Blocked Flow Query Performance
Maybe its because the Firewalla is new but I frequently query flows for blocked inbound traffic. The query time is always horrible. Generally speaking, it will spit out 1 or 2 lines every few seconds. Getting through a whole 24 hour list is excruciating.
Initially I thought it was because I had a new setup and was working to reduce the "noise". After tweaking some rules to allow Apple TVs to talk to other Apple devices I eliminated a huge portion of block traffic. I expected that once I had this cleaned up and removed nearly 1 million blocked flows in 24 hours that the performance would improve. Unfortunately it did not.
Is there anything that can be done to improve this performance? Its almost unusable as it is.
-
I realize that my initial post is a bit muddy. Let me try to clarify.
As I have introduced the Firewalla to my home network I have rolled out various features and changes over the past couple of weeks.
When I went from a flat network to multiple VLANs, most of which cannot talk to each other, I would have over 1,000,000 flows per day that were blocked.
Every day or two I go out to the web app and display the blocked flows just to understand what is happening both internally and externally. When I would try to display blocked & inbound flows it was painfully slow. I attributed this to the fact that I had over 1M blocked flows per day and I assumed that once I had tweaked the inter-VLAN communications that it would dramatically reduce the number of blocked flows and thus improve performance of the query that would show blocked & inbound flows.
Through frequent analysis of blocked flows I found out that my 3 apple TVs absolutely insist on talking to every other Apple device in the house, multiple times per minute. The Apple TVs are on on VLAN and other Apple devices are spread across several other VLANs. The 3 Apple TVs were blocked from talking to the other VLANS and it was generating an enormous amount of blocked flows. I have since put in a rule to allow the Apple TVs to talk to other Apple devices.
This has successfully reduced my blocked flow count from around 1.1 million per day down to about 90,000. With a 90% reduction in blocked flows to analyze I was hoping the query performance would improve but it hasn't.
As for the analysis of blocked & inbound flows - the purpose isn't to attempt to tweak anything there. Its simply to see where "drive-bys" are coming from in the world and how frequently they are happening.
But even with the significant reduction in blocked flows the performance of displaying just the last 24 hours is terrible. I just did a quick test and have the followings results querying blocked & inbound flows.
It took:
8 seconds for the first item to appear in the list.
11 seconds for the first two items to appear
30 seconds for the first five items to appear
... I have to keep scrolling down to keep the query going
In the end, it took 2 minutes and 39 seconds to display 79 records.
I'm a software engineer. It seems like the query isn't designed very well. Even for the pagination that is taking place (scrolling down to trigger more results) it performs really bad.
Don't get me wrong... I'm not bashing the product. I love this thing. But I don't think it should take 2 minutes and 39 seconds to display 79 records. I'm sure there is some sort of optimization that can happen to get the query performance to an acceptable level.
Please sign in to leave a comment.
Comments
8 comments