dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
10749
sbe171
join:2014-11-30

sbe171

Member

Re: USG 110 low throughput

I see there is a firewall, but it seems like maybe some of the features are available only from CLI, not GUI?

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd to sbe171

MVM

to sbe171
»www.watchguard.com/
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith to sbe171

Member

to sbe171
No compromise red! Gotta be faster, and adds color to the rack.

Tiger Direct pricing is incomprehensible; some investigation of subtle differences among offerings is called for, but subscription licenses aren't given away by Firebox either.

Wasn't this company once a clone competitor to Xincom in the DSL-speed dual-WAN market?

kirby
sbe171
join:2014-11-30

sbe171 to mozerd

Member

to mozerd
Watchguard seems very good but also quite expensive.
JPedroT
Premium Member
join:2005-02-18

JPedroT to sbe171

Premium Member

to sbe171
I'd still love for you to do a packet trace, so we get to analyze the traffic patterns.

It should not take more than 15 minutes, is my guess, depending upon how long your speed tests takes to run.
sbe171
join:2014-11-30

1 edit

sbe171

Member

I was able to run wireshark and I will upload the results soon.
sbe171

sbe171

Member

Trace: »www.hightail.com/downloa ··· hOUjhUQw
JPedroT
Premium Member
join:2005-02-18

1 edit

JPedroT

Premium Member

Click for full size
Just to make sure I did not read this wrong.

192.168.10.70 is your computer
213.57.11.14 is your test server on the internet

Quick glance you have a lot of segments out of order and duplicate acks going on and once in a while a previous segment not captured message.
The last one means that either you lost a packet or that your computer was unable to capture it.

The only way to find out which, is if the packet arrives on the WAN port of the ZyWALL and then check that with the capture on the local computer.
But due to this lost packet, there is some tcp housekeeping going in. Which could be the reason it throttles it back some, but not sure about the math and how much it should throttle back.....

Also the out of order segments might fill up your receive buffer, which could drop your speed again.

Would it be possible to capture between zywall and modem at the same time you capture on the pc?
Does the same tcp stuff happen when using the asus, ie does the capture show Previous Segment not captured?

If you open up wireshark and use the following as display filter on your capture file, it will be easy to find : tcp.analysis.flags && !tcp.analysis.window_update

So basically your test opens up multiple tcp connections between your computer and the server on port 8080 and transfers files. Anything from 50MB and down.
If you look at it visually you see again that you have none nice things in there. The graph is log scaled so the bares are big so that we can see them.

But since the graph nicely stops at 100M ie 10^7 it is weird, since on a 100M link you get less than 100M due to overhead.

Anyway, did you try a switch between the ZyWALL and the modem? Did you try to remove the switch between your computer and then ZyWALL?

And then there is the SYN going to port 843 on the server which never gets ACK'ed just a retransmission....

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav to sbe171

Premium Member

to sbe171
Fuck, I love this Sherlock Pedro stuff!!
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

There is some packet loss here, why I have no idea and generally small amounts of packet loss should be expected, but it will of course impact performance to some degree.

Open the file in wireshark add the following display filter

ip.addr == 213.57.11.14

Add a column that shows the "ip.id" feld.

Look at packet #2007 and #2008, you see the id going from 29836 to 29841 and there is on mention of 37-40, they are "gone". Question is where did they get lost....

This means retransmission and slowdown of throughput, how much depends on the window size and host/application receive buffer size.
sbe171
join:2014-11-30

sbe171

Member

I don't know what to make of any of the stuff you said.
What I know is this: router A performs, router B does not perform.
Therefore it makes sense to me that I should be able to find another router that does perform, and also has the capabilities that I need.
The suggestions here were very intersting - watchguard more convincing that egdrouter.
I will try USG 310 next - unless someone will tell me it is too noisy for an office.
Otherwise I will try a watchguard.

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd to Kirby Smith

MVM

to Kirby Smith
said by Kirby Smith:

Tiger Direct pricing is incomprehensible; some investigation of subtle differences among offerings is called for, but subscription licenses aren't given away by Firebox either.

I do not like Tiger direct BUT I do like ProVantage
WatchGuard XTM 330 and 1-Year Sec Bundle - $1209.00 outstanding for a SOHO device.

Compare XTM 3 Series Firewalls
mozerd

mozerd to sbe171

MVM

to sbe171
said by sbe171:

I will try USG 310 next - unless someone will tell me it is too noisy for an office.

The 310 should deliver the speed you are after .... insofar as noise --- yes it does make noise and some do find it objectionable some do not --- highly subjective. I would place it in a closet because the noise would bother the heck out of me .... however the 310 is not intended to be openly admired its meant to be placed in a closet away from view.
sbe171
join:2014-11-30

sbe171

Member

I have a Cisco rack switch SG-200-26 which is totally silent.
On the other hand a Fortinet 100D that I tested just now rubmled like a garbage truck and I couldn't bear it for 5 minutes.
Where does the 310 lie?

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd

MVM

I put one in a wiring closet and I certainly could hear it but there was a lot of other gear making noise also --- I would state that the noise it makes is not suitable if you want to place it in your office. BTW the WatchGurad high performance gear like WatchGuard XTM 515 etc are all noisy. They are all generally placed in Data centers or wiring closets. And if you want to try the WatchGuard stuff [they have free trial offers] I would consider the XTM 515 based on the kind of specs you are looking for.
sbe171
join:2014-11-30

sbe171

Member

Seems like a 6u wall cabinet might be a solution.
Is it possible to replace the fans on a 310 to quiet fans?
Would not an xtm 330 be performance enough for me?

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd

MVM

said by sbe171:

Seems like a 6u wall cabinet might be a solution.
Is it possible to replace the fans on a 310 to quiet fans?
Would not an xtm 330 be performance enough for me?

6u wall cabinet would be good --- but make sure that the cabinet is well vented -- it can get quit hot however if its well vented you'd be in good shape.

the XTM 330 will definitely give you all the performance you can get from your 500mb/s downlink PLUS more using the Firewall only but if you use the UTM feature the performance drops 146 Mbps whereas the XTM 515 UTM delivers 850 Mbps

You need to talk to WatchGuard and find out if the XTM 330 can be purchased without the UTM stuff or they may suggest another model. I only have exposure to limited number of devices so my expertise is not complete.

I do not know if the USG310 fan can be replaced with a quieter one but that may be an option to explore.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith to sbe171

Member

to sbe171
said by kirby :

Tiger Direct pricing is incomprehensible; some investigation of subtle differences among offerings is called for, but subscription licenses aren't given away by Firebox either.

said by mozerd:

I do not like Tiger direct BUT I do like ProVantage

I normally use Provantage, but WatchGuard's site listed TigerDirect, among others I didn't recognize, as distributors, so I went there to save searching.

In any case, the research that cost/performance comparison calls for requires time I haven't been able to allocate yet.

kirby
bmmikee
Premium Member
join:2015-03-09
USA

bmmikee to sbe171

Premium Member

to sbe171
A little late but I had a similar issue. I had checked the box for "collect statistics" under monitoring > traffic and after a few days of recording data I noticed my internet got very slow. 150mbps down to about 75mbps. Once I disabled that, it shot back up there again. Just an FYI as something to look at.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

so your saying that the function of collect statistics seemed to be a root cause for slowdown? Is that still valid on the latest firmware (can you test again)?
sbe171
join:2014-11-30

sbe171 to bmmikee

Member

to bmmikee
That's the first hint that I felt was on the money.

Testing:
Unchecking all the statistics collection flags (about 5 of them) - 150mbps
Disabling firewall - 350mbps
Enabling firewall - 200mbps
again - going down towards 150mbps
flush statistics disable firewall - 350 again
run again - goes down to 250 without firewall, 150 with firewall.
So you need to keep flushing the statistics to get normal performance, even when the collection is off, and even then it doesn't go above 350.
Not very reassuring of the ZyXEL proposition.

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd to bmmikee

MVM

to bmmikee
said by bmmikee:

I had checked the box for "collect statistics" under monitoring .......... Once I disabled that, it shot back up there again. Just an FYI as something to look at.

this sounds like a bug to me. Collect statistics should have ZERO to do with firewall and UTM performance. I'd report this to ZyXEL.
LaLinea
join:2014-10-07

LaLinea to sbe171

Member

to sbe171
I also see performance impact of collecting statistics on all ZyWALLs from the oldest to the newest firmware. And the problem is, after a reboot the collection is enabled again I didn't found a way to disable permanently.

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

4 edits

mozerd

MVM

I just finished some tests on my USG100 and sure enough the Collect Statistics feature DOES have a significant performance impact 33% plus to the negative especially in a busy [very active] network. This is very upsetting as it points to very POOR [incompentent] engineering.

And one other anomaly that has me riled .... Each time I click on Monitor > Interface statiistics My Browser [IE 11] freezes up ... I have to close the browser and login again ... This is repeatable. Grrrrrrrrrr. [EDIT] I'm going to try a different browser --- with FireFox 36.01 no freezup so IE11 and the USG100 has issues.

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO

Napsterbater to JPedroT

MVM

to JPedroT
said by JPedroT:

Or force both devices to use 1Gb and full duplex, ie do not autodetect the speed and duplex setting.

Per the spec you can't force 1Gb, and any devices allowing it are not following spec.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith to sbe171

Member

to sbe171
Hmmm. I found the page Monitor/System Status/Traffic Statistics on my USG50. The Collect Statistics box was checked, but there were no statistics collected under any category that I could view. What am I missing in this conversation?

kirby

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd

MVM

Uncheck the box then apply. Also go to AntI-X Statistics and uncheck all the boxes that are checked ... Make sure to Apply otherwise nothing will stick.

But before you uncheck the stuff run some bandwidth tests then Compare to the bandwidth tests with the stuff you unchecked. If you do not have an active network does not matter much however ... But with an active network it certainly does.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith to sbe171

Member

to sbe171
Well, my results are somewhat unexpected. I have historically observed 15 down/10 up in testing, presumably through one of my two fiber connections. I think the test software uses only one IP address, but maybe that is in the down direction and not in both directions. Anyway, tonight I measured using Speakeasy, with statistics already turned off but IDP on (but hadn't yet killed some modest data rate Mint 17.1 MATE ISO torrent seeding), values in Mbps: 15.3 down, 19.8 up

IDP off, seeding off: 30.6 down, 15.2 up

IDP on, seeding off: 28.7 down, 15.3 up (pinging Crunchyroll yields only 20 ms latency, an order of magnitude lower than often observed)

IDP on, light seeding on: 6.0 down, 15.3 up (seeding should affect up, not down)
and again: 4.4 down, 15.1 up (pinging Crunchyroll yields 100 ms latency)

IDP on, light seeding off: 30.7 down, 15.2 up (pinging Crunchyroll yields 20 ms latency)

I conclude that either this is an irregular performance time in Fairpoint's daily travail or minor seeding at around 0.1 Mbps causes a serious drop is throughput.

I'll try again some very late or early time to see if I can confirm these effects, and then get to the effect of statistics.

kirby
Kirby Smith

Kirby Smith to sbe171

Member

to sbe171
1:30 AM EDT update:

Latency to crunchyroll ~20 ms with torrent seeding

with IDP on and 30 - 80 KB/s torrent seeding, 15.5 down, 15.3 up

with IDP on and no seeding, 45.3 down, 30.5 up

(IDP may ignore speed-test packets, otherwise this would be hard to believe of a USG50.)

Conclusion: Dealing with torrents seems to significantly impair combined PC-router bandwidth. It would be useful to run/not run torrents on another PC while testing bandwidth to be sure of where the impairment is occurring.

In the fullness of time.

kas
Kirby Smith

Kirby Smith to sbe171

Member

to sbe171
OK, getting back to the issue, statistics collection, here are my results for the USG50 for 1 AM on a Monday morning (a school night) for which Fairpoint seems to be operating consistently with low congestion. All of these tests have been to Speakeasy in NY.

Seeding    Statistics     Down     Up
Yes             No         31.    15.1
No              No         31.    15.2
No          Yes (all)      31.    15.3
 

These results suggest that for the USG50, collecting statistics does not affect the Speakeasy speed test results.

kirby