Firewalla blue throughput

Comments

10 comments

  • Avatar
    Firewalla

    The blue >500 mbits.  It should be able to handle 200 megabits very easily.   Can you let us know what router are you using?  likely there is something that need to be adjusted there.   

    0
    Comment actions Permalink
  • Avatar
    Kevin Wyrick

    Sure.

    It is a Synology 2600.  DHCP service is turned off on the Synology. Firewalla patched directly into one of the Synology ports.  Test with "main" subnet and the router as the default gateway yields 230mb/sec.  Test with overlay subnet and Firewalla as the default gateway yields 130mb/sec.

    Thank You,

    Kevin

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    It looks like something is doing rate limit, double-check the Synology and see if you have anything that may be doing QoS?  Or do you have any network elements near the Synology?

    The Synology 2600 is one of our favorite routers for DHCP mode.  Feel free to create a case help@firewalla.com,  our engineers can help you directly. 

    0
    Comment actions Permalink
  • Avatar
    Kevin Wyrick

    Thank You.  I opened a case.  Also, I performed a speedtest to the WAN from a shell on the Firewalla box.  The results were 230mb/sec just like any other device from the Synology subnet.  The slower speeds (130mb/sec) seem to be anything using Firewalla as their default gateway.  This makes me think that it is isolated to traffic that Firewalla is inspecting.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Do you have synology's IDS/IPS turned on? if you do, they will significantly reduce speed ... we have seen this happen in the past. 

    0
    Comment actions Permalink
  • Avatar
    Kevin Wyrick

    I disabled Synology's IDS/IPS a long time ago because it reduced the speed so much.

    With that said, if it were enabled the issue would likely a problem with all subnets behind the Synology, and not just isolated to devices using Blue's as their default route.

    0
    Comment actions Permalink
  • Avatar
    Kevin Wyrick

    A little additional information.

    I am running against speedtest.net

    When the speedtest (download) is running I notice that the process "bro" is utilizing 100% of one of the four CPU's.  ( nmon )

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Bro is the IDS engine, when it is active, likely it is chewing packets.   Is anyone helping you from our engineering team?  likely for this case, they need support access

    0
    Comment actions Permalink
  • Avatar
    Kevin Wyrick

    Did some reading up on Bro, and it appears not to be multi-threaded.  That is somewhat concerning considering that when the speedtest is hitting 130Mbps, Bro is pegging a CPU.

    With that said, support ( Melvin ) has been running some tests and is gathering information.  I have also given him access to a Linux server that uses Blue as its default gateway to run additional tests.

    0
    Comment actions Permalink
  • Avatar
    Kevin Wyrick

    Support resolved the issue I was having.

    After doing some testing, support had this theory:  "We suspect if the LAN bridge on the router may share upload/download bandwidth within multiple ports."

    I moved all patches from the Synology over to an 8-port gigabit switch, and then patched the switch into one of the Synology LAN ports.  With the network switching offloaded from the router to the switch, the speedtests through Firewalla Blue to the WAN was able to max my internet service.

    Thank You guys for the amazing support.

    Last month I did signup for the Indiegogo Gold campaign.  I look forward to using Gold as the main firewall/router, and moving the Synlology to a role of wireless access point.

    0
    Comment actions Permalink

Please sign in to leave a comment.