This document is still working in progress
Testing the speed of your network is both an art and a science. Especially if you have a Gigabit WAN network. Here are some tips to get decent test results.
Physical:
- Please make sure you have the right cables ready. Gigabit internet does require CAT 5E or CAT 6/7... ethernet cables. <== This is the most common problem
- You should be testing via an Ethernet connection. Wifi tests may work in slower networks, but for anything beyond 200 Mbit, you should be using Ethernet.
- Your test host should be as close to the router as possible. We have seen people using ethernet over coax (MoCA)...
- Make sure you have a decent PC/MAC for the test. The reason is, some older machines may not be possible to drive gigabit.
- If your ethernet is going through a switch, please make sure the ethernet switch can handle wire-speed switching for all the ports. (you don't want a file server or like to slow down your network)
- If you have nested switches, make sure the connecting between the links is not saturated when you are doing testing. (otherwise, you will be limited by the switch's interconnect speed)
Software:
- Not all speed test sites are equal, and not all of them will work consistently around the world. Try a different test provider/target if you can.
- In general, the speed test given by your service provider is likely the best (most close to you).
- Some speed tests will limit the maximum bandwidth getting tested. (for example, fast.com only measures speeds up to 250 Mbits)
- We recommend speedtest.net, fast.com and dslreports.com
- If possible, use the app instead of the web page for the test. For example, speedtest.net has OSX apps that you can download and use. It is likely more reliable.
Time:
- If you are using a shared medium (cable modem for example), your speed may also depend on what your neighbors are doing as well. So testing speed during off-hours may have more accurate results.
- If you have slower internet, it will be good to test when things are quiet in the house. For example, if someone is loading a 4k youtube video, you are going to see a spike of 40 or more Megabits, and that will compete with your speed test. (same as iCloud backups ...)
- Do try a couple of times for the tests ...
Location:
- Some speed tests do have the option to pick the location of the target server. The ones close to you are likely to be the fastest. Try a few others if you are not getting the speed you are after.
Firewalla Configuration:
- Firewalla monitoring mode will influence a bit on the test result.
- Router mode is the fastest, then DHCP mode, then Simple Mode
- Simple mode is a bit slower (but not a lot) due to arp spoofing.
- See this for reference https://help.firewalla.com/hc/en-us/articles/115004292514-How-does-Firewalla-Intercept-Traffic-
Multiple WAN:
- If you have multiple WANs and in load balancing mode, and your speed test uses the same destination IP address, then the max speed is going to be whatever the link is used. Firewalla load balancing is based on the destination IP, if the speed test server IP is the same, all the traffic will go to the same circuit. (workaround is to run two different speed tests to two different servers)
Speed Test For LAN
All Firwealla Products have the option of testing the connection from your device to Firewalla. This is really the speed of your LAN. (if you are using safari and local test is slow, try Chrome)
HTTP://[your firewalla IP Address]:8833/ss/
Speed Test Inside Firewalla for WAN (PRO ONLY)
If you know how to access the Firewalla SSH shell you can use this to do a quick speed test. This test may NOT always reach gigabit speed. (likely it is because the software is python)
pi@firewalla:~ (GoldJCMain) $ remote_speed_test
Retrieving speedtest.net configuration...
Testing from Comcast Cable (73.162.248.251)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Razzolink Inc (San Jose, CA) [7.37 km]: 21.692 ms
Testing download speed................................................................................
Download: 714.04 Mbit/s
Testing upload speed................................................................................................
Upload: 39.63 Mbit/s
If you have gigabit connections, you should be able to use the speedtest cli. The test binary you will have to install yourself.
wget https://install.speedtest.net/app/cli/ookla-speedtest-1.0.0-x86_64-linux.tgz
Uuntar this and run speedtest
pi@firewalla:~/tools (GoldJCMain) $ ./speedtest
Speedtest by Ookla
Server: EGI Hosting - Santa Clara, CA (id = 32408)
ISP: Comcast Cable
Latency: 10.23 ms (1.53 ms jitter)
Download: 934.95 Mbps (data used: 1.1 GB)
Upload: 39.67 Mbps (data used: 29.7 MB)
Packet Loss: 0.0%
#If you want to test it on each interface
pi@firewalla:~/tools (GoldJCMain) $ ./speedtest --interface eth0
The above two tests are run in sequence, you can see the speed difference due to different test tools.
Simple Ping Tests
If you hear a choppy voice during zoom calls or feel your speed is slower, try to use "ping" to test your network.
First, ping a well known and stable IP, like 1.1.1.1 or 8.8.8.8, if you see something like below, something between your PC/MAC to the internet is dropping the packet
ping 1.1.1.1
In parallel, ping Firewalla's main IP or your router IP.
ping 192.168.2.1
If your ping to your router / or firewalla has dropped packet, and the "time" is erratic and >100ms, then your LAN has a problem, usually, this is due to your WIFI connection or a bad switch.
Wi-Fi vs. Ethernet
The quality of Wi-Fi is not always reliable when doing speed testing. The final speed depends on many things, may even include how your neighbor is using the same channel.
Here is an example (this is Speed Test via DSL Reports over Ethernet):
Here is the same test using Wifi (Access Point 15ft away). Here even with Smart Queue on, you can see some bufferbloat, and that's likely from the Wifi side. For a better test, please use an Ethernet connection instead.
Comments
22 comments
Which IP do we use in FWG when it's in router mode?
if you are doing local testing, it will be the gateway IP (of your network segment) of the Firewalla Gold.
This doesn’t work with the Internet IP address - right?
I've read that ISP's cheat and grant traffic priority to speed test websites to give their customers the dishonest appearance that the boosted results are accurate measurements that represent the customer's typical internet speeds...does the choice of speedtest providers have this in mind?
I've read good things about self-hosting your own instance of librespeed is one such way of effectively combating this, just to put this out there in case the issue hasn't already been addressed....
https://github.com/librespeed/speedtest
Want to have speedtest cli on Firewalla Gold? This will tell you how fast your internet connection is right on Firewalla (no wifi or Ethernet involved)
Firewalla will remove anything installed after upgrades so you can install a script to reinstall for you after firewalla upgrades and possibly reboots. See https://gist.github.com/mbierman/9ac6a35622ee5a0c631ed6f6ad74b722.
Then you can run speedtest.
Or
if you have dual WAN and want to test WAN2
The wget command doesn't work.
Yeah, speedtest changed something. I'll update my script shortly.
Why don't you just use Speedtest CLI?
speedtest cli fails with:
Interesting. it is working correctly for me. Are you running the latest speedtest version?
Yes I think so, I just installed it.
Weird, it's working fine for me.
I followed the steps mentioned here
Speedtest CLI - Internet connection measurement for developers
Thanks for supplying this, makes me feel quite happy with the quality of monoprices cat6 cables! with a 16 port netgear switch in between the test computer and the firewalla I hit 1006.10 up, 999.33 down 2.49ms ping and 0.14ms jitter with a fairly standard dell win 10 system. I've seen 1000 down briefly on internet transfers so I can safely say, the firewalla gigabit ports work properly!
@Ben I don't know if this would interest you, but for fun I wrote a script that can capture speedtest data from both of my Firewalla WAN connections and send the data to a google spreadsheet to make some nice graphs. I'm running it 1/hour at least for now. It can also capture and save to a log file on Firewalla. You can turn off either of these if you don't want one or the other.
@Michael oh my god that's a ton of beautiful data definitely awesome work there!
@Ben you are very kind. Thanks!
@Michael This looks great. However the --interface flag for my secondary WAN isn't working. I have set my WAN config to be in failover mode.
@sukumar, Sorry! I agree it would be nice to handle the failover use case. I will see if I can figure out a good way to determine which WAN is active and add that to the script.
I don't know if you can access the WAN port if it is in failover mode. Maybe @Firewalla can clarify if that should be working or not. I can see why it might make sense that it wouldn't.
Temporarily at lest, you could of course leave WAN2 blank and test your primary WAN.
@sukumar, actually I just put my FWG into failover and tested the second WAN and it worked fine. Are you sure pppoe0 is the correct interface?
@Michael Yes its the correct interface. I will reach out to Firewalla with this.
Thanks @sukumar. I don’t have a ppoe connection so I can’t test. Let me know what the resolution is if you can.
@remotebloke I fixed the script. Might be good to have because some Firewalla upgrades will overwrite Speedtest.
https://gist.github.com/mbierman/9ac6a35622ee5a0c631ed6f6ad74b722
Please sign in to leave a comment.