I just upgraded to Cablevision's new 30Mbs service. If I connect one of
my computers directly to the cablemodem, I see a download speed of
about 25Mbs (acceptable). However, if I insert a brand new Netgear
firewall (it has 100 Mbps WAN connection), my connection speed is
reduced to about 5Mbs.
Any idea what might be going on?
THanks,
David Jameson
"David"
>I just upgraded to Cablevision's new 30Mbs service. If I connect one of
>my computers directly to the cablemodem, I see a download speed of
>about 25Mbs (acceptable). However, if I insert a brand new Netgear
>firewall (it has 100 Mbps WAN connection), my connection speed is
>reduced to about 5Mbs.
>
>Any idea what might be going on?
>
>THanks,
>David Jameson
Maybe the wan or an inside ethernet connection isn't negotiating to
100Mb/Full duplex. 5 Mbps would be about the limit if any ethernet
device/port was running 10Mb/half duplex.
When I inserted the Netgear firewall, I just had the same computer
connected to it, and then the firewall to the modem. No other switches
or devices involved - and my computer continues to report that it has a
100Mbs connection.
D
Post removed (X-No-Archive: yes)
By the way, I discovered that if I disable the checkbox in the firewall
called "Turn keyword blocking on", (even though there are no keywords
defined) my download speed goes up from 5Mbs to 6.4Mbs - this is
completely reproducible and makes me nervous that the software in the
firewall is of poor quality.
D
Post removed (X-No-Archive: yes)
But the features are NOT all enabled - indeed NONE of the features were
enabled. But as a software developer I would make the following
observations:
1) Enabling a checkbox that enables detection of domain names that
should be blocked on the INITIAL request to access that site should not
cause a continuous throughput decrease from 6.5Mbs down to 5Mbs. The
keyword detection is only related to DNS lookup.
2) I don't care how many features are involved - there should NOT be a
decrease in speed from 25Mbs down to 5 or 6Mbs just because of a
firewall.
Both of the above imply a very poor implementation. I simply don't
believe that firewall programs generally should cause that much of a
slowdown.
D
D
By the way, I wasn't expecting it to do 100Mbs throughput - I was
expecting it to have no more than a small degradation from the 25Mbs
that I'm seeing through a direct modem connection.
--->It would not be "of poor quality" it just means that with all the
features enabled that the unit is not ALSO capable of doing 100mbps -
Let C be my computer
Let F be the firewall
Let M be the modem
Let <--> be the operator such that A <--> B means that A is directly
connected to B
Test 1) C <--> M Download speed = 25Mbs
Test 2) C <--> F <--> M Download speed = 5 Mbs
No other devices were involved in this test - therefore LAN to LAN
speed is irrelevent
----> LAN to LAN speed - do a test between machines INSIDE the lan
Yep - MTU is set to 1500 everywhere.
---> LAN to WAN Speed - have you checked the MTU settings to see if
that's
an issue from your old settings?
Agreed - but I already did these tests before posting on this forum.
--->The MTU setting could greatly impact your service level, and so
could
your choice of testing sites. MTU Settings run anywhere from 1430 to
1500 depending on the type of service, DSL needing lower settings,
Cable allowing higher settings.
Yep - that's why I bought it - and I didn't expect this problem to
arise.
--->The FSV318 is a good device, I've not experienced the problem you
have
when we use them to isolate lan segments.
David wrote:
> I just upgraded to Cablevision's new 30Mbs service. If I connect one of
> my computers directly to the cablemodem, I see a download speed of
> about 25Mbs (acceptable). However, if I insert a brand new Netgear
> firewall (it has 100 Mbps WAN connection), my connection speed is
> reduced to about 5Mbs.
>
> Any idea what might be going on?
>
> THanks,
> David Jameson
>
http://www.netgear.com.au/products/prod_details.asp?prodID=1 29
The WAN port of the FVS318 is 10mb base-T.
E.
E. wrote:
> David wrote:
>
>> I just upgraded to Cablevision's new 30Mbs service. If I connect one of
>> my computers directly to the cablemodem, I see a download speed of
>> about 25Mbs (acceptable). However, if I insert a brand new Netgear
>> firewall (it has 100 Mbps WAN connection), my connection speed is
>> reduced to about 5Mbs.
>>
>> Any idea what might be going on?
>>
>> THanks,
>> David Jameson
>>
> http://www.netgear.com.au/products/prod_details.asp?prodID=1 29
>
> The WAN port of the FVS318 is 10mb base-T.
> E.
Oops, the v3 is 10/100.
E.
E. wrote:
> E. wrote:
>
>> David wrote:
>>
>>> I just upgraded to Cablevision's new 30Mbs service. If I connect one of
>>> my computers directly to the cablemodem, I see a download speed of
>>> about 25Mbs (acceptable). However, if I insert a brand new Netgear
>>> firewall (it has 100 Mbps WAN connection), my connection speed is
>>> reduced to about 5Mbs.
>>>
>>> Any idea what might be going on?
>>>
>>> THanks,
>>> David Jameson
>>>
>> http://www.netgear.com.au/products/prod_details.asp?prodID=1 29
>>
>> The WAN port of the FVS318 is 10mb base-T.
>> E.
>
>
> Oops, the v3 is 10/100.
> E.
Oops part 2: Up to 11.5Mbps WAN-to-Lan throughput, 2.1 MBps 3DES throughput.
E.
You lost me here - isn't 3DES an encryption protocol? I'm not using
encryption. I assumed that if the WAN port supports 100Mbs connections,
it can at least handle 30Mbs? Otherwise I've wasted my money.
D
--->Oops part 2: Up to 11.5Mbps WAN-to-Lan throughput, 2.1 MBps 3DES
throughput.
Ah I realised after my previous response that you're talking about VPN
connections. I'm not using the VPN feature - just basic internet
connectivity.
>From a cursory Google search for "firewall throughput", I'm seeing that
typical WORSE case download speeds when using firewalls are at least
60Mbs.
So is the Netgear a dud? Or is there some hidden adjustment that needs
to be made to it?
Thanks,
D
I found the post below on the Netgear user forum - they're talking
about a different router but the symtoms look very similar, don't they?
Sounds like Netgear is bogus - I'm going to return it tomorrow and
find something better.
David
--->HA! I found it! If I have Keyword blocking turned on my bandwidth
is limited to about 190k. All I did was turn off Keywork blocking and
remove the one web site I'd blocked (myspace.com) and I have the full
speed of the cable back.Yet another problem with Netgear.
David wrote:
> I found the post below on the Netgear user forum - they're talking
> about a different router but the symtoms look very similar, don't they?
> Sounds like Netgear is bogus - I'm going to return it tomorrow and
> find something better.
> David
>
>
> --->HA! I found it! If I have Keyword blocking turned on my bandwidth
> is limited to about 190k. All I did was turn off Keywork blocking and
> remove the one web site I'd blocked (myspace.com) and I have the full
> speed of the cable back.Yet another problem with Netgear.
>
The 11.5Mbps Wan-to-LAN throughput (i.e. maximum download speed) was
straight out of Netgear specs for that model. I guess Netgear's
documentation is bodgy too.;-)
Good to hear you got it sorted tho.
Cheers,
E.
Well, now I have to find out what kind of a firewall I can get that
will give me the throughput that the modem allows.
I appreciate all the responses from people. I definitely will not be
recommending Netgear to anyone anymore.
David wrote:
> Well, now I have to find out what kind of a firewall I can get that
> will give me the throughput that the modem allows.
>
> I appreciate all the responses from people. I definitely will not be
> recommending Netgear to anyone anymore.
>
I got rid of my Netgear and got a Check Point product (500 W UTM),
which I'm very pleased with. I can't say that it will handle your 30
Mbps band-width, but you can check their web-site for details.
David wrote:
> Well, now I have to find out what kind of a firewall I can get that
> will give me the throughput that the modem allows.
>
> I appreciate all the responses from people. I definitely will not be
> recommending Netgear to anyone anymore.
>
I wouldn't slam them too hard. It's advertised as a broadband router.
For the vast majority, broadband means 1.5 or maybe 3 Mbps. Connections
like your's are a relatively new phenomenon on the market. I only wish I
had your problem. (He says from behind a 512K satellite link...)
--
Rod
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
David wrote:
> You lost me here - isn't 3DES an encryption protocol? I'm not using
> encryption. I assumed that if the WAN port supports 100Mbs connections,
> it can at least handle 30Mbs? Otherwise I've wasted my money.
> D
>
> --->Oops part 2: Up to 11.5Mbps WAN-to-Lan throughput, 2.1 MBps 3DES
> throughput.
>
The WAN port supports 100 Mbps because a) 10/100 NICS are cheap as dirt,
and b) 11.5 is bigger than 10.
--
Rod
If they advertise a WAN port that supports a physical 100Mbs
connection, it's not unreasonable to assume that the connection speed
should be more than 5 or 6 Mbs, don't you think?
D
--->I wouldn't slam them too hard. It's advertised as a broadband
router.
For the vast majority, broadband means 1.5 or maybe 3 Mbps. Connections
like your's are a relatively new phenomenon on the market. I only wish
I
had your problem. (He says from behind a 512K satellite link...)
Thanks - I will add them to my list - the other companies that I know
of are Cisco (probably too expensive) and SonicWall.
D
-->I got rid of my Netgear and got a Check Point product (500 W UTM),
which I'm very pleased with. I can't say that it will handle your 30
Mbps band-width, but you can check their web-site for details.
I'm using (right now) Google Groups --- blame them, not me, please! I
normally use the news reader in Outlook Express but I'm currently
connecting from a Linux box and I've never found a decent newsreader in
Linux that I liked :-)
--->You really need to get a Usenet client that properly quotes people,
you're sucks (forgive the wording).
See my response from "Sat, Mar 25 2006 10:46 pm" where I indicated
quite clearly (I thought) that the MTU was set to 1500 everywhere.
--->If you didn't adjust the MTU setting, while is in the instructions,
then
you might not be getting what you need - you also didn't say if you
adjusted it or not in your reply.
Don't be condescending. I already pointed out that although the feature
was enabled, there were no actual keywords to test against. Even if
there were, this should not cause 20% degradation in throughput - think
about how the algorithm should be working - if it's set to block a
particular website, then it's going to check the OUTGOING http request
for a match --- that shouldn't have ANY significant impact on the
speed of the INCOMING data.
--->As for bad software, consider this, any time you enable a filtering
feature it has to execute SOME code, that code takes CPU Time (you do
understand that the device has some form of CPU, right?), and that
means
it will decrease performance for other things.
Because it never occured to me that I'd have to worry about this kind
of degradation - I didn't go to vendor sites - I went to a store and
bought a device that claimed to support a 100Mbs WAN port - it seemed
reasonable to assume that I'd get at least 20 or 25 Mbs out of it. 5
or 6Mbs isn't even CLOSE to reasonable.
--->Why the heck would you assume anything - the specs are right on the
vendors site, please learn to read them before you make another
mistake.
Understood - but even the cheap sonicwall boxes are claiming at least
60Mbs throughput and they're not that much more expensive than the
Netgear devices.
--->Firewalls don't process at wire speed, they have a defined rate
that
they can process traffic at, it's been that way for ages.
No it doesn't - it claims 11Mbs and only delivers 5-6Mbs....more
relevently, that information is not on the box (no surprise, I suppose)
--->Except that the Netgear does what it's spec'd to do.
One doesn't always have time to sit down and research the entire
firewall market. My assumptions seemed reasonable - I suspect a lot of
people will fall into a similar trap - in the worst case, this
newsgroup thread will be helpful to others.
--->Why did you not understand that you need to read the through-put
specs on any firewall
to determine if it's going to meet your needs.
Obviously - now that I know!
--->Before you make another choice, read the detailed specs to see what
the
throughput rating is, and it's not the port speed, it's listed in the
specs.
"Up to" is the clincher, isn't it
--->Up to 11.5Mbps WAN-to-Lan throughput
I appreciate your feedback - I'm off to look at higher end firewalls.
D
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
As does Emacs - but I don't particularly like any of those clients
either. If you don't like the way Google handles groups then complain
to them. It's not necessary for you to tell me what client I should use
- if you don't like what you see, then just ignore me! I'm sure there's
a "Block this sende" in your client!
--->That's no excuse, PAN and ThunderBird do Usenet without any
problems.
Sure I do - at least to some extent- but I simply didn't expect
performance to be impacted THAT much. I'm not (nor to I want to be) a
firewall expert. "Cheap" is a relative term - I remember when a 300
baud modem cost thousands of dollars - now a broadband modem costs $50.
Cheap does not imply subpar.
--->Then you don't understand features and how the impact performance.
Like
it or not, it's a CHEAP device and you should expect some trade-offs vs
a real firewall.
Thank you - it must be nice to be you - all-knowing and so forth. I
guess I'm just not as smart as you - I hope there's still room for me
on the planet!
I wonder where in the store I could have read the throughput spec? The
very detailed product specs on the side of the box (which I did read in
the store, taking more than 5 minutes) didn't include the throughput
number - otherwise I would have noticed it immediately. Is it your
conjecture that people should never go to a store for anything without
having done a detailed analysis in advance? Where is the time for such
analysis? The good news is that the store will take the product back.
--->Your assumptions are not reasonable, they were ignorant and ill
informed. If you took 5 minutes to read the specs on the device you
were
purchasing you would have seen the real performance stats.
D
Post removed (X-No-Archive: yes)
David wrote:
> I just upgraded to Cablevision's new 30Mbs service. If I connect one of
> my computers directly to the cablemodem, I see a download speed of
> about 25Mbs (acceptable). However, if I insert a brand new Netgear
> firewall (it has 100 Mbps WAN connection), my connection speed is
> reduced to about 5Mbs.
>
> Any idea what might be going on?
>
> THanks,
> David Jameson
>
I have been satisfied with a Netscreen 5GT I use at work. Throughput is
rated at 75mbps and 20mb/s vpn. Programming is cludgy, but I never did
it before, so others may think that is ok.
Some specs are listed here:
http://www.smartways.net/enterpriseSecurity/netScreen.asp
BTW: I just found out the router (Cisco 1601r) that is before this thing
has a special serial connection that is limited to 2mbps, so when I
switch from the half T I use now to 4mbps dsl, I have to change this
router also!
Now I just found out the 1605 I was going to use also has a limit of
2mb/s!! I guess I need to get a better one!!
Here are some links, the router performance one is esp good!
Cisco_806
(http://www.cisco.com/warp/public/cc/pd/rt/800/prodlit/806bg _ds.htm)
http://www.ryxi.com/telecom-vpn-voip-dsl-lans/23-047-cisco-1 605r-maximum-throughput-on-cable-modem-read.shtml
http://www.cisco.com/warp/public/765/tools/quickreference/ro uterperformance.pdf
gr
Post removed (X-No-Archive: yes)