence of Wi-Fi, Bluetooth and USB 3.0, select preferable modulation scheme, enable or disable beamforming mechanism and activate MU-MIMO option that allows the router to serve several wireless clients simultaneously.

Tabs of LAN menu item are rather typical, option of turning on/off hardware acceleration is absent as the given acceleration is used automatically.

Capabilities of WAN menu item are not remarkable as well as they are rather standard for ASUS wireless equipment.

Admirers of IPv6 will be glad with the menu item of the same name. Except for statically or dynamically configuring interface addresses, support of three tunnels using as transitional solution is provided: 6to4, 6in4 and 6rd. Also we cannot help but mention support of DHCP-PD (Prefix Delegation) option which we reviewed in detail in our article dedicated to IPv6.

VPN menu item delighted us with the support of IPSec protocol server. ASUS RT-AC86U wireless router can work as a server for the following tunnel connections: PPTP, OpenVPN and IPSec, simultaneously performing client functions for PPTP, L2TP and OpenVPN connections.

Firewall settings for IPv4 and IPv6 traffic are combined in General tab of Firewall menu item. We should admit that we are a bit surprised with the lack of settings for IPv4 traffic filtration.

Among available for selection operating modes of the device a new one is added: AiMesh Node, in this mode ASUS RT-AC86U can connect to existing wireless routers in AiMesh Router mode and expand their coverage area.

That’s where we bring to the completion of the brief review of web-interface capabilities of ASUS RT-AC86U wireless router and go directly to more detailed review of AiMesh technology.

AiMesh

Mesh networks are becoming more and more popular nowadays. One can even say that for wireless networks it is a trend of 2018. Let’s try to study ASUS implementation of Mesh networks. It’s worth noting here that today we will provide our readers with brief review of this implementation but not bothering with details. We hope that in one of our next reviews we’ll manage to provide more detailed review and testing of this wireless solution.

What for Mesh networks and wireless solutions based on them are needed? The answer is simple: for improving wireless coverage. The modern approach to implementation of wireless networks based on IEEE 802.11 technologies involves setting several wireless routers and access points for minimization of so named “blind zones” in which Wi-Fi coverage is absent or unstable. If one implements provided approach with the help of independent devices then the client has to manually or semiautomatically reconnect between wireless networks created by different access points, select SSID to which the connection should be established. With the help of AiMesh the administrator can unify several devices by using wired and wireless links so that from client perspective the system looks like a whole entity allowing to perform automatic roaming during client movement between coverage areas of different access points. The list of models and more detailed description of the technology one can find on vendor website.

Mesh network consists of wireless equipment of two types: router and one or several nodes connecting to wireless router. ASUS RT-AC86U can perform both specified roles.

In our laboratory we had two ASUS wireless routers with the support of AiMesh: RT-AC86U and GT-AC5300. We decided to provide GT-AC5300 with functions of the central device, whereas RT-AC86U was used as an AiMesh node.

At first we moved RT-AC86U to AiMesh Node mode.

The next step is allowing association from the AiMesh router. To be reasonable, it’s worth noting that selecting of operation mode AiMesh Node drops user settings to the defaults so users don’t need to perform preliminary settings of new equipment that will be used as AiMesh node, one should just unpack it, install in a required place and connect power. Discovering of new AiMesh nodes and their settings are performed with the help of AiMesh wireless router.

Association between an AiMesh node and the router is completed. From this moment the AiMesh node becomes unavailable for direct managing.

For each of associated AiMesh nodes one can view brief information and select preferable way of connection between a node and the router. If there is an ability to unify all AiMesh devices with the help of a wire between each other, certainly, we would recommend to do it. At first, transmission speed and safety of the connection can become significantly higher, secondly, additional wireless channel for connection between the router and nodes is not required. Honestly, in this case the whole AiMesh network becomes similar to an ordinary corporate Wi-Fi network with a controller.

As managing of AiMesh nodes is now performed centrally, to upgrade firmware one should go to Firmware Upgrade tab of Administration menu item of AiMesh router.

That’s where we bring to the completion of the first acquaintance with AiMesh technology and move directly to studying capabilities of the device command line.

Command line interface

Access to the command line of the device can be enabled/disabled with the help of System tab of Administration menu item. The given access can be provided using Telnet and SSH protocols. Certainly, we recommend using the second one due to security reasons.

Login and password used for the access to the command line interface are the same as for the router web-interface access. Firmware of the testing model is built on Linux OS with a kernel of version 4.1.27 using BusyBox of version 1.24.1.

RT-AC86U login: admin
Password:
admin@RT-AC86U:/tmp/home/root# cd /
admin@RT-AC86U:/# uname -a
Linux RT-AC86U 4.1.27 #2 SMP PREEMPT Mon Mar 26 11:31:50 CST 2018 aarch64
admin@RT-AC86U:/# busybox
BusyBox v1.24.1 (2018-03-26 10:58:36 CST) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.
Usage: busybox [function [arguments]...]
 or: busybox --list
 or: function [arguments]...
 BusyBox is a multi-call binary that combines many common Unix
 utilities into a single executable. Most people will create a
 link to busybox for each function they wish to use and BusyBox
 will act like whatever it was invoked as.
Currently defined functions:
 [, [[, add-shell, arp, arping, ash, awk, basename, bash, blkid, blockdev, cat, chmod, chown, chpasswd, chrt, clear, cmp, cp, crond, cut, date, dd, depmod, df, dirname, dmesg, du, echo, egrep,
 env, ether-wake, expr, false, fatattr, fdisk, fgrep, find, flock, free, fsck, fsck.minix, fstrim, fsync, ftpget, grep, gunzip, gzip, halt, head, ifconfig, insmod, ionice, kill, killall,
 klogd, less, ln, logger, login, logread, ls, lsmod, lsusb, md5sum, mdev, mkdir, mknod, mkswap, modprobe, more, mount, mv, nc, netstat, nice, nohup, nslookup, pidof, ping, ping6, poweroff,
 printf, ps, pwd, pwdx, readlink, reboot, remove-shell, renice, rm, rmdir, rmmod, route, sed, setconsole, sh, sleep, smemcap, sort, strings, stty, swapoff, swapon, sync, syslogd, tail, tar,
 taskset, telnetd, test, tftp, tftpd, top, touch, tr, traceroute, traceroute6, true, tty, udhcpc, umount, uname, unzip, uptime, usleep, vconfig, vi, watch, wc, which, zcat, zcip
admin@RT-AC86U:/#

With the help of ps command, let’s see which processes are currently running on the device. Top utility shows information on the current activity of the launched processes. We decided to present outputs of the given utilities in an individual file.

Contents of /bin, /sbin, /usr/bin and /usr/sbin catalogues together with sysinfo utility output we present in a separate file as well. So, for example, there is tcpcheck utility in /sbin catalogue which allows checking if a particular TCP port is open on a particular host.

admin@RT-AC86U:/# tcpcheck
usage: tcpcheck [host:port]
admin@RT-AC86U:/# tcpcheck 10 192.168.1.3:23
192.168.1.3:23 failed
admin@RT-AC86U:/# tcpcheck 10 192.168.1.1:23
192.168.1.1:23 is alive
admin@RT-AC86U:/#

Now let's turn to /proc catalogue to view its contents and find out the system uptime, its average utilization, information on the CPU installed, and the amount of RAM. Actually, system uptime and average utilization can be also obtained using uptime command.

admin@RT-AC86U:/# cd /proc
admin@RT-AC86U:/proc# ls
1 1179 16 22 4 58 736 777 805 bus fcache led scsi tty
10 1199 167 2283 49 588 737 779 838 cmdline filesystems loadavg self uptime
1007 12 17 23 5 59 738 781 879 config.gz fs locks slabinfo version
1015 1200 18 24 52 592 745 789 881 consoles interrupts meminfo socinfo vmallocinfo
1018 13 19 25 53 6 752 791 9 cpuinfo iomem misc softirqs vmstat
1022 1348 2 26 54 656 758 792 990 crypto ioports modules stat wfd
1025 1350 201 27 56 678 761 793 994 device-tree irq mounts swaps zoneinfo
1026 14 205 28 565 679 763 794 997 devices kallsyms mtd sys
11 15 206 282 566 691 765 796 998 diskstats kcore net sysrq-trigger
1131 1511 21 295 57 693 766 797 bcmlog driver kmsg nvram sysvipc
1139 1512 2116 3 571 7 767 8 brcm emf kpagecount pagetypeinfo thread-self
1176 1513 214 317 572 731 768 803 buddyinfo execdomains kpageflags partitions timer_list
admin@RT-AC86U:/proc# cat uptime
4342.18 8641.86
admin@RT-AC86U:/proc# cat loadavg
3.50 3.70 3.65 1/125 2289
admin@RT-AC86U:/proc# cat cpuinfo
processor : 0
BogoMIPS : 100.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32
CPU implementer : 0x42
CPU architecture: 8
CPU variant : 0x0
CPU part : 0x100
CPU revision : 0
processor : 1
BogoMIPS : 100.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32
CPU implementer : 0x42
CPU architecture: 8
CPU variant : 0x0
CPU part : 0x100
CPU revision : 0
admin@RT-AC86U:/proc# cat socinfo
SoC Name :BCM4906
Revision :A0
admin@RT-AC86U:/proc# uptime
 04:13:03 up 1:13, load average: 3.04, 3.58, 3.60
admin@RT-AC86U:/proc#

We can't help but mention nvram utility that allows changing certain important device operation parameters. To be honest, we should also notice that capabilities of the given command are a bit different from ones we reviewed for other models.

admin@RT-AC86U:/proc# nvram
usage:
nvram [get] :get nvram value
 [set name=value] :set name with value
 [unset name] :remove nvram entry
 [show] :show all nvrams
 [dump] :show all nvrams tuples
 [setflag bit=value] :set bit value
 [getflag bit] :get bit value
 [save] :save nvram to a file
 [restore] :restore nvram from saved file
 [erase] :erase nvram partition
 [commit [restart]] :save nvram [optional] to restart wlan
 [kernelset] :populate nvram from kernel configuration file
 [save_ap] :save ap mode nvram to a file
 [save_rp_2g] :save 2.4GHz repeater mode nvram to a file
 [save_rp_5g] :save 5GHz repeater mode nvram to a file
 [save_rp_5g2] :save 5GHz high band repeater mode nvram to a file [triband]
 [fb_save file] :save the romfile for feedback
admin@RT-AC86U:/proc# nvram show | grep admin
size: 54542 bytes (76530 left)
acc_list=admin>adminpassword
acc_webdavproxy=admin>10
http_username=admin
admin@RT-AC86U:/proc#

So, for example, using nvram utility one can turn off STP on LAN interfaces of RT-AC86U router.

admin@RT-AC86U:/proc# nvram show | grep stp
lan1_stp=1
lan_stp=1
size: 54542 bytes (76530 left)
admin@RT-AC86U:/proc# nvram set lan_stp=0
admin@RT-AC86U:/proc# nvram commit
admin@RT-AC86U:/proc# nvram show | grep stp
lan1_stp=1
lan_stp=0
size: 54542 bytes (76530 left)
admin@RT-AC86U:/proc# reboot

That is where we bring the brief review of the router command line interface capabilities to a close and pass on to testing the device.

Testing

Traditionally we start testing section with estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received through ICMP. ASUS RT-AC86U wireless router boots in 72 seconds. We consider this result normal.

The second not less than traditional test is a security scanning procedure, performing with the help of a security scanner Positive Technologies XSpider 7.8. On the whole, there were 14 open ports discovered. The most interesting discovered data are presented below. Obviously, we informed vendor about discovered vulnerability straight away. Based on official announce of ASUS representatives, RT-AC86U wireless router uses DNS server that is not exposed to CVE-2004-0789 vulnerability and the given scanner result is false positive.

Before getting down to performance tests we would like to get our readers familiar with the main parameters of the test stand we used.

Component	PC	Laptop
Motherboard	ASUS Maximus IX Extreme	ASUS GL753VD
CPU	Intel Core i7 7700K 4 GHz	Intel Core i7 7700HQ 2.8GHz
RAM	DDR4-2133 Samsung 64 GByte	DDR4-2400 Hyundai 8 GByte
NIC	Intel X550T2 ASUS PCE-AC88	Realtek PCIeGBE
OS	Windows 7 x64 SP1	Windows 10 x64

The first performance test was measuring of user data transmission speeds on device performing routing with NAT/PAT. Measurements were performed for 1, 5 and 15 simultaneous TCP sessions with window size increased to 100 Mbytes. As a measuring instrument utility JPERF of 2.0.2 version was used. The results of measurements are shown on the diagram below.

We turned off NAT/PAT translations and checked device performance during ordinary routing of IPv4 traffic.

We cannot help but check router operating with IPv6 traffic.

ASUS RT-AC86U wireless router supports great amount of different tunnel connections part of which are used for connection to provider or remote networks while others can be used for support of remote connections to the device itself. Certainly, we found out which maximum throughputs can be available when this or that tunnel connection is used. We decided to start with PPTP so popular among Windows users. The measurements were performed with enabled encryption and without it.

We should notice that we were surprised with obtained speeds.

The next step was tunnel connection with the help of L2TP. The results of measurements are similar to PPTP connection without encryption.

In recent years connection to remote networks with the help of OpenVPN protocol is becoming more and more popular, obviously, we cannot help but use this protocol in our tests as well.

Our first acquaintance with ASUS network equipment started with wired routers of SL line which differential peculiarity was support of tunnels using IPSec. For a long time we haven’t seen support of this protocol in SOHO devices of top vendors, however, fortunately, it seems that IPSec trend is coming back and support of this tunnel connection occurs among capabilities of network devices of various vendors. We decided not to miss the opportunity to measure ASUS RT-AC86U performance on working with IPSec in remote access mode.

As ASUS RT-AC86U is a wireless router, we performed measuring of available to the users transmission speeds between wired and wireless segments. The measurements were performed in both frequency ranges.

The tested model has USB 2.0 and USB 3.0 ports. We connected our external testing SSD Transcend TS256GESD400K of 256 Gbytes and performed measurements of access speeds to data placed on it. The measurements were performed for five file systems: EXT2/3, FAT32, NTFS, and HFS+.

On pages of different forums we see often questions about access speed to USB drive using connection via tunnel. On the diagram below one can view comparison of access speeds to SSD while using tunnel and without it. NTFS was used as a file system.

Using of encrypted tunnel has a great influence even on rather slow file operations.

Also we decided to find out how much the model under review heats up during testing procedures. We decided to start with using of built-in sensors displaying CPU temperature.

admin@RT-AC86U:/# cat /sys/class/thermal/thermal_zone0/temp
76307

Presented number displays temperature in thousandths of Celsius degree, so internal chip temperature is equal to 76,3 degrees Celsius. Is it much or little? Though on a first glance it seems that this is rather much, in reality one should remember that it is an internal temperature of SoC processor. Also we decided to measure temperature of the case cover with the help of our laboratory pyrometer ADA TemPro-2200. It occurred that case temperature doesn’t exceed 37 degrees Celsius, whereas external temperature in the room in these summer days was 25 degrees Celsius. As measurements were performed using contactless way, external temperature of chips and protecting screen was available for measuring as well. It occurred that external surfaces of the plate can heat up to 48 degrees Celsius, however we should remember that these surfaces are not available for user direct contact.

That's where we draw the testing part to a close and move on to summing it all up.

Summary

On the whole, we are glad with tested ASUS RT-AC86U wireless router that presented stably high speeds both in wired and wireless segment. Among the innovations regarding this model we can mention support of MU-MIMO, mesh networks and built-in VPN server for IPSec.

The strength areas of ASUS RT-AC86U wireless router are the following.

• High data transmission speeds in both frequency ranges
• Support of MU-MIMO
• High speeds of IPv6 traffic routing
• High performance of VPN servers and clients
• Support of NitroQAM modulation
• Smart Connect option
• High access speeds to data placed on USB drive
• Support of wireless mesh networks
• Functions of users network security
• Support of DHCP-PD option for IPv6 networks

Unfortunately, we cannot help but mention discovered drawbacks of the device.

• The web-interface is not completely translated
• Relatively high price

When this review was being written, average price of ASUS RT-AC86U wireless router in Moscow e-shops was 16000 roubles.

As of this writing, the best price for ASUS RT-AC86U in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 200 euro.

Introduction

External design and hardware

Firmware update

Web-interface

Command line

Utilities

Testing

Summary

Introduction

It’s been a long time since we published QNAP NAS review on our pages. There were several reasons for that, however we should admit that we missed. And now we are glad to introduce our readers to the review of QNAP TS-531X NAS that allows mounting not only up to five HDDs or SSDs with SATA interface but also SSD modules with M.2 interface with the help of specialized expansion cards. But first things first!

External design and hardware

QNAP TS-531X NAS is meant for desk mounting and not intended for mounting in the rack without using of special-purpose shelves. The dimensions of the model case are 185x211x236 mm and its weight without disks is a bit less than 6 kg. It’s worth noting here that there two kinds of the model in question: TS-531X-2G and TS-531X-8G, and the difference between them is in preset RAM amount. TS-531X-2G model has 2 GBytes of RAM, whereas RAM amount of TS-531X-8G model is 4 times more and equal to 8 GBytes. On the whole NAS motherboard has two slots for RAM installation that allows increasing available RAM amount up to 16 GBytes.

There is also a small difference between the models in their weight: TS-531X-2G model weighs 5.8 kg whereas TS-531X-8G is 100 g heavier and its weight is equal to 5.9 kg.

To work properly TS-531X needs (in standby mode) 17 W of electric power, and during operation it consumes about 30 W. Certainly, real energy usage directly depends on mounted HDDs and current load of the device.

The majority of the front panel is taken up by five bays for HDD mounting of 2.5 and 3.5 inch. The maximum volume of disk space is 60 TBytes (with mounting HDDs of 12 TBytes capacity) and by using expansion modules it can be increased to 252 TBytes. LEDs indicating work of the whole storage and its separate parts are also placed here; for example, with their help one can define intense of using this or that HDD. One of USB 3.0 ports is located on the front panel together with the button that allows copying data to NAS or vice versa. COPY button is not the only one on the front panel, except for it, POWER button is placed here. Vendor name and sticker with brief information about the model is also placed on the front panel of the storage case.

The upper panel and sides are not remarkable at all, except for a small ventilation grate placed on one side of the case.

Four circle rubber legs are located on the bottom panel of the case.

The biggest part of the rare panel of QNAP TS-531X NAS is taken up by fan with the dimensions of 120x120 mm. Unfortunately, vendor cannot manage without using more fans, so there is also a fan of 40x40mm cooling built-in power adapter near which slot for connecting to power grid is located. Kensington lock and sunken Reset button, two USB 3.0 ports, two Gigabit Ethernet ports and two slots for plugging in SFP+ modules are located on the rare panel, too. It’s worth specially noting presence of the PCIe Gen2 (x2) expansion slot. On vendor website there is a great amount of expansion cards. The cards in question can be relatively divided into three groups: network adapters, adapters for SSD connection with M.2 interface and hybrid ones that perform both functions. Certainly, before buying a particular card model one should be sure in its compatibility with the using storage and SSDs that are going to be used. We should notice that we were pleasantly surprised with the support of drives with M.2 interface.

Let us add several words about devices using for expansion QNAP TS-531X NAS with USB 3.0 ports. External disk arrays of QNAP UX-500P and UX-800P models supporting work of five and eight disks correspondingly can be connected to these ports. However, if even this capacity is not enough, TS-531X model can connect remote network resources via iSCSI protocol but it’s a kind of another story.

QNAP TS-531X NAS uses built-in flash memory of 512 MBytes to store firmware. OS and its application software are operated on Cortex-A15 Annapurna Labs Alpine AL-314 quad-core CPU that runs at a frequency of 1.7 GHz.

Now let’s have a look at firmware update process.

Firmware update

Firmware update can be carried out in two ways: using Internet and in local mode. In the first mode, obviously, NAS access to the Internet is required, whereas in the second mode only file with new firmware version preliminary downloaded from vendor website is needed. Without any dependency on the preferable way of firmware update, the administrator should navigate to Firmware Update tab of Firmware Update menu item of System group in the Control Panel.

The whole firmware update process takes about five minutes (not considering time needed to download file from vendor website) and doesn’t require any special knowledge from the user.

After all relevant procedures are performed, NAS should be rebooted. One can check success rate of firmware update process using Firmware Update tab of Firmware Update menu item of System group in the Control Panel.

We cannot help but mention about one more way of firmware update: with the help of QNAP Qfinder Pro utility.

That’s where we proceed to completion of brief description of ways for QNAP TS-531X NAS firmware update and go directly to reviewing its web-interface capabilities.

Web-interface

One can access the web-interface of the QNAP TS-531X NAS using any modern browser. We will not describe all capabilities of the testing model web-interface, however review the most interesting of them.

Upon successful authentication the user gets access to multipage desktop of the device. There are shortcuts for the most frequently used NAS functions on the desktop.

One can also get access to the main functions using main menu, button for opening which is placed in the left corner of the desktop.

With the help of the toolbar buttons placed on top of desktop the user can perform search, view running background tasks, get information about external devices, inspect NAS working journal, change main access parameters for the device, turn off or reboot the device and display information panel.

One can get access to myQNAPcloud website with the help of special buttons placed at the bottom part of the desktop. Using them the administrator can also download a special utility for managing NAS, send feedback via feedback form or request for help.

Let’s review main capabilities provided by the Control Panel.

Using General Settings menu item of System group the administrator can select port and protocol for access to the device, manage parameters of time synchronization, change codepage, select region of NAS locating, change login screen.

One can change parameters of storage pools and volumes, manage snapshots, configure access via iSCSI protocol with the help of Storage & Snapshots item of the same group of the Control Panel. QNAP TS-531X NAS can use SSDs intended for cache to accelerate its work. The corresponding setting is provided in this item as well.

NAS ability to measure performance of a particular HDD became a pleasant surprise for us. Measuring is performed both for sequential read speed and for the number of inputs/outputs per second (IOPS). From our point of view, it is a scrupulously useful function allowing the administrator to detect (and replace if needed) the slowest HDD in the array or detect SSD degradation in time.

Also we cannot help but notice an ability to connect remote resources to NAS via iSCSI protocol.

Probably, we could take special attention to the capabilities of Storage & Snapshots item, however we go further to Security menu item using which the administrator can restrict the list of allowed IP addresses, configure additional security parameters for SSH/Telnet, HTTP/HTTPS, FTP, SAMBA and AFP protocols, set secure certificate and also change user password policy.

One can manage audio alerts and fan rotation speed settings with the help of Hardware menu item.

QNAP TS-531X NAS power can be managed with the help of Control Panel menu item of the same name.

Alert notifications about events occured for the device can be sent to the administrator via e-mail, SMS or push notifications on the cell, the corresponding setting is available in Notification menu item.

Except for USB drives TS-531X model supports USB printers and UPS as external devices. The corresponding setting is available in External Device menu item.

Information about current state of all NAS elements is gathered in System Status menu item.

One can get information about current usage of NAS resources with the help of Resource Monitor item.

Not all NAS functions are available to the users for free, for activation of some of them one should get a special license. Among these functions, for example, is the support of exFAT Driver, Antivirus, Video Recorder. One can use License Center menu item for managing licenses.

With the help of menu items of Privilege group the administrator can manage users and user groups, configure quotas on using disk space, manage folder access parameters. It’s also worth noting that QNAP TS-531X NAS can perform functions of the domain controller.

One can manage parameters of NAS network connection with the help of Network menu item of Network & File Services group. So, for example, here one can configure IPv4 and IPv6 addresses, turn on port aggregation, perform binding of a service to a particular network interface, specify proxy-server and DDNS.

File service managing in Windows, Mac and Linux networking is performed with the help of Win/Mac/NFS item of the same group.

Except for file service typical for this or that OS, the testing model supports rather standard protocols such as FTP which working parameters are shown in the menu item of the same name of Network & File Services group.

The administrator should use Telnet/SSH manu item if it is necessary to manage access to the command line of TS-531X model.

Optionally one can add NAS to the centralized monitoring system that performs device polling via SNMP. The corresponding settings are provided in the item of the same name.

Except for file service QNAP TS-531X NAS provides users with different application servers and databases such as iTunes, DLNA, Web, LDAP, SQL, Syslog, RADIUS, TFTP and NTP. To access settings of applications one should use items of the group of the same name. Also using it one can perform antivirus scanning of data storing on the device.

All listed above can be referred to NAS settings, however web-interface capabilities of TS-531X model do not end here. So, for example, with the help of File Station application users can perform standard file operations using only a browser.

However, set of tools provided to the users do not end here, too. Among available services are Photo Station and Music Station, Video Station and Download Station, Surveillance Station and Notes Station. However if even they are not enough, QNAP Store users have several dozens of applications both from QNAP and third-party vendors. One can get access to the list of available applications in App Center store.

That’s where we bring a brief review of QNAP TS-531X NAS web-interface capabilities to a conclusion and pass on to its command line.

Command line

One can manage access to the command line of QNAP TS-531X NAS with the help of Telnet/SSH menu item of Network & File Services group.

Firmware of the model under review is built on Linux 4.2.8 operating system using BusyBox 1.01.

[/] # uname -a
Linux NASFFBA09 4.2.8 #2 SMP Thu Feb 15 08:31:43 CST 2018 armv7l unknown
[/] # busybox
BusyBox v1.01 (2018.02.14-18:42+0000) multi-call binary
Usage: busybox [function] [arguments]...
 or: [function] [arguments]...
BusyBox is a multi-call binary that combines many common Unix
 utilities into a single executable. Most people will create a
 link to busybox for each function they wish to use and BusyBox
 will act like whatever it was invoked as!
Currently defined functions:
 [, addgroup, adduser, ash, awk, basename, bunzip2, busybox, bzcat,
 cat, chgrp, chmod, chown, chroot, chvt, clear, cmp, cp, crond,
 crontab, cut, date, dc, dd, deallocvt, delgroup, deluser, df,
 dirname, dmesg, dos2unix, du, echo, egrep, env, expr, false, fdisk,
 fgrep, find, free, getty, grep, gunzip, gzip, halt, head, hexdump,
 hostname, hwclock, id, ifconfig, init, insmod, install, ip, kill,
 killall, klogd, linuxrc, ln, logger, login, ls, lsmod, md5sum,
 mkdir, mknod, mktemp, modprobe, more, mount, mv, nameif, netstat,
 nslookup, openvt, passwd, pidof, ping, ping6, pivot_root, poweroff,
 ps, pwd, rdate, readlink, reboot, renice, reset, rm, rmdir, rmmod,
 route, sed, sh, sha1sum, sleep, sort, strings, swapoff, swapon,
 switch_root, sync, sysctl, syslogd, tail, tar, tee, telnet, test,
 tftp, time, top, touch, tr, traceroute, true, tty, umount, uname,
 uniq, unix2dos, unzip, uptime, usleep, vi, wc, wget, which, whoami,
 xargs, yes, zcat
[/] #

Let's see which processes are currently running on the device using ps command. Top utility displays information on the current activity of the launched processes. We decided to present outputs of the utilities in an individual file.

We have placed the contents of /bin, /sbin, /usr/bin, and /usr/sbin catalogues into a separate file, too.

Now let's turn to /proc catalogue to view its contents and find out the system uptime, its average utilisation, information on the CPU installed and the amount of RAM. Actually, system uptime and average system utilisation can also be learnt using uptime command.

[/] # cd /proc
[/proc] # ls
1/ 13523/ 2480/ 37/ 9309/
10/ 136/ 2481/ 38/ 9319/
100/ 13669/ 2495/ 3858/ 9320/
101/ 13695/ 25/ 39/ 9327/
102/ 137/ 2513/ 3918/ 9793/
103/ 13707/ 2514/ 3926/ 98/
10374/ 13709/ 25346/ 40/ 99/
10379/ 13721/ 26/ 4032/ 9909/
104/ 14/ 2607/ 4044/ 9975/
105/ 14081/ 2608/ 41/ Qtier
106/ 14146/ 26218/ 416/ asound/
107/ 14215/ 2648/ 417/ buddyinfo
108/ 14416/ 2659/ 42/ bus/
109/ 14481/ 2663/ 427/ cgroups
10968/ 14596/ 2664/ 428/ cmdline
10973/ 14597/ 2666/ 4336/ config.gz
11/ 14607/ 27/ 4416/ consoles
11018/ 14617/ 27017/ 442/ cpu/
11019/ 14622/ 2716/ 443/ cpuinfo
11020/ 14682/ 2717/ 4446/ crypto
11063/ 15/ 2719/ 4556/ device-tree@
11395/ 150/ 2720/ 5/ devices
114/ 15079/ 2728/ 5223/ diskstats
115/ 151/ 2730/ 5720/ driver/
116/ 15139/ 2732/ 5727/ execdomains
117/ 15189/ 2733/ 6444/ filesystems
11749/ 152/ 2734/ 6456/ flashcache/
11767/ 153/ 2735/ 6553/ fs/
11770/ 15326/ 2736/ 6734/ interrupts
11771/ 154/ 2738/ 7/ iomem
11781/ 155/ 2740/ 8/ ioports
118/ 15521/ 2745/ 80/ irq/
11838/ 156/ 2747/ 81/ kallsyms
119/ 15636/ 2750/ 8100/ key-users
11983/ 15672/ 2753/ 82/ keys
120/ 159/ 2821/ 827/ kmsg
12010/ 160/ 28349/ 83/ kpagecount
121/ 161/ 28405/ 84/ kpageflags
12150/ 17/ 29/ 85/ loadavg
12159/ 18/ 2905/ 86/ locks
122/ 18298/ 2907/ 87/ mdstat
123/ 18506/ 292/ 88/ meminfo
12333/ 18700/ 293/ 89/ misc
12370/ 19/ 294/ 9/ modules
124/ 19779/ 295/ 90/ mounts@
12483/ 19789/ 296/ 91/ mtd
12484/ 19793/ 2970/ 9122/ net@
12485/ 2/ 2973/ 9124/ pagetypeinfo
125/ 20114/ 3/ 9125/ partitions
12585/ 20901/ 30/ 9127/ scsi/
126/ 21/ 3001/ 9128/ self@
127/ 21525/ 3004/ 9131/ slabinfo
128/ 21528/ 30084/ 9133/ softirqs
12836/ 21813/ 3071/ 9135/ stat
12888/ 22/ 3072/ 9146/ swaps
129/ 22482/ 30952/ 92/ sys/
12953/ 22485/ 31/ 9201/ sysvipc/
13/ 22486/ 3135/ 9202/ thread-self@
130/ 22488/ 3136/ 9203/ timer_list
131/ 23/ 31808/ 9204/ tsinfo/
13118/ 23230/ 3216/ 9205/ tty/
132/ 23233/ 3273/ 9206/ uptime
13259/ 2336/ 338/ 9259/ version
133/ 23654/ 34/ 9262/ vmallocinfo
13339/ 23681/ 3488/ 9268/ vmstat
13388/ 24/ 3489/ 9271/ zoneinfo
134/ 2415/ 35/ 9274/
13420/ 24554/ 36/ 9286/
13477/ 24568/ 364/ 9290/
135/ 2476/ 3677/ 93/
[/proc] # cat uptime
32470.95 126567.64
[/proc] # cat loadavg
3.61 3.54 3.51 1/601 31863
[/proc] # uptime
 02:02:18 up 9:01, load average: 3.61, 3.54, 3.50
[/proc] # cat cpuinfo
processor : 0
model name : Annapurna Labs Alpine AL314 Quad-core ARM Cortex-A15 CPU @ 1.70GHz
Speed : 1.7GHz
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc0f
CPU revision : 4
processor : 1
model name : Annapurna Labs Alpine AL314 Quad-core ARM Cortex-A15 CPU @ 1.70GHz
Speed : 1.7GHz
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc0f
CPU revision : 4
processor : 2
model name : Annapurna Labs Alpine AL314 Quad-core ARM Cortex-A15 CPU @ 1.70GHz
Speed : 1.7GHz
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc0f
CPU revision : 4
processor : 3
model name : Annapurna Labs Alpine AL314 Quad-core ARM Cortex-A15 CPU @ 1.70GHz
Speed : 1.7GHz
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc0f
CPU revision : 4
Hardware : Annapurna Labs Alpine
Revision : 0000
Serial : 0000000000000000
[/proc] #
[/proc] # cat meminfo
MemTotal: 2079392 kB
MemFree: 105248 kB
MemAvailable: 1213440 kB
Buffers: 400160 kB
Cached: 1103584 kB
SwapCached: 288 kB
Active: 869664 kB
Inactive: 854432 kB
Active(anon): 265280 kB
Inactive(anon): 277184 kB
Active(file): 604384 kB
Inactive(file): 577248 kB
Unevictable: 2240 kB
Mlocked: 2240 kB
HighTotal: 589824 kB
HighFree: 22464 kB
LowTotal: 1489568 kB
LowFree: 82784 kB
SwapTotal: 24647264 kB
SwapFree: 24631168 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 222592 kB
Mapped: 65632 kB
Shmem: 322112 kB
Slab: 85440 kB
SReclaimable: 38080 kB
SUnreclaim: 47360 kB
KernelStack: 19296 kB
PageTables: 46592 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 25686944 kB
Committed_AS: 3954048 kB
VmallocTotal: 565248 kB
VmallocUsed: 36288 kB
VmallocChunk: 510976 kB
[/proc] #

That's where we proceed to completion of the brief review of the command line interface capabilities and pass directly on to the shortest part of this review - describing its auxiliary utilities.

Utilities

One can manage QNAP NAS not only with the help of a browser or command line but also using specialized utilities. We’ll not review all of them in detail in this review and just mention some of them.

There are utilities both for PC and mobile platforms. Utilities for PC supports Windows, Mac and Linux OS.

With the help of QNAP Qfinder Pro utility the administrator can detect NAS in his/her local network and perform its preliminary settings.

One can synchronize files and folders using Qsync utility.

QNAP NetBak Replicator utility has similar functionality and allows fast backup copying of files from PC to NAS.

For remote access to NAS using cloud service one should use myQNAPcloud utility.

One can manage downloads performed by NAS with the help of QGet utility.

We cannot help but mention QNAP vSphere Client utility that allows managing QNAP NAS using ordinary vSphere client.

The analogs of application servers we discussed during web-interface capabilities review also exist as applications for cells and tablets. So, for example, with the help of Qfile application one can manage his/her files located in the network from the cell.

That’s where we bring a brief review of utilities available to QNAP NAS users to a conclusion.

Testing

The first traditional testing procedure is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first ICMP echo reply is received. QNAP TS-531X NAS starts sending echo-replies after 390 seconds (6:30 minutes), however at that moment the testing model is not fully ready for work. The device informs the user about the completion of the booting procedure with a special sound signal after 2 minutes 28 seconds more, so the total booting time of QNAP TS-531X NAS is equal to 8 minutes 58 seconds. We consider this a decent result. However the given test is not completed yet. We measured the booting time for firmware of 4.3.4 version (0483 build). Why is this important? The point is that there is one very interesting fix in the changelog for 4.3.4 version (0486 build):

[Fixed Issues]
- Booting process would take a longer time after users updated QTS to 4.3.4.0483 build 20180213.

We decided to update firmware and repeat this test. It turned out that TS-531X model with the firmware of 4.3.4 version (0486 build) starts sending ICMP echo-replies after 292 seconds (4 minutes 52 seconds), whereas final sound signal comes after 343 seconds (5 minutes 43 seconds) from the moment the power is on that is almost 1,5 times less than the booting time required for NAS with the firmware of the previous version.

The second traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 network security scanner. On the whole, there were 20 open ports discovered. The most interesting data are presented below.

QNAP engineers attentively check the discovered vulnerabilities and publish detailed info about all corrections on the official website.

At last we got straight down to the most interesting part of our review - performance tests, however before start we would like to get our readers familiar with the key parameters of the test stand we used.

Component	PC
Motherboard	ASUS Maximus VIII Extreme
CPU	Intel Core i7 7700K 4 GHz
RAM	DDR4-2133 Samsung 64 Gbyte
NIC	Intel X550T2
OS	Windows Server 2012 R2

A pleasant option is to measure performance of each HDD separately using features of QNAP TS-531X NAS itself, to do this, one should go to Disks item of Storage group of Storage & Snapshots section. Only two tests are available: Sequential read and IOPS read result but we consider them basic and very important.

To perform other performance tests we used Intel NASPT utility of 1.7.1 version due to which requirements we decreased amount of RAM available to the system. Such a decrease is necessary to minimize influence of local caching.

The first test from which we decided to begin performance measuring of the model under consideration was measuring access speeds to user data located on independent disks. For this test we didn’t grouped HDDs to RAID arrays. We used three different drives: HGST HUS724030ALA640 HDDs (two devices) and HDN724040ALE640 (two devices) and SSD OCZ AGILITY3 (one device) which we used as a cache. But first things first! Access to data was performed via SMB and iSCSI protocols. Here and below unless otherwise mentioned one 10 Gigabit Ethernet link was used for access to NAS.

As one can see from the diagrams above, HDDs performance is a bit different.

We decided to group several HDDs to RAID0 array and measure its performance. We made three kinds of arrays: two identical HGST HUS724030ALA640 HDDs, two identical HGST HDN724040ALE640 HDDs and an option with using all four specified HDDs.

These speeds are very good, especially if remember that using HDDs are not the fastest among ones using today.

Now it’s time to build RAID1 array using two identical HDDs.

Probably our attentive reader already noticed that during access speeds testing via iSCSI protocol DirectoryCopyToNAS test is absent. It is so due to the reason that this test shown inadequately high speeds. From our point of view, such an increase of speeds is caused by the local caching on the testing host.

QNAP TS-531X NAS has two Gigabit Ethernet ports and two 10 Gigabit Ethernet ports. We decided to provide our readers with the comparison diagram for both ways of connection via SMB protocol.

ISCSI protocol supports MultiPath option that allows transmitting data simultaneously via several paths. On the diagram below results of measuring speeds with using one or two Gigabit Ethernet links are compared and the same is performed for one or two 10 Gigabit Ethernet connections.

We find it surprising to obtain such an increase of speeds in several tests using two 10 Gigabit Ethernet links, taking into account that on a first glance the channel itself is not a bottleneck. Certainly, we assume presence of some internal software restrictions of NAS that influence maximum speed of data transmission in the network.

Obviously, we cannot help but compare performance of different types of HDD arrays.

As we already mentioned above, QNAP TS-531X NAS allows using SSD mounted in bays intended for HDDs as caching devices. It’s worth noting that it is not the only way of connecting cache to NAS. Some NICs and expansion cards allow connecting SSD with M.2 interface that allows providing higher access speeds to data in cache. Unfortunately we didn’t have at our disposal such drives so we had to use our old SSD OCZ AGILITY 3 as a cache.

On the diagrams below one can see comparison of user data access speeds without using cache and on the first and second launch of test using cache disk.

We should confess that we are a bit confused with the obtained results: in several tests performance of NAS without using cache is higher. It’s probably owed to the performance of the drive we used as a cache disk.

New IP version IPv6 is getting more and more popular. We cannot miss support of this protocol by the NAS. On the diagrams below one can see comparison of the performance for QNAP TS-531X using IPv4 and IPv6.

Access to NAS can be provided not only to users from the local network but also to remote users. In this case various tunnel protocols supported by NAS are used: PPTP, OpenVPN, IPsec. We decided to find out which speeds are available to the users during connection to NAS with the help of PPTP tunnel using MPPE 128 encryption.

Also we decided to compare performance of QNAP TS-531X model on using PPTP and OpenVPN tunnels.

We should take our readers attention that data transmitting via the tunnel significantly utilizes NAS CPU. So, for example, on data transmitting with 50 Mbps speed via OpenVPN tunnel with standard settings CPU of the testing model is 30 percent utilized.

QNAP TS-531X NAS supports not only Ethernet frames of standard size (1500 bytes) but also increased ones (jumbo frames). Certainly, we cannot help but compare data access speeds on using ordinary and jumbo frames.

Using of jumbo frames significantly influences several access speeds in case of using SMB protocol, whereas influence on performance and iSCSI is more negative.

In conclusion, we would like to get our readers familiar with access speeds to data located on the external drive connected to NAS with the help of USB 3.0 interface. To perform this test we used our SSD Transcend TS256GESD400K of 256 Gbytes that we sequentially formatted to different file systems.

That’s where we complete testing section and move directly to summing it all up.

Summary

We are glad with tested QNAP TS-531X NAS that supports mounting up to five HDDs with SATA interface or SSDs. The model under review is intended for home offices and small companies. Disk space provided by the NAS (maximum 60 TBytes) is more than enough for the most users and high data access speeds make work convenient and fast. QNAP TS-531X has four network interfaces (two copper Gigabit Ethernet ports and two ones for SFP+ modules), we consider such a set rather optimal, however additional NIC or expansion card can be mounted if needed. Unfortunately, on making this review we cannot test another option we consider interesting: support of SSDs with M.2 interface. From our point of view, such drives can significantly increase device performance.

Existence of two versions of TS-531X model different in preset RAM amount allows customers to select the device that is more applicable for the particular tasks. In addition, vendor has recently launched four HDDs model with similar software: TS-431X2.

Strength areas of QNAP TS-531X NAS are the following:

• ability to set additional expansion card;
• built-in GE and 10 GE interfaces;
• support of drives with M.2 interface (optional);
• ability to measure access speeds to the disks by the abilities of NAS itself;
• high access speeds to the user data;
• ability to aggregate network interfaces;
• USB 3.0 ports;
• ability to install extra software packages;
• IPv6 support;
• built-in VPN Server and Client;
• support of external disk arrays;
• ability to manage NAS using mobile apps;

Unfortunately, we cannot help but mention discovered drawbacks of the model:

• the fan in the PSU is too small;
• strict list of compatible expansion plates and SSD-modules with M.2 interface;
• relatively high price;

At the moment this review was being written, the average price for a QNAP TS-531X-2G was 55666 roubles, whereas TS-531X-8G model cost 71140 roubles. The prices do not include HDDs.

As of this writing, the best price for QNAP TS-531X-2G in German-speaking Europe countries, according to website Geizhals Preisvergleich, was about 544 euro and about 686 euro for QNAP TS-531X-8G model. The prices do not include HDDs.