Excuse my English but here I lack the routine.
I have had a GBIT connection since last week that is connected to the IPFire via a cable modem. If I connect a PC directly to the Fritzbox I get the expected 1GBit down- and 300Mbit upload.
Behind the IPFire, this speed completely disappears to about 100Mbit down- and 20Mbit upload.
The MTU was adopted correctly:
[root@ipfire ~]# ifconfig red0 | grep mtu
red0: flags=67<UP,BROADCAST,RUNNING> mtu 1500
Where is the error or how can I solve the bottle neck?
PS: my IPFire Fireinfo
I would open two terminals, in one i would do a speed test (there is a package for IPFire), in the other I would issue the command
top -i and see what happens to the cpu load during the speed test. If you see one of the cores max out, there is your bottle neck. Unfortunately the intel I211 are inferior to the I210 (but way cheaper now) as they do not have 4 queues but only two. I suspect, this might require a more intense CPU load. Of course, I might be completely wrong.
Maybe qos is active with wrong settings? Or is IPS running on all nics?
Fortunately, the capacity utilization of the CPU is relatively even, on average at 50%, but your hint nevertheless brought me further in the error analysis. Thanks for that!
In fact, it was exactly these two settings that caused the throttling here.
After I had the QOS with the new values and switched off IPS, I had 300/300Mbit with the speedtest. Now I have downloaded a real file and I even get over 600Mbit in download. Apparently the speed test is too short to test these speeds.
Perfect and thanks for your support.
Now the only question remains how I can better protect my NAS if I am not allowed to switch on IPS …
For such high bandwiths you don’t need qos at all for a home setup imo. Your hardware is an Apu4 and IPS for red alone won’t result in lower throughput. I assume my own private devices and networks as safe enough and there is no need to enable IPS for blue/green/orange.
Hopefully your NAS won’t be availabe to the open wild. To protect it from clients within your local network you have better options like acl and a seperate firewall on this machine for incoming packets and allowed clients.
You can use also Iperf3, available as an add-on. The documentation is referring to iperf, but it is still helpful.
Even if I only activate the IPS on RED, the up- or download values are halved. The rulesets also have no influence.
However, QoS makes almost no difference.