2.5gbit internet "slow" speeds
Hello, I'm troubleshooting "low" internet download speeds on my Firewalla Gold Pro with a 2.5 Gbps Zen Internet (CityFibre) plan. My setup uses port 4 (WAN) to a CityFibre ONT, Cat7 cables, and a PC with an ASUS XG-C100C 10 Gbps NIC (previously Intel I225-V). Local LAN tests (PC-to-Firewalla, HTML-based) hit 2500/2500 Mbps, confirming the NIC, cables, and Firewalla LAN are solid. However, PC internet tests (Fast.com/Ookla desktop app, Zen London server id: 40788) only reach as high as ~1300 Mbps down/1600 Mbps up, while Firewalla CLI tests get ~2000 Mbps down/1600 Mbps up. Upload speed is always consistant at 1600 Mbps, so this suggests a download bottleneck somewhere between my PC and Firewalla.
I've optimized extensively: Firewalla is in Router mode, Active Protect and Smart Queue off, firmware updated. On the PC, TCP stack is reset (autotuninglevel=experimental, RSS enabled), NIC settings tweaked (jumbo packets enabled, Large Send Offload off, max buffers, Interrupt Moderation tested on/off), and antivirus disabled temporarily. But it’s still below CLI’s 2000 Mbps.
My next step is a direct PC-to-ONT test to isolate Firewalla. Has anyone seen similar download gaps (PC vs. CLI) on high-speed plans? Could Firewalla policies/firmware or port 4 config be limiting PC downloads, despite CLI hitting 2000 Mbps?
Any ideas?
Edit: Possibly figured it out thanks to Gemini. When performing iperf3 test on PC, I used htop in firewalla ssh console, and the CPU maxes out when performing the test, so the CPU could be fully utilized to route the traffic at ~1.2 Gbps, and it simply cannot process it any faster for a forwarded stream. Thought these routers were supposed to be high end for the consumer? Is 2.5gbit internet not possible with these routers?
-
The Gold Pro can easily handle 2.5Gbit; It can reach 10Gbit with full set of access lists running and IDS/IPS in parallel.
Looking at your post, the issue is likely your WAN side, the speed is slow; this can either be your ISP is slower or the test server is slow. My advice is to look at the WAN side. Use speedtest.net, it is likely better than fast.com
In this article, there is a flow chart, follow that. I am pretty sure you will end up in the section that you need to optimize the test servers. https://help.firewalla.com/hc/en-us/articles/360056875493-Speed-Tests-and-Speed-Optimization-with-Firewalla
-
So I directly connected my PC to the ONT, and I'm getting full 2.5gbit speeds by bypassing the router, so we can rule out WAN.
I just went through all settings in firewalla and disabled mostly everything that could be likely to throttle speeds, VPN client/server disabled, ad block, smart queue etc and still the same.
So it is firewalla that is restricting speeds somehow -
If your LAN speed is fast, your WAN speed is fast, the problem is very likely related to the test server you are using, or smart queue rules limiting something (please double check)
I believe you can change ookla speedtest servers, have you tried changing that?
Also you have 10G NIC connecting to the 10G port? if you do that, your LAN speed test likely be near 10Gbit range, why are you getting 2.5G?
-
Hi, I have been in contact with another admin through the ticket system, and I allowed them remote admin. We've confirmed that a single connection is using saturating single core usage which is causing the bottleneck, and I've now learned this is normal behavior. Using iperf by using multiple connections saturates my internet connection. So this isn't a problem with anything really, I just didn't realise that this is a thing when getting into the multi gigabit realm
Please sign in to leave a comment.
Comments
6 comments