Page 1 of 1

iptables and performance

Posted: Tue Jul 26, 2016 11:07 am
by magifix
Hello,

I'm using a raspberry pi 2 B since about 2 years as a Firewall with iptables (and the latest xtables-addons) . Everything fine since few weeks when my Provider decided to increase my Internet Speed from 40 mbits/s to 100 mbits/s.

Now when I'm doing a Speed test against Internet, I just never reach the expected 100 mbits/s, it just stays around 40 mbits/s in the best cases.

Doing a test before my Firewall I reach about 90 mbits/s. I also did some testing with iperf and got the result:

[email protected]:~# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 192.168.1.254 port 5001 connected with 192.168.1.58 port 50928
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.1 sec 112 MBytes 93.3 Mbits/sec
[ 5] local 192.168.1.254 port 5001 connected with 192.168.1.58 port 50942
[ 5] 0.0-10.1 sec 112 MBytes 93.1 Mbits/sec
^[email protected]:~# vi iptables.sh
[email protected]:~# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 192.168.0.254 port 5001 connected with 192.168.1.58 port 50993
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.2 sec 114 MBytes 93.7 Mbits/sec
[ 5] local 192.168.0.254 port 5001 connected with 192.168.1.58 port 51005
[ 5] 0.0-10.1 sec 113 MBytes 93.8 Mbits/sec

192.168.1.254 is the Standard eth0 while I have a Gbit USB/ETH1 on 192.168.0.254, wich is connected on modem of the provider.

Even when I suppress all rules in my iptables, I have no performance increase. I have no other application running on this host and the CPU usage is keeping very low.

I just can't figure out what does keep the Network so slow?

Any experience on it? Is that an internal limitation or may a setup increase the speed?

Re: iptables and performance

Posted: Tue Jul 26, 2016 2:58 pm
by MarkHaysHarris777
The weak link on the Raspberry PI is the on-board usb hub.

... everything passes through there, and I mean everything; including the ethernet port.

Its not a 'firewall' issue per se... its a through-put latency issue inherent in the PI hardware.

marcus

Re: iptables and performance

Posted: Wed Jul 27, 2016 3:23 pm
by magifix
Thanks for replying. I have found this note on network performance:

http://www.jeffgeerling.com/blogs/jeff- ... networking

I don't really understand the difference between download and iperf benchmark. Is the situation with the firewall similar to the download? In this case it would really explain the poor performance.

Is there anything else I could mesure, just to be sure?