Can’t achieve full speed

Hardware
1

I’m using this HW.

Red is on first RJ45 input.
I have a 750MB line in. Connected directly to the modem I measure this speed.

Out on green either RJ45 or fiber I’m only able to get close to 300 MB

If we assume I don’t have an issue with Ethernet cables nor the singel mode fiber I use, where to investigate or understand where the issue is ?

The dealer suggests some sort of driver issues. But I guess that’s not easy to change.
Is these a problem ?
2 x Intel 82583 Gigabit Ethernet + 2 x Intel i350-AM2 Fiber Gigabit Ethernet

I’ve plugged RJ45 directly into RJ45 as green and measured.
I’ve changed green to SFP (via SSH) and plugged a FTLF1421P1BCL with both 1 meter fiber as well as 20 meter fiber. Using a FMC in order to connect the laptop when testing.
Same results.
This is why I don’t think the problem is outside my iPfire hardware.
I also tested different cable between my modem and the firewall.

I also installed iPfire on a second device. Actually my old ipCop firewall (just replaced the SSD). Still same result. Maybe even slightly better.

I’m quite sure the modem is in bridge mode. I haven’t logged in an verify, but as I’m getting a public IP on red, I must expect this isn’t an issue.

2

Hi @r1200cl

Are you using IPS/IDS? This has a significant impact on hardware of this size/type.

2 Likes
3

I must admit I do not understand the question.
Can you kindly advise me how to verify this ?

Edit:
Intrusion detection. I check. I guess the answer is yes.

image
image1959×935 185 KB

Edit 2

Just switched off. Got an boost in a quick wireless test. Need further testing. But it seems we may have a solution.

So would better HW solve this ? How much better is required ?

4

Sorry, I was not clear enough.
Yes it was the Intrusion Prevention System that I meant as you found.

Have a look at this link for more info.
https://wiki.ipfire.org/configuration/firewall/ips/performance-considerations

The mini appliance spec is probably closest to your situation. The business appliance hardware spec would be closest to maintaining the performance.

1 Like
5

Should I expect any better performance by going from 2 to 4Gb of RAM ?

The settings is like this now shown on attached pic without almost any degradation. Adding green starts the problem.
However, applied on red, shouldn’t that give quite good protection ?

image
image2001×1459 235 KB

6

Hi Andreas,

As the article says the Intrusion Prevention System will use more ram as needed but that after a certain point the cpu power will limit you.

So I think the answer is maybe, depending on the power of your cpu and the number of rules that you are using.

I think it depends what you are concerned about for your specific network.
The following links on IPS setup and ruleset selection may be useful to read through. I am definitely a beginner on IPS usage myself.

https://blog.ipfire.org/post/ips-configuration-recommendations-for-ipfire-users
https://wiki.ipfire.org/configuration/firewall/ips/rule-selection

The wikipaedia article on IPS is also probably good to read.
https://en.wikipedia.org/wiki/Intrusion_detection_system

One reason to monitor the green interface is that it checks for abnormal traffic on internal networks in case something has managed to get past the firewall rules and is on your internal systems.

2 Likes