Bandwidth and Thruput

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Bandwidth and Thruput

Herbert Appel
Hello together,

we use the latest version of EFW 2.51 in school.
Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
Of course the services decelerate the thruput but I didn´t excpect this decrease.
We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).

Can somebody confirm that this is normal?
Or, what can we do to lever the thruput?

I would be grateful for any hint.
Thanks in advance

Herbert
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Andre Mueller

Hello Herbert

We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
Content-Filter) we have full speed on the Green-interface in
uploading/downloading towards/from Red-interface and GBit/s speed
from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
we have assigned 1 GByte (used actually 50%).

with best regards, Andre


Am 20.03.13 07:40, schrieb Herbert Appel:

> Hello together,
>
> we use the latest version of EFW 2.51 in school.
> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
> Of course the services decelerate the thruput but I didn´t excpect this decrease.
> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>
> Can somebody confirm that this is normal?
> Or, what can we do to lever the thruput?
>
> I would be grateful for any hint.
> Thanks in advance
>
> Herbert
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

ildavo
In reply to this post by Herbert Appel
I'm not sure about normality but can you tell how did you measure the
throughput?
Thanks
Davo

On 03/20/2013 07:40 AM, Herbert Appel wrote:

> Hello together,
>
> we use the latest version of EFW 2.51 in school.
> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
> Of course the services decelerate the thruput but I didn´t excpect this decrease.
> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>
> Can somebody confirm that this is normal?
> Or, what can we do to lever the thruput?
>
> I would be grateful for any hint.
> Thanks in advance
>
> Herbert
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Herbert Appel
In reply to this post by Andre Mueller
Hello Andre,

hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?

Herbert
Am 20.03.2013 um 09:10 schrieb Andre Mueller:

>
> Hello Herbert
>
> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
> Content-Filter) we have full speed on the Green-interface in
> uploading/downloading towards/from Red-interface and GBit/s speed
> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
> we have assigned 1 GByte (used actually 50%).
>
> with best regards, Andre
>
>
> Am 20.03.13 07:40, schrieb Herbert Appel:
>> Hello together,
>>
>> we use the latest version of EFW 2.51 in school.
>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>
>> Can somebody confirm that this is normal?
>> Or, what can we do to lever the thruput?
>>
>> I would be grateful for any hint.
>> Thanks in advance
>>
>> Herbert
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Kevin Murphy-10
In reply to this post by Herbert Appel
Hi Herbert

What NIC cards are you using?  I haven't used Endian on a connection as fast as you have but I have noticed a difference between cheap nics and the more expensive server grade ones.  Also I am pretty sure using anti virus scanning is going to affect the throughput. What is your CPU loads showing? 

Regards
Kevin


Sent from Samsung Mobile



-------- Original message --------
From: Herbert Appel <[hidden email]>
Date:
To: [hidden email]
Subject: Re: [Efw-user] Bandwidth and Thruput


Hello Andre,

hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?

Herbert
Am 20.03.2013 um 09:10 schrieb Andre Mueller:

>
> Hello Herbert
>
> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
> Content-Filter) we have full speed on the Green-interface in
> uploading/downloading towards/from Red-interface and GBit/s speed
> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
> we have assigned 1 GByte (used actually 50%).
>
> with best regards, Andre
>
>
> Am 20.03.13 07:40, schrieb Herbert Appel:
>> Hello together,
>>
>> we use the latest version of EFW 2.51 in school.
>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>
>> Can somebody confirm that this is normal?
>> Or, what can we do to lever the thruput?
>>
>> I would be grateful for any hint.
>> Thanks in advance
>>
>> Herbert
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Farzan Qureshi-2
In reply to this post by Herbert Appel

Can you please go to status and then connection and tell me what is the maximum TTL you see on connections? Is it 119:00 ..something? ?

Farzan Qureshi
------------------
Rosmini College
Network Administrator & Helpdesk support

On 20/03/2013 7:58 PM, "Herbert Appel" <[hidden email]> wrote:
Hello together,

we use the latest version of EFW 2.51 in school.
Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
Of course the services decelerate the thruput but I didn´t excpect this decrease.
We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).

Can somebody confirm that this is normal?
Or, what can we do to lever the thruput?

I would be grateful for any hint.
Thanks in advance

Herbert
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([hidden email]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Herbert Appel
In reply to this post by ildavo
Hello Davo,

we used different methods:
1. www.speedtest.net
2. http://www.initiative-netzqualitaet.de
3. Download of a file (e. g. http://www.ibc-blog.de/wp-content/uploads/2012/10/IBC-SOLAR_Jura-Solarpark.jpg) 7MB took 8-9s

greetings
Herbert

Am 20.03.2013 um 09:13 schrieb [hidden email]:

> I'm not sure about normality but can you tell how did you measure the
> throughput?
> Thanks
> Davo
>
> On 03/20/2013 07:40 AM, Herbert Appel wrote:
>> Hello together,
>>
>> we use the latest version of EFW 2.51 in school.
>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>
>> Can somebody confirm that this is normal?
>> Or, what can we do to lever the thruput?
>>
>> I would be grateful for any hint.
>> Thanks in advance
>>
>> Herbert
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Andre Mueller
In reply to this post by Herbert Appel

Hello Herbert

If possible I would first try, only for testing purposes, to switch off
the proxy functionality. Futher I would try to make "measurements" by
placing a computer in the Red subnet and by transferring large data
to/from by simple protocol to an other computer in the green subnet.
Also verifying if the green-interface is really working at 100Mbits and
not at 10Mbits. Wow is the CPU load? And is /var/log eventually full?

best regards, Andre


Am 20.03.13 09:20, schrieb Herbert Appel:

> Hello Andre,
>
> hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?
>
> Herbert
> Am 20.03.2013 um 09:10 schrieb Andre Mueller:
>
>>
>> Hello Herbert
>>
>> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
>> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
>> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
>> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
>> Content-Filter) we have full speed on the Green-interface in
>> uploading/downloading towards/from Red-interface and GBit/s speed
>> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
>> we have assigned 1 GByte (used actually 50%).
>>
>> with best regards, Andre
>>
>>
>> Am 20.03.13 07:40, schrieb Herbert Appel:
>>> Hello together,
>>>
>>> we use the latest version of EFW 2.51 in school.
>>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>>
>>> Can somebody confirm that this is normal?
>>> Or, what can we do to lever the thruput?
>>>
>>> I would be grateful for any hint.
>>> Thanks in advance
>>>
>>> Herbert
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>> _______________________________________________
>>> Efw-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>

--

Andre Mueller
Leuengasse 26 / CH-4057 Basel / Switzerland
Tel +41-44-350 76 11 / Fax +41-44-350 76 12
mailto:[hidden email]
http://www.himmel-blau.com

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Herbert Appel
In reply to this post by Kevin Murphy-10
Hi,

the NICs are 3COM and Realtec 10/100MBit/s
CPUload is about 80%

I share your opinion but we can´t switch off all services to have max truput :-(
then Endian is useless!

thanks a lot

Herbert

Am 20.03.2013 um 09:35 schrieb kevsworld:

Hi Herbert

What NIC cards are you using?  I haven't used Endian on a connection as fast as you have but I have noticed a difference between cheap nics and the more expensive server grade ones.  Also I am pretty sure using anti virus scanning is going to affect the throughput. What is your CPU loads showing? 

Regards
Kevin


Sent from Samsung Mobile



-------- Original message --------
From: Herbert Appel <[hidden email]>
Date:
To: [hidden email]
Subject: Re: [Efw-user] Bandwidth and Thruput


Hello Andre,

hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?

Herbert
Am 20.03.2013 um 09:10 schrieb Andre Mueller:

>
> Hello Herbert
>
> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
> Content-Filter) we have full speed on the Green-interface in
> uploading/downloading towards/from Red-interface and GBit/s speed
> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
> we have assigned 1 GByte (used actually 50%).
>
> with best regards, Andre
>
>
> Am 20.03.13 07:40, schrieb Herbert Appel:
>> Hello together,
>>
>> we use the latest version of EFW 2.51 in school.
>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>
>> Can somebody confirm that this is normal?
>> Or, what can we do to lever the thruput?
>>
>> I would be grateful for any hint.
>> Thanks in advance
>>
>> Herbert
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Herbert Appel
In reply to this post by Andre Mueller
Hi,

thanks for your hints - I´ll check.

Herbert

Am 20.03.2013 um 09:38 schrieb Andre Mueller:

>
> Hello Herbert
>
> If possible I would first try, only for testing purposes, to switch off
> the proxy functionality. Futher I would try to make "measurements" by
> placing a computer in the Red subnet and by transferring large data
> to/from by simple protocol to an other computer in the green subnet.
> Also verifying if the green-interface is really working at 100Mbits and
> not at 10Mbits. Wow is the CPU load? And is /var/log eventually full?
>
> best regards, Andre
>
>
> Am 20.03.13 09:20, schrieb Herbert Appel:
>> Hello Andre,
>>
>> hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?
>>
>> Herbert
>> Am 20.03.2013 um 09:10 schrieb Andre Mueller:
>>
>>>
>>> Hello Herbert
>>>
>>> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
>>> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
>>> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
>>> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
>>> Content-Filter) we have full speed on the Green-interface in
>>> uploading/downloading towards/from Red-interface and GBit/s speed
>>> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
>>> we have assigned 1 GByte (used actually 50%).
>>>
>>> with best regards, Andre
>>>
>>>
>>> Am 20.03.13 07:40, schrieb Herbert Appel:
>>>> Hello together,
>>>>
>>>> we use the latest version of EFW 2.51 in school.
>>>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>>>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>>>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>>>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>>>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>>>
>>>> Can somebody confirm that this is normal?
>>>> Or, what can we do to lever the thruput?
>>>>
>>>> I would be grateful for any hint.
>>>> Thanks in advance
>>>>
>>>> Herbert
>>>> ------------------------------------------------------------------------------
>>>> Everyone hates slow websites. So do we.
>>>> Make your web apps faster with AppDynamics
>>>> Download AppDynamics Lite for free today:
>>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>>> _______________________________________________
>>>> Efw-user mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>> _______________________________________________
>>> Efw-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
> --
>
> Andre Mueller
> Leuengasse 26 / CH-4057 Basel / Switzerland
> Tel +41-44-350 76 11 / Fax +41-44-350 76 12
> mailto:[hidden email]
> http://www.himmel-blau.com
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

compdoc
In reply to this post by Herbert Appel

>the NICs are 3COM and Realtec 10/100MBit/s

>CPUload is about 80%

 

100baseT = 100 Mbps = 12.5 MBps

 

EFW depends on the speed of the host cpu and on the network cards. Because of overhead and the limits of older computer buses and cpus, I don’t believe you will get much more than 7MBit/s using 100baseT nics.

 

I also do not believe 3Com nics are known for their speed.

 

What cpu is in the firewall, and how much ram? These are very important when processing your enabled services.

 

 

 

 


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Josh Carter

As stated CPU / RAM are your primary concern here. If your CPU usage is high, your throughput will be limited as such. One other consideration for ClamAV is disk speed. The file is downloaded to your EFW disk, scanned by clamav, then passed through to your client. If the disk is slow, that can be a factor.

 

I have an INTEL atom based EFW running IPS/Proxy/CLAMAV etc and I’m able to fully utilise my 20mbit connection, however I do see ~90% cpu usage and I have an SSD hard drive to improve the ‘speed’ of clamav. I imagine you would need the newer generation, dual core atom’s or a Core i3+ to cope with all the services on a 100/100mbit link.

 

Hope that’s helpful.

 

 

From: compdoc [mailto:[hidden email]]
Sent: Thursday, 21 March 2013 12:43 AM
To: [hidden email]
Subject: Re: [Efw-user] Bandwidth and Thruput

 

>the NICs are 3COM and Realtec 10/100MBit/s

>CPUload is about 80%

 

100baseT = 100 Mbps = 12.5 MBps

 

EFW depends on the speed of the host cpu and on the network cards. Because of overhead and the limits of older computer buses and cpus, I don’t believe you will get much more than 7MBit/s using 100baseT nics.

 

I also do not believe 3Com nics are known for their speed.

 

What cpu is in the firewall, and how much ram? These are very important when processing your enabled services.

 

 

 

 

==== Charter Hall ========================
This e-mail message and any accompanying attachments may contain information that is confidential and subject to legal privilege.  If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments.  If you have received this message in error, please advise Charter Hall by return e-mail or telephone (02) 8908 4000.  Any views expressed in this message are those of the individual sender, except where the sender expressly and with authority states them to be the views of Charter Hall.  Charter Hall cannot guarantee that this e-mail or any attachments are free of viruses or other conditions which may damage or interfere with data, hardware or software with which it might be used.
======================================


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Farzan Qureshi-2
In reply to this post by Herbert Appel
Hi Herbert,

I was having similar issues with endian firewall at our end. I have done some modifications to the TCP/IP stack manually and some optimization to dansguardian. It is working very well.

You can try following settings and hopefully this will fix your issues because it did for us. Remember to first reboot your endian firewall and once it is up access it through console and make changes to TCP/IP stack. But let me tell you I still haven't got enough time to figure out to make these changes of TCP/IP permanent. Because it reverts to default settings on reboot. But for dansguardian those settings are permanent.

I noticed that TTL for established connection is too big by default that is 119:00 something...which is like a connection may live upto 5 days and hence choke available ports. (you can check this on status and go to connections)

Following are the instructions for you:


TCP/IP Stack Modifications



Edit:

    nano /proc/sys/net/ipv4/tcp_max_orphans


Change figure to

    8192




Run following three commands one by one:

    echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
    echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
    echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl



Edit:

    nano /proc/sys/net/ipv4/tcp_keepalive_probes


Change value to

    5




Edit:

    nano /etc/sysctl.conf



And change following values to reflect values shown below or add these values if they are not present:

    net.ipv4.tcp_keepalive_intvl = 30
    net.ipv4.tcp_keepalive_probes = 5
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_max_orphan = 8192
    net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=1200 

Save changes.




Run following commands one by one:

    echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
    echo 131072 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
    



==========================================
DANSGUARDIAN AND ANTIVIRUS OPTIMIZATION
==========================================

Edit file

    nano /usr/lib/efw/dansguardian/default/settings



And enter/change following parameters:

    MAXCHILDREN=500
    MINCHILDREN=128
    MINSPARECHILDREN=32
    PREFORKCHILDREN=16
    MAXSPARECHILDREN=256
    MAXAGECHILDREN=10000



Edit following file:

    nano /etc/havp/havp.conf.tmpl



Add following parameters:

    MAXSERVERS 150
    SERVERNUMBER 50



Also add following parameters after following line:

STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS gnome-vfs xine

Add following parameters after above line in file:

    RANGE true
    SKIPMIME image/* video/* audio/*


Hope this helps.

Kind regards,

Farzan



On 20 March 2013 21:45, Herbert Appel <[hidden email]> wrote:
Hi,

thanks for your hints - I´ll check.

Herbert

Am 20.03.2013 um 09:38 schrieb Andre Mueller:

>
> Hello Herbert
>
> If possible I would first try, only for testing purposes, to switch off
> the proxy functionality. Futher I would try to make "measurements" by
> placing a computer in the Red subnet and by transferring large data
> to/from by simple protocol to an other computer in the green subnet.
> Also verifying if the green-interface is really working at 100Mbits and
> not at 10Mbits. Wow is the CPU load? And is /var/log eventually full?
>
> best regards, Andre
>
>
> Am 20.03.13 09:20, schrieb Herbert Appel:
>> Hello Andre,
>>
>> hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?
>>
>> Herbert
>> Am 20.03.2013 um 09:10 schrieb Andre Mueller:
>>
>>>
>>> Hello Herbert
>>>
>>> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
>>> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
>>> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
>>> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
>>> Content-Filter) we have full speed on the Green-interface in
>>> uploading/downloading towards/from Red-interface and GBit/s speed
>>> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
>>> we have assigned 1 GByte (used actually 50%).
>>>
>>> with best regards, Andre
>>>
>>>
>>> Am 20.03.13 07:40, schrieb Herbert Appel:
>>>> Hello together,
>>>>
>>>> we use the latest version of EFW 2.51 in school.
>>>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>>>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>>>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>>>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>>>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>>>
>>>> Can somebody confirm that this is normal?
>>>> Or, what can we do to lever the thruput?
>>>>
>>>> I would be grateful for any hint.
>>>> Thanks in advance
>>>>
>>>> Herbert
>>>> ------------------------------------------------------------------------------
>>>> Everyone hates slow websites. So do we.
>>>> Make your web apps faster with AppDynamics
>>>> Download AppDynamics Lite for free today:
>>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>>> _______________________________________________
>>>> Efw-user mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>> _______________________________________________
>>> Efw-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
> --
>
> Andre Mueller
> Leuengasse 26 / CH-4057 Basel / Switzerland
> Tel <a href="tel:%2B41-44-350%2076%2011" value="+41443507611">+41-44-350 76 11 / Fax <a href="tel:%2B41-44-350%2076%2012" value="+41443507612">+41-44-350 76 12
> mailto:[hidden email]
> http://www.himmel-blau.com
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user



--
Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([hidden email]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Josh Carter

This is good info here, but something to watch out for:

 

SKIPMIME image/* video/* audio/*

 

The above line will PREVENT all images, videos and audio from being scanned for viruses. There are obvious security implications with that, and you should evaluate your security requirements before applying that setting.

 

 

From: Farzan Qureshi [mailto:[hidden email]]
Sent: Thursday, 21 March 2013 11:21 AM
To: [hidden email]
Subject: Re: [Efw-user] Bandwidth and Thruput

 

Hi Herbert,

I was having similar issues with endian firewall at our end. I have done some modifications to the TCP/IP stack manually and some optimization to dansguardian. It is working very well.

You can try following settings and hopefully this will fix your issues because it did for us. Remember to first reboot your endian firewall and once it is up access it through console and make changes to TCP/IP stack. But let me tell you I still haven't got enough time to figure out to make these changes of TCP/IP permanent. Because it reverts to default settings on reboot. But for dansguardian those settings are permanent.

I noticed that TTL for established connection is too big by default that is 119:00 something...which is like a connection may live upto 5 days and hence choke available ports. (you can check this on status and go to connections)

Following are the instructions for you:


TCP/IP Stack Modifications



Edit:

    nano /proc/sys/net/ipv4/tcp_max_orphans


Change figure to

    8192




Run following three commands one by one:

    echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
    echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
    echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl



Edit:

    nano /proc/sys/net/ipv4/tcp_keepalive_probes


Change value to

    5




Edit:

    nano /etc/sysctl.conf



And change following values to reflect values shown below or add these values if they are not present:

    net.ipv4.tcp_keepalive_intvl = 30
    net.ipv4.tcp_keepalive_probes = 5
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_max_orphan = 8192
    net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=1200 

Save changes.




Run following commands one by one:

    echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
    echo 131072 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
    



==========================================
DANSGUARDIAN AND ANTIVIRUS OPTIMIZATION
==========================================

Edit file

    nano /usr/lib/efw/dansguardian/default/settings



And enter/change following parameters:

    MAXCHILDREN=500
    MINCHILDREN=128
    MINSPARECHILDREN=32
    PREFORKCHILDREN=16
    MAXSPARECHILDREN=256
    MAXAGECHILDREN=10000



Edit following file:

    nano /etc/havp/havp.conf.tmpl



Add following parameters:

    MAXSERVERS 150
    SERVERNUMBER 50



Also add following parameters after following line:

STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS gnome-vfs xine

Add following parameters after above line in file:

    RANGE true
    SKIPMIME image/* video/* audio/*


Hope this helps.

Kind regards,

Farzan


On 20 March 2013 21:45, Herbert Appel <[hidden email]> wrote:

Hi,

thanks for your hints - I´ll check.

Herbert

Am 20.03.2013 um 09:38 schrieb Andre Mueller:


>
> Hello Herbert
>
> If possible I would first try, only for testing purposes, to switch off
> the proxy functionality. Futher I would try to make "measurements" by
> placing a computer in the Red subnet and by transferring large data
> to/from by simple protocol to an other computer in the green subnet.
> Also verifying if the green-interface is really working at 100Mbits and
> not at 10Mbits. Wow is the CPU load? And is /var/log eventually full?
>
> best regards, Andre
>
>
> Am 20.03.13 09:20, schrieb Herbert Appel:
>> Hello Andre,
>>
>> hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?
>>
>> Herbert
>> Am 20.03.2013 um 09:10 schrieb Andre Mueller:
>>
>>>
>>> Hello Herbert
>>>
>>> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
>>> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
>>> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
>>> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
>>> Content-Filter) we have full speed on the Green-interface in
>>> uploading/downloading towards/from Red-interface and GBit/s speed
>>> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
>>> we have assigned 1 GByte (used actually 50%).
>>>
>>> with best regards, Andre
>>>
>>>
>>> Am 20.03.13 07:40, schrieb Herbert Appel:
>>>> Hello together,
>>>>
>>>> we use the latest version of EFW 2.51 in school.
>>>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>>>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>>>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>>>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>>>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>>>
>>>> Can somebody confirm that this is normal?
>>>> Or, what can we do to lever the thruput?
>>>>
>>>> I would be grateful for any hint.
>>>> Thanks in advance
>>>>
>>>> Herbert
>>>> ------------------------------------------------------------------------------
>>>> Everyone hates slow websites. So do we.
>>>> Make your web apps faster with AppDynamics
>>>> Download AppDynamics Lite for free today:
>>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>>> _______________________________________________
>>>> Efw-user mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>> _______________________________________________
>>> Efw-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
> --
>
> Andre Mueller
> Leuengasse 26 / CH-4057 Basel / Switzerland
> Tel <a href="tel:%2B41-44-350%2076%2011">+41-44-350 76 11 / Fax <a href="tel:%2B41-44-350%2076%2012"> +41-44-350 76 12
> mailto:[hidden email]
> http://www.himmel-blau.com
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user




--
Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([hidden email]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.

==== Charter Hall ========================
This e-mail message and any accompanying attachments may contain information that is confidential and subject to legal privilege.  If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments.  If you have received this message in error, please advise Charter Hall by return e-mail or telephone (02) 8908 4000.  Any views expressed in this message are those of the individual sender, except where the sender expressly and with authority states them to be the views of Charter Hall.  Charter Hall cannot guarantee that this e-mail or any attachments are free of viruses or other conditions which may damage or interfere with data, hardware or software with which it might be used.
======================================


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth and Thruput

Farzan Qureshi-2
I agree with you Josh.

On 21 March 2013 13:58, Josh Carter <[hidden email]> wrote:

This is good info here, but something to watch out for:

 

SKIPMIME image/* video/* audio/*

 

The above line will PREVENT all images, videos and audio from being scanned for viruses. There are obvious security implications with that, and you should evaluate your security requirements before applying that setting.

 

 

From: Farzan Qureshi [mailto:[hidden email]]
Sent: Thursday, 21 March 2013 11:21 AM


To: [hidden email]
Subject: Re: [Efw-user] Bandwidth and Thruput

 

Hi Herbert,



I was having similar issues with endian firewall at our end. I have done some modifications to the TCP/IP stack manually and some optimization to dansguardian. It is working very well.

You can try following settings and hopefully this will fix your issues because it did for us. Remember to first reboot your endian firewall and once it is up access it through console and make changes to TCP/IP stack. But let me tell you I still haven't got enough time to figure out to make these changes of TCP/IP permanent. Because it reverts to default settings on reboot. But for dansguardian those settings are permanent.

I noticed that TTL for established connection is too big by default that is 119:00 something...which is like a connection may live upto 5 days and hence choke available ports. (you can check this on status and go to connections)

Following are the instructions for you:


TCP/IP Stack Modifications



Edit:

    nano /proc/sys/net/ipv4/tcp_max_orphans


Change figure to

    8192




Run following three commands one by one:

    echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
    echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
    echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl



Edit:

    nano /proc/sys/net/ipv4/tcp_keepalive_probes


Change value to

    5




Edit:

    nano /etc/sysctl.conf



And change following values to reflect values shown below or add these values if they are not present:

    net.ipv4.tcp_keepalive_intvl = 30
    net.ipv4.tcp_keepalive_probes = 5
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_max_orphan = 8192
    net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=1200 

Save changes.




Run following commands one by one:

    echo 1200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
    echo 131072 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
    



==========================================
DANSGUARDIAN AND ANTIVIRUS OPTIMIZATION
==========================================

Edit file

    nano /usr/lib/efw/dansguardian/default/settings



And enter/change following parameters:

    MAXCHILDREN=500
    MINCHILDREN=128
    MINSPARECHILDREN=32
    PREFORKCHILDREN=16
    MAXSPARECHILDREN=256
    MAXAGECHILDREN=10000



Edit following file:

    nano /etc/havp/havp.conf.tmpl



Add following parameters:

    MAXSERVERS 150
    SERVERNUMBER 50



Also add following parameters after following line:

STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS gnome-vfs xine

Add following parameters after above line in file:

    RANGE true
    SKIPMIME image/* video/* audio/*


Hope this helps.

Kind regards,

Farzan


On 20 March 2013 21:45, Herbert Appel <[hidden email]> wrote:

Hi,

thanks for your hints - I´ll check.

Herbert

Am 20.03.2013 um 09:38 schrieb Andre Mueller:


>
> Hello Herbert
>
> If possible I would first try, only for testing purposes, to switch off
> the proxy functionality. Futher I would try to make "measurements" by
> placing a computer in the Red subnet and by transferring large data
> to/from by simple protocol to an other computer in the green subnet.
> Also verifying if the green-interface is really working at 100Mbits and
> not at 10Mbits. Wow is the CPU load? And is /var/log eventually full?
>
> best regards, Andre
>
>
> Am 20.03.13 09:20, schrieb Herbert Appel:
>> Hello Andre,
>>
>> hmm - but what could be the reason for that decrease from 50MBit/s --> 7MBit/s?
>>
>> Herbert
>> Am 20.03.2013 um 09:10 schrieb Andre Mueller:
>>
>>>
>>> Hello Herbert
>>>
>>> We have FTTH with 50/10Mbits/s (waiting for 100/100) and are running EFW
>>> 2.5.1 Community Version as VM on VMware ESXi 4.1 on an single CPU board
>>> with Quad Core Xeon L5630 2.13 GHz together with two other Web-Servers
>>> VM's. Although we do not use any Proxy-functions (CLAVAV, AMAVIS,
>>> Content-Filter) we have full speed on the Green-interface in
>>> uploading/downloading towards/from Red-interface and GBit/s speed
>>> from/toward DMZ Orange-interface. CPU load does never exceed 5% and RAM
>>> we have assigned 1 GByte (used actually 50%).
>>>
>>> with best regards, Andre
>>>
>>>
>>> Am 20.03.13 07:40, schrieb Herbert Appel:
>>>> Hello together,
>>>>
>>>> we use the latest version of EFW 2.51 in school.
>>>> Since about one week we are connected to FTTH (FOS 100 as CPE) with 50MBit/s.
>>>> On the red IF there are truely 50MBit/s, but on the green IF there are only 7MBit/s.
>>>> Of course the services decelerate the thruput but I didn´t excpect this decrease.
>>>> We are running CLAVAV, AMAVIS, NTP, DHCP, Content-Filter.
>>>> What bothers me is that,when we were connected to DSL with 368kBit/s, we had full speed on the green side (47kB/s).
>>>>
>>>> Can somebody confirm that this is normal?
>>>> Or, what can we do to lever the thruput?
>>>>
>>>> I would be grateful for any hint.
>>>> Thanks in advance
>>>>
>>>> Herbert
>>>> ------------------------------------------------------------------------------
>>>> Everyone hates slow websites. So do we.
>>>> Make your web apps faster with AppDynamics
>>>> Download AppDynamics Lite for free today:
>>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>>> _______________________________________________
>>>> Efw-user mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_d2d_mar
>>> _______________________________________________
>>> Efw-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Efw-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>
>
> --
>
> Andre Mueller
> Leuengasse 26 / CH-4057 Basel / Switzerland
> Tel <a href="tel:%2B41-44-350%2076%2011" target="_blank">+41-44-350 76 11 / Fax <a href="tel:%2B41-44-350%2076%2012" target="_blank"> +41-44-350 76 12
> mailto:[hidden email]
> http://www.himmel-blau.com
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Efw-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user




--
Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([hidden email]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.

==== Charter Hall ========================
This e-mail message and any accompanying attachments may contain information that is confidential and subject to legal privilege.  If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments.  If you have received this message in error, please advise Charter Hall by return e-mail or telephone (02) 8908 4000.  Any views expressed in this message are those of the individual sender, except where the sender expressly and with authority states them to be the views of Charter Hall.  Charter Hall cannot guarantee that this e-mail or any attachments are free of viruses or other conditions which may damage or interfere with data, hardware or software with which it might be used.
======================================


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user




--
Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([hidden email]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user