Quick Warning: On accounting of traffic going in / out.
PinnedA kind warning on the stats we present (upload/download/graphs). How accounting works are really dependent on the methodology of measuring. So whatever we measure may not be the same as the router end.
- The accounting (upload/download byte graphs) should only be used as a reference only.
- It should not be as an exact measurement. Our software is not build to do this type of accounting.
- Packet counting at our level is very sophisticated, so we do NOT guarantee the total correctness of our accounting.
The data we present are mainly for security purposes, and also give you a relative measurement of your traffic. We do not guarantee this data is absolutely correct.
If you see anything strange or anything does not make sense please feel free to message us https://help.firewalla.com We will be glad to look at the issue.
-
Glad you brought this up. Gold accounting works the same as the blue/red, so the issue of accuracy and how data is accounted will still vary.
For example, I have Comcast Xfinity (Cable), and last month, my total internet usage according to Xfinity is around 1T. While firewalla is around 930GB. Likely the Xfinity counters include a MAC/IP layer counters.
We are going to use the interface counter more in the future for data usage, hopefully, this will be a bit more accurate.
What I do with my system is, I also set the Firewalla Monthly Data Plan feature to 1T, which is 200GB less than my actual allocated 1.2T... This does help a lot. The large bandwidth usage alarms are also useful if you have kids like to leave things streaming all night.
-
So far it is a variation of 10% +/- 5% difference. We did a measurement with Comcast in the bay area, and the results are at the end of
https://help.firewalla.com/hc/en-us/articles/360043859234-Bandwidth-Usage-Monitoring
For my own uses, I always set the target less than 20% less than my actual limit.
-
So in my case Firewalla (Blue) is telling me that I've used 1.1TB of bandwidth in the month of April. My Comcast account is telling me it's only 730GB. So somehow Firewalla is reporting 50% higher. I'm also getting bandwidth alerts from Firewalla regarding my Synology NAS, which has Netdata installed and shows very detailed metrics on network activity. Often the Firewalla alerts seem to be "ghosts", meaning, I can't correlate it with Netdata reports or any other observable activity on the NAS. Unfortunately my router (Orbi) doesn't provide any of this data so it can't help me get to the bottom of it.
-
How does Firewalla do with measuring BitTorrent traffic? I just received another bandwidth alert, indicating that my NAS used 15 GB in the last 2 hours. I looked at my Netdata dashboard for the NAS (which hosts the torrent client) and the timeframe corresponds to a window during which one torrent was temporarily uploading at an average of about 300kbps for about 90 minutes. I can see this pretty clearly in the eth0 network interface activity report and also in the docker image network activity (for the torrent client). But in total I think it actually uploaded under 1 GB as shown in both Netdata and in the torrent client UI. So I can't seem to explain why Firewalla is telling me that the NAS uploaded over 15 GB in this timeframe. I seem to be getting these alerts once or twice a day for this NAS server, but I can never seem to match it up with evidence of major network activity on the server itself.
-
Thanks. I feel that there's a bug in here with respect to torrent traffic that results in Firewalla significantly inflating the bandwidth usage (perhaps by 10x or more) and firing false alerts. I may swap Orbi's router functions to an OpenWRT based device which would help to confirm the real internet data usage. If I can prove it with more examples and data on top of what I provided above then I'll post back.
-
I reconfigured my home network, adding a wired FreshTomato based router doing all routing services and keeping Orbi in AP mode only (for wireless). Tomato has pretty good bandwidth monitoring, and combined with Netdata on my NAS I think I have some decent data to share. After a few days running in this new configuration, following is an example of the (greatly) overstated bandwidth reporting and alerting from Firewalla. Note that Firewalla is still in Simple mode, and I haven't yet tried reconfiguring it to DHCP mode.
There was an alert reported at 1:20am last night by Firewalla, stating that my NAS had used 61.54 Gigs of data in the previous 2 hours (yikes!), which would correspond to about 11:20pm last night (April 27) and 1:20am (April 28):
However, this is what my FreshTomato router states for WAN activity over the previous 12 hours (the 2-hour alert window is highlighted loosely). Note that over the whole 12 hours of this report, FreshTomato reports that my entire network only used about 17GB, and certainly only a fraction of that during the highlighted timeframe:
And, concerning the device alerted by Firewalla (Synology NAS), here's the IP Traffic report from FreshTomato in this timeframe (about 5GB over the whole 12 hours, much less in the highlighted two hours):
On that NAS device itself, there is one ethernet interface (eth0), monitored by Netdata. Here's that view, which never exceeds 5mb/s. Even if that peak rate were a sustained over 2 hours, I believe this would still only result in under 5GB total.
So unless I've completely misunderstood something here, I believe Firewalla is exaggerating the bandwidth usage by more than 10x in this example. Note that in my limited experience with these alerts, I've noticed that the exaggerated ones tend to be associated with small amounts of torrent upload traffic. They seem more reliable with other devices and traffic types on my network.
-
Note that in my limited experience with these alerts, I've noticed that the exaggerated ones tend to be associated with small amounts of torrent upload traffic. They seem more reliable with other devices and traffic types on my network.
I think this may be the clue. If I remember correctly when torrenting, there may be cases where the microflows may be cut in the middle by something (network, human, transit...), when that happens, the system will try to guess the flow information from the last packet. I don't remember what the guess was based on, likely the sequence numbers.
Now if you are willing to play with this, I think the DHCP mode may solve this issue. (the extra NAT will likely make the guessing more accurate).
Or, you can reduce the number of torrent peers, this may also fix something.
Please sign in to leave a comment.
Comments
18 comments