Internet speed slower in bridge mode

So can anyone with a pipe bigger than 50 meg confirm they get anything greater than 50mbps?

Over WiFi on a laptop...

Hi, Wisiwyg can you run your speed test at speedtest.net I seem to  be getting false  high speed  at Xfinity with the shield  its showing I'm getting  103 Mbps at xfinity but only 57 Mbps from speedtest.net and confirmed the speed with  my ISP Wave   http://residential.wavebroadband.com/support/internet/testing-your-speed/ 

Thanks  for help still working on updating  the second  shield I got off eBay  and will update you and  user8446




http://www.speedtest.net/my-result/5785958504



http://results.speedtest.xfinity.com/result/1427941404.png

OK, just tried it.. Same thing happening to me.

With shield in place and testing at speedtest.net, I get 48 mbps down.

With shield out of the loop, speedtest.net, I get 100 mbps down.

Somewhere along the line throughput dropped. I wonder if the tweaks we've made over the last few months did it?

Always been the case for me. I've had 150meg + internet the whole time I've been using the shield and never got more than 57 meg down with the shield inline.  I remember Itus talking about optimising the cavium processors to increase the throughput but that was before they went under. It may have been one of the guys who helped me get my shield unbricked when sp1 was released, I can't really remember

Hi, Wisiwyg thanks  my shield never goes above 57 Mbps  looking at the system log it shows memcap error, I have increase the size of the log  that user8446 has been helping me with but it just does not go above 57 Mbps not using that much Ram so not sure what stopping it from going over  


if you do speed test and look at your system logs see if you having  memcap error

Over the year the ruleset has grown, increasing security but of course degrading performance. Have you tried to temporarily run with no rules and then run a speed test? Just have a blank file at /etc/snort/rules/snort.rules

nice theory user8446, here is the speed with a blank snort ruleset:



and with the regular ruleset:



with NO Shield inline, it'll be just over 200mbps.

Hi

Just a thought, could it be vnstats limiting the throughput as i've  seen in a reply in this post vnstat set maximum 100 Mbit

vnstats is what produces the traffic monitor reports

in etc/vnstat.conf

you will see a setting

# maximum bandwidth (Mbit) for all interfaces, 0 = disable feature
# (unless interface specific limit is given)
MaxBandwidth 100

I believe that this sets the bandwidth to 100mbits

try changing to 1000

Again it's only an idea

Roadrunnere42

OK, Tried this  -  set MaxBandwidth 1000 - and didn't see any difference. Throughput ~54 mb

Any other suggestions?

TIA.

Hi, I was trying to add blank file and know getting  this error and not internet


Sat Nov 12 11:43:30 2016 daemon.err snort[5768]: FATAL ERROR: /etc/snort/rules/snort.rules(0) Unable to open rules file "/etc/snort/rules/snort.rules": No such file or directory.

Sat Nov 12 11:43:30 2016 daemon.info procd: Instance snort::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Sat Nov 12 11:43:36 2016 daemon.err uhttpd[4690]: cut: standard output: Broken pipe
Sat Nov 12 11:43:36 2016 daemon.err uhttpd[4690]: ls: /etc/snort/rules/snort.rules: No such file or directory

I made copy of the snort.rules and left it blank but I removed the file the added the rules back

Hi Breda,

I believe if you delete the file (better to rename it and not delete it) and then run the sh /sbin/fw_upgrade script it will rebuild the snort.rules file based on the rule sources that you've uncommented.

I'm going to try to back down on the number of rules I'm using to see if that makes any difference.

Ok, getting somewhere...

Just tried to reduce the size of the snort.rules file. First, I commented out a few sources and dropped the rules file size from 4,600k to 3,600k and repeated test. Result was about the same, 48 mbps down.

Then, I commented out nearly all, left 3 sources, ran fw_upgrade (which restarts Snort) resulting in a file size of 978 k and result was 90 mbps down.

So, either we (or more precisely one of you guys that knows what they're doing with snort rules!) finds a setting to increase throughput with a larger rule set or we pare down the rule set for improved throughput.  It appears that Shield simply doesn't have the horsepower for a full load ruleset and full speed throughput.

Any recommendations?

Hi, Thanks  Wisiwyg I ran the  script and I keep getting this  Error



Sat Nov 12 12:10:25 2016 daemon.err uhttpd[4627]: ls: /etc/snort/rules/snort.rules: No such file or directory
Sat Nov 12 12:10:33 2016 daemon.err uhttpd[4627]: ls: /etc/snort/rules/snort.rules: No such file or directory


file present already
 Found FATAL ERROR AFTER RESTART - making backup of old snort rules then deleting snort rules
 after deleted restarting fw_upgrade script
 Stopping error checking after 3 attempts, FATAL ERROR still present

Hi Breda,

I had an odd error like what you're describing and tried to resolve it too. Then, one time everything worked and I wasn't sure exactly what fixed it... You can look back through the threads to see the discussion. I had lots of helpful suggestions from better qualified members on this forum.

Re this specific error, if its not liking if you don't have the file present, try editing your old snort.rules file and delete all but 2 or 3 lines of rules, then try it again. The file will exist, and will be overwritten when the script runs. I use WinSCP to get to the Shield and then Notepad++ to make these edits.

Good luck!

Hi, Wisiwyg  Thanks I tried that but still get the error  I ran the fw_upgrade script  via SSH

 copying new sorted rules....this may take a minute.
sed: unsupported command /
Restarted DNSMASQ
 
Restarting SNORT service
(please ignore PID errors - these are expected)
Restarted SNORT
file present already
 Found FATAL ERROR AFTER RESTART - making backup of old snort rules then deleting snort rules
 after deleted restarting fw_upgrade script



Sun Nov 13 17:45:00 2016 daemon.err uhttpd[4627]: ls: /etc/snort/rules/snort.rules: No such file or directory

Hi Breda,

You're getting the error because you deleted the whole file instead of deleting the contents and leaving a blank file. Just put it back and you'll be good to go:

snort.rules

Further investigation into the throughput testing...

Some of you may know from another thread that I'm playing with opnSense on a small Dell i5 quad box. I tested throughput on the laptop I've been using to test the opnSense 16.7 (production version) installation. That test bed goes through the Asus router, through a DMZ and through the Shield in Bridge mode.

With Shield in place in Bridge Mode, I get the same thorughput of about 48-50 mbps through the opnSense box with the attached laptop. With Shield taken offline, I get about 98 mbps through the opnSense box with the attached laptop. This is the same throughput I get when testing with just the Router with Shield offline, without going through the opnSense box. This indicates to me that the i5 opnSense with Suricata installation is giving me full throughput on my ~100 mbps internet connection. This is probably a question of processing horsepower.

The opnSense box is running Suricata in in-line mode (realtime inspection). There are about 15 rulesets active, plus GeoIP filtering active. I'm trying to set it up as a Transparent Bridge to duplicate what I have with Shield/Snort, but I haven't found the right combination of settings and there's not much to go on on the opnSense forums.

Hopefully we can sort out the throughput issues with Shield and full ruleset active.

Wasn't Suricata originally chosen for bridge mode by ITUS as it supports multi-core processing? Not sure why they settled on Snort. Wonder if suri would increase throughput?