Question
Which routers can actually sustain 1Gbps symmetrical throughput?
Answer
Most "gigabit routers" can't actually route at gigabit speeds. If you have symmetrical gigabit fiber and your wired speeds top out at 400-600 Mbps, your router is likely the bottleneck.
This page is about wired routing performance—how fast traffic can flow through your router with NAT and firewall enabled. Wi-Fi speed is a separate topic entirely.
Last updated: December 2025
Disclosure: This page contains Amazon affiliate links. If you purchase through these links, I may earn a small commission at no extra cost to you. This doesn't influence which products are listed—recommendations are based on performance data, not commissions.
A Note on Hardware Acceleration
Many routers achieve gigabit speeds using hardware NAT/CTF acceleration, which offloads packet processing to dedicated silicon. However, certain features disable it: SQM/QoS, VPN, traffic monitoring, and sometimes even basic firewall rules. The table notes when acceleration is required.
Router Reference Table
All routers listed below can sustain full gigabit wired throughput (~940 Mbps) under normal conditions. The key differentiators are WAN port speed, whether they maintain that speed with SQM/QoS enabled, and any gotchas.
Consumer Wi-Fi Routers
All-in-one devices with built-in Wi-Fi. Convenient but often limited by CPU when acceleration is disabled.
| Device | WAN Port | 1G+ Wired | SQM? | Notes |
|---|---|---|---|---|
| ASUS RT-AX86U Pro | 2.5G | Yes | No | Requires CTF enabled. Popular choice. |
| ASUS RT-AX88U Pro | 2.5G | Yes | No | Requires CTF. More LAN ports than AX86U. |
| TP-Link Archer AX80 | 2.5G | Yes | No | Good value. |
| Netgear RAXE500 | 2.5G | Yes | No | Wi-Fi 6E. Expensive. |
| GL.iNet Flint 2 (MT6000) | 2.5G | Yes | Partial | OpenWRT-based. ~500-600 Mbps with SQM. |
| Netgear RS90 | 2.5G | Yes | No | Wi-Fi 7. ~$150. |
Prosumer / Enthusiast
More capable hardware, often requiring separate access points for Wi-Fi.
| Device | WAN Port | 1G+ Wired | SQM? | Notes |
|---|---|---|---|---|
| Ubiquiti Dream Machine Pro | 1G / SFP+ | Yes | Yes | Smart Queues work at gig. IDS/IPS reduces throughput. |
| Ubiquiti Dream Router | 2.5G | Yes | Yes | Built-in Wi-Fi 6. Good all-in-one. |
| MikroTik hAP ax³ | 2.5G | Yes | Partial | ~600-700 Mbps with fq_codel. Excellent value. |
| MikroTik RB5009UG+S+IN | 2.5G / SFP+ | Yes | Yes | No Wi-Fi. Full SQM at line rate. |
| Netgate 4100 | 1G | Yes | Yes | pfSense appliance. Handles fq_codel at gig. Larger models have SFP+. |
| Ubiquiti EdgeRouter 4 | 1G | Yes | Yes | ~$200. Classic choice for gigabit NAT. No Wi-Fi. |
| ASUS ExpertWiFi EBG15 | 2.5G | Yes | No | Router-only, no Wi-Fi. Business-focused. |
| TP-Link ER605 V2 | 1G | Yes | No | ~$60. Budget wired-only router. Omada ecosystem. |
DIY / x86 Solutions
Build your own router. Highest performance ceiling, most flexibility, steeper learning curve.
| Platform | WAN Port | 1G+ Wired | SQM? | Notes |
|---|---|---|---|---|
| Protectli VP2420 | 2.5G | Yes | Yes | Celeron J6412. ~$300. Great for pfSense/OPNsense. |
| Topton N100 mini PC | 2.5G | Yes | Yes | Intel N100. ~$150-200. Excellent value. |
| Any x86 + dual NIC | Varies | Yes | Usually | Old desktop + Intel NIC works fine. |
What Kills Your Throughput
Even routers capable of gigabit NAT can be brought to their knees by certain features:
- SQM/QoS (fq_codel, CAKE) — Active queue management requires per-packet CPU processing. Budget 200-400Mbps on most ARM routers, 600-800Mbps on high-end ARM, gigabit+ only on x86 or dedicated hardware.
- VPN — OpenVPN tops out around 30-100Mbps on most consumer hardware (CPU-bound). WireGuard is much faster but still costs 20-50% throughput on ARM devices. x86 can often do gigabit WireGuard.
- PPPoE — Some ISPs require it. Adds CPU overhead. Most modern routers handle it fine, but check if your ISP requires it.
- IDS/IPS (Snort, Suricata) — Deep packet inspection is extremely CPU-intensive. Expect 300-500Mbps on prosumer gear, less on consumer.
- Traffic logging/monitoring — Per-connection tracking adds overhead. Usually minor but can add up.
What to Look For
When shopping for a gigabit-capable router:
- 2.5GbE WAN port — Gives you headroom. Even if your ISP is 1Gbps today, you won't be bottlenecked by the port when speeds increase.
- Hardware NAT acceleration — Essential for ARM-based routers. Check what features disable it.
- Ask the right question: "What's the NAT throughput with firewall enabled?" — not Wi-Fi speed, not switch speed.
- Consider your needs: If you need VPN or SQM at high speeds, budget for x86 or high-end prosumer gear.
Testing Your Router
To test your actual throughput:
- Run a wired speed test to a fast server (fast.com, speedtest.net, or Cloudflare speed test)
- For more accurate results, use
iperf3against a known-fast endpoint - Test both download and upload separately
- Maximum real-world throughput is ~940Mbps on a 1Gbps connection due to TCP/IP overhead
For bufferbloat testing, use Waveform's bufferbloat test. If you're getting an F grade, you're likely hitting your router's limits under load.
Common Questions
What about mesh systems?
Most mesh systems route all traffic through the main node, which often can't sustain gigabit. If you need mesh Wi-Fi coverage with gigabit routing, use a dedicated router from this list and put your mesh system in bridge/AP mode.
What about my ISP's provided router?
Usually underpowered. ISP-provided equipment is optimized for cost, not performance. If you're stuck below gigabit speeds, put it in bridge mode and use your own router.
Do I need Wi-Fi 7 / Wi-Fi 6E?
Not for wired throughput. Wi-Fi generation only affects wireless speeds. A Wi-Fi 5 router with a strong CPU will route faster than a Wi-Fi 7 router with a weak one.
What about the OpenWRT One?
Worth watching. It's purpose-built for this use case and should be a solid recommendation once widely available.
Sources
- SmallNetBuilder Router Charts — WAN-to-LAN throughput testing
- OpenWRT Forum throughput testing — Comprehensive benchmark methodology
- Dong Knows Tech — Multi-gigabit router recommendations
- SNBForums discussion — Community recommendations
About This Page
This page is maintained by someone running MikroTik routers, OpenWRT, UniFi, TP-Link Omada, and Ruckus access points at home. The "Firsthand" tags mean exactly that—tested on my own network. Community and manufacturer data is included where noted, with appropriate skepticism for marketing claims.