Products Firewalla Blue Firewalla Gold Firewalla Blue Plus Firewalla Red

Firewalla Gold: PPPoE performance in comparison to DHCP WAN

Follow
Avatar
Germán Fernández Torres
  • Edited

Hi,

I'm trying out different configurations for my ISP router + firewalla setup.

ISP modem/router in router mode + FW with WAN DHCP

Out of the box, the ISP router does the WAN PPPoE connection and delivers a NATted LAN (192.168.1.0/24) with DHCP enabled. In this setup I configure the Firewalla Gold in router mode with the WAN connection in DHCP mode and the LAN side configured with another NATted network (192.168.77.0/24).

In this configuration internet delivers consistent 600Mbits/s which is roughly what the ISP is giving me in my current plan. The downside is that the firewall doesn't actually get the public IP address. It's the ISP's modem/router who still gets the public IP address and I have a double NAT situation.

 

ISP modem/router in bridge mode + FW with PPPoE WAN

To resolve the double NAT, I can change the ISP modem/router to bridge mode and configure the FW to do the actual PPPoE WAN connection. The Firewalla gets the public IP and I think it's the best setting. The downside is that in this configuration I only get 380~400Mbits/s. There's some performance degradation when changing to this setup.

 

I have heard that other firewalls like pfsense don't handle well the PPPoE connections on APU hardware as they don't fully use all the NIC queues.

Some background information on this:

https://redmine.pfsense.org/issues/4821
https://teklager.se/en/knowledge-base/apu2-1-gigabit-throughput-pfsense/

 

Do you think this may be also the case with Firewalla Gold? How can I achieve same performance in the PPPoE setup?

Thanks!!

 

Germán

 

 

 

 

 

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Firewalla

    We do aware there are random issues with PPPoE performance, and that is dependent on the service provider, and the test used. For example, we have been working with a very nice customer from Canada, and on his system, he can get wire-speed while testing inside the firewalla (gigabit), but if he is outside of it, he gets around 700mbit download and close to gigabit when uploading. I also do remember we have another case from a service provider in the US (likely century link) in which the performance hoovers around 600 to 800 down.  

    In your case, 400 is a little too low. I just created a ticket, and I'll get another developer to take a look.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post