Firewalla Gold: PPPoE performance in comparison to DHCP WAN

Follow

Germán Fernández Torres

• June 30, 2021 14:15
• Edited

Hi,

I'm trying out different configurations for my ISP router + firewalla setup.

ISP modem/router in router mode + FW with WAN DHCP

Out of the box, the ISP router does the WAN PPPoE connection and delivers a NATted LAN (192.168.1.0/24) with DHCP enabled. In this setup I configure the Firewalla Gold in router mode with the WAN connection in DHCP mode and the LAN side configured with another NATted network (192.168.77.0/24).

In this configuration internet delivers consistent 600Mbits/s which is roughly what the ISP is giving me in my current plan. The downside is that the firewall doesn't actually get the public IP address. It's the ISP's modem/router who still gets the public IP address and I have a double NAT situation.

 

ISP modem/router in bridge mode + FW with PPPoE WAN

To resolve the double NAT, I can change the ISP modem/router to bridge mode and configure the FW to do the actual PPPoE WAN connection. The Firewalla gets the public IP and I think it's the best setting. The downside is that in this configuration I only get 380~400Mbits/s. There's some performance degradation when changing to this setup.

 

I have heard that other firewalls like pfsense don't handle well the PPPoE connections on APU hardware as they don't fully use all the NIC queues.

Some background information on this:

https://redmine.pfsense.org/issues/4821
https://teklager.se/en/knowledge-base/apu2-1-gigabit-throughput-pfsense/

 

Do you think this may be also the case with Firewalla Gold? How can I achieve same performance in the PPPoE setup?

Thanks!!

 

Germán

 

 

 

 

 

1

• 

  Firewalla

  • June 30, 2021 15:50

  We do aware there are random issues with PPPoE performance, and that is dependent on the service provider, and the test used. For example, we have been working with a very nice customer from Canada, and on his system, he can get wire-speed while testing inside the firewalla (gigabit), but if he is outside of it, he gets around 700mbit download and close to gigabit when uploading. I also do remember we have another case from a service provider in the US (likely century link) in which the performance hoovers around 600 to 800 down.  

  In your case, 400 is a little too low. I just created a ticket, and I'll get another developer to take a look.

  1

  Comment actions Permalink
• 

  thernus

  • January 10, 2022 02:48
  • Edited

  Hello Support,

  On my googling of my issue I came across this, I just transferred from a Static Routed IP provider to a PPPoE provider and with SQM off I get the full line speed (550/50Mbps) but with SQM (with rate limiting on and off as well) on get around 300Mbps throughput with a FWG.

  With the previously provider I was on a 1Gbps plan and SQM (with rate limiting) took about 50-75Mbps overhead but otherwise worked fine.

  I have tried stable/beta and alpha and even a FWG factory reset was on alpha at the start and with the other provider, I don't really want to remove the FWG and would prefer not to transfer to another provider as its a decent price for the service so far.

  0

  Comment actions Permalink
• 

  Brett O’Brien

  • April 18, 2022 22:10
  • Edited

  I can only hit about 500Mbps on my Centurylink 1 gig PPPoE connection with my FWG. I was able to max it out on both the router they provided and the TP-Link AX20 in PPPoE mode. Pretty disappointing since I'm loving the FWG otherwise.

  UPDATE: Looks like most of the hit for me was from smart queue. When turned off I get 800Mbps.

  1

  Comment actions Permalink
• 

  thernus

  • May 01, 2022 04:18

  I ended up just switching away from the PPPoE provider and over to a IPoE/DHCP provider so I could use SQM without the massive throughput hit, its a real shame this is still an issue on the FWG.

  0

  Comment actions Permalink

Please sign in to leave a comment.